A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio.

Overview

asyncio-socks-server

Latest version Build Image Tests Build

A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio.

Features

  • Supports both TCP and UDP with the implementation of SOCKS5 protocol
  • Supports username/password authentication
  • Provides optional strict mode that follows RFC1928 and RFC1929 without compromise
  • Driven by the python standard library, no third-party dependencies

Installation

Install with pip if Python version 3.8.0 or higher is available.

pip install asyncio-socks-server

Or pull a docker image from the Docker Hub registry.

docker pull amaindex/asyncio-socks-server

Usage

When installed with pip, you can invoke asyncio-socks-server from the command-line:

asyncio_socks_server [-h] [-v] 
                     [-H HOST] [-P PORT] [-A METHOD] 
                     [--access-log] [--debug] [--strict] 
                     [--env-prefix ENV_PREFIX]
                     [--config PATH]

where:

  • asyncio_socks_server: You could use python -m asyncio_socks_server in development.
  • -h, --help: Show a help message and exit.
  • -v, --version: Show program's version number and exit.
  • -H HOST, --host HOST: Host address to listen (default 0.0.0.0).
  • -P PORT, --port PORT: Port to listen (default 1080).
  • -A METHOD, --auth METHOD: Authentication method (default 0). Possible values: 0 (no auth), 2 (username/password auth)
  • --access-log: Display access log.
  • --debug: Work in debug mode.
  • --strict: Work in strict compliance with RFC1928 and RFC1929.

If the value of METHOD is 2, that is, when the username/password authentication is specified, you need to provide a config file containing the usernames and passwords in json format with the --config option. You can also list other options in the config file instead of the command:

config.json:

{
  "LISTEN_HOST": "0.0.0.0",
  "LISTEN_PORT": 1080,
  "AUTH_METHOD": 2,
  "ACCESS_LOG": true,
  "DEBUG": true,
  "STRICT": true,
  "USERS": {
    "username1": "password1",
    "username2": "password2",
    "username3": "password3"
  }
}
asyncio_socks_server --config ${ENV}/config.json

In addition, any environment variable named starting with AIOSS_ will also be applied to the option. The prefix can be changed by specifying the --env-prefix option,for example:

export MY_LISTEN_HOST=127.0.0.1
export MY_LISTEN_PORT=9999
asyncio_socks_server --env-prefix MY_

NOTE: The loading order of the options is: config file, environment variables, command options. The latter will overwrite the former if options are given in multiple ways.

Alternatively, if you use the docker image, you can launch the asyncio-socks-server with the following command:

docker run amaindex/asyncio-socks-server [-h] [-v] 
                                         [-H HOST] [-P PORT] [-A METHOD] 
                                         [--access-log] [--debug] [--strict] 
                                         [--env-prefix ENV_PREFIX]
                                         [--config PATH]

The network mode host is recommended since asyncio-socks-server uses multiple ports dynamically. If you also want to provide a config file, it should be mounted manually.

docker run \
    --rm \
    --net=host \
    -v /host/path/config.json:/config.json \ 
    amaindex/asyncio-socks-server \
    --config /config.json

Strict Mode

For various reasons, asyncio-socks-server has made some compromises on the Implementation details of the protocols. Therefore, in the following scenes, asyncio-socks-server’s behavior will be divergent from that described in RFC1928 and RFC1929.

asyncio-socks-server relays all UDP datagrams by default

In the SOCKS5 negotiation, a UDP ASSOCIATE request formed as follows is used to establish an association within the UDP relay process to handle UDP datagrams:

+----+-----+-------+------+----------+----------+
|VER | CMD |  RSV  | ATYP | DST.ADDR | DST.PORT |
+----+-----+-------+------+----------+----------+
| 1  |  1  | X'00' |  1   | Variable |    2     |
+----+-----+-------+------+----------+----------+

Normally, the DST.ADDR and DST.PORT fields contain the address and port that the client expects to use to send UDP datagrams on for the association, or use a port number and address of all zeros if the client does not possess this information. Therefore, when the client is working in a network that uses NAT, the DST.ADDR with all zeros should be used to avoid errors. But in case some clients did not follow this principle correctly, asyncio-socks-server relays all UDP datagrams it receives by default instead of using DST.ADDR and DST.PORT to limit the access.

asyncio-socks-server allows "V5" username/password authentication

Once the client selects the username/password authentication during negotiation, it will conduct a sub-negotiation with the server. This sub-negotiation begins with the client producing a request:

+----+------+----------+------+----------+
|VER | ULEN |  UNAME   | PLEN |  PASSWD  |
+----+------+----------+------+----------+
| 1  |  1   | 1 to 255 |  1   | 1 to 255 |
+----+------+----------+------+----------+

The VER field contains the current version of the sub-negotiation, which is X'01' but often considered as X'05' since it's a bit counter-intuitive. So asyncio-socks-server allows requests with VER X'05' in non-strict mode.

--strict option

To disable the compromise described above, you can specify the --strict option:

asyncio_socks_server --strict

Reference

You might also like...
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with features including kicking and baning of users.

Test - Python project for Collection Server and API Server

QProjectPython Collection Server 와 API Server 를 위한 Python 프로젝트 입니다. [FastAPI참고]

syncio: asyncio, without await

syncio: asyncio, without await asyncio can look very intimidating to newcomers, because of the async/await syntax. Even experienced programmers can ge

Lightweight asyncio compatible utilities for consuming broker messages.

A simple asyncio compatible consumer for handling amqp messages.

Compare the contents of your hosted and proxy repositories for coordinate collisions

Nexus Repository Manager dependency/namespace confusion checker This repository contains a script to check if you have artifacts containing the same n

a safe proxy over tls

TlsProxys 基于TLS协议的http流量代理 安装 ※ 需要python3.7+ linux: python3.9 -m pip install TlsProxys windows: pip install TlsProxys 基本用法 服务器端: $ tpserver [command]

sshuttle: where transparent proxy meets VPN meets ssh

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Fast and configurable script to get and check free HTTP, SOCKS4 and SOCKS5 proxy lists from different sources and save them to files

Fast and configurable script to get and check free HTTP, SOCKS4 and SOCKS5 proxy lists from different sources and save them to files. It can also get geolocation for each proxy and check if proxies are anonymous.

Comments
  • Upgrade CodeSee workflow to version 2

    Upgrade CodeSee workflow to version 2

    CodeSee is a code visibility platform.

    This change updates the CodeSee workflow file to the latest version for security, maintenance, and support improvements (see changelog below).

    That workflow file:

    • runs CodeSee's code analysis on every PR push and merge
    • uploads that analysis to CodeSee.
    • It does not transmit your code.

    The code analysis is used to generate maps and insights about this codebase.

    CodeSee workflow changelog:

    • Improved security: Updates permission to be read-only.
    • Improved future maintenance: Replaces the body of the workflow with a single github action: codesee-action. This makes it significantly easier for CodeSee to introduce future improvements and fixes without requiring another PR like this.
    • Improved Python support: The action now properly supports Python 3.11, and will continue to support new Python versions as they are released.
    opened by codesee-maps[bot] 1
  • Windows support

    Windows support

    Running on Windows 10 I get the following error:

    >asyncio_socks_server
    Traceback (most recent call last):
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
        return _run_code(code, main_globals, None,
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code
        exec(code, run_globals)
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\Scripts\asyncio_socks_server.exe\__main__.py", line 7, in <module>
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\lib\site-packages\asyncio_socks_server\__main__.py", line 128, in main
        app.run()
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\lib\site-packages\asyncio_socks_server\app.py", line 53, in run
        self.loop.add_signal_handler(
      File "C:\Users\a\AppData\Local\Programs\Python\Python310\lib\asyncio\events.py", line 553, in add_signal_handler
        raise NotImplementedError
    NotImplementedError
    

    Apparently add_signal_handler is a unix-only method.

    I was able to run the app by simply commenting out these lines from app.py: https://github.com/Amaindex/asyncio-socks-server/blob/ac070868a4f5cdc43961dc4b068f99d4d306dcf3/asyncio_socks_server/app.py#L52-L55

    enhancement 
    opened by 5j9 1
  • [FEATURE]: Please help, how to proxy all traffic to another socks5, So i can use it as middle proxy

    [FEATURE]: Please help, how to proxy all traffic to another socks5, So i can use it as middle proxy

    Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

    • Server1: Run Asyncio-socks-server, listen 2080

    • Server2: Run Asyncio-socks-server, listen 1080, transfer all traffic to Server1:2080

    • my Desktop: Connect to Server2:1080

    Describe the solution you'd like A clear and concise description of what you want to happen.

    Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

    Additional context Add any other context or screenshots about the feature request here.

    enhancement 
    opened by johnson7788 1
  • [FEATURE] Bind to interface

    [FEATURE] Bind to interface

    Hello, nice module. Something myself and presumably others would benefit from is being able to bind to specific interface, using

    sock.setsockopt(
                    socket.SOL_SOCKET,
                    socket.SO_BINDTODEVICE,
                   {interface}),
                )
    

    I took a look at protocol.py and didn't immediately see a way to implement this. Any guidance?

    enhancement 
    opened by slldev 1
Releases(v0.3.0)
Owner
Amaindex
Amaindex
A simple python script that parses the MSFT Teams log file for the users current Teams status and then outputs the status color to a MQTT connected light.

Description A simple python script that parses the MSFT Teams log file for the users current Teams status and then outputs the status color to a MQTT

Lorentz Factr 8 Dec 16, 2022
Data Exfiltration without ever making a connection. Using TCP header space.

TCPwned PoC toy code to exfiltrate data without ever making a TCP connection. This will never show up in firewall logs, much less, actually be monitor

2 Nov 21, 2022
🐛 Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol.

HBot Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol. Modern script fullly written in python3. Warning. This

Ѵιcнч 137 Nov 14, 2022
Uses machine learning to scan the similarity of two texts

PlagiarismChecker Uses machine learning to scan the similarity of two documents. End Points: http://localhost:3000/register (create a/c) http://localh

Elvis Chege 2 Aug 10, 2022
WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

Rivane Rasetiansyah 3 Apr 01, 2022
AdaFruit Funhouse publishing Temperature, Humidity and Pressure to MQTT / Apache Pulsar

pulsar-adafruit-funhouse AdaFruit Funhouse publishing Temperature, Humidity and Pressure to MQTT / Apache Pulsar Device Get your own from adafruit Ada

Timothy Spann 1 Dec 30, 2021
Connection package to a raspberry or any other machine using ssh, it simplifies the deployment scripts and monitoring.

Connection package to a raspberry or any other machine using ssh, it simplifies the deployment scripts and monitoring.

Dashstrom 7 Mar 29, 2022
Python code that get the name and ip address of a computer/laptop

IP Address This is a python code that provides the name and the internet protocol address of the computer. You need to install socket pip install sock

CODE 2 Feb 21, 2022
wireguard-config-benchmark is a python script that benchmarks the download speeds for the connections defined in one or more wireguard config files

wireguard-config-benchmark is a python script that benchmarks the download speeds for the connections defined in one or more wireguard config files. If multiple configs are benchmarked it will output

Sal 12 May 07, 2022
A script for generating WireGuard configs from Surfshark VPN

Surfshark WireGuard A script for generating WireGuard configs from Surfshark VPN. You must have python3 available on your machine. Usage Currently we

Alireza Ahmand 58 Dec 23, 2022
A benchmark for stateful fuzzing of network protocols

A benchmark for stateful fuzzing of network protocols

3 Apr 25, 2022
This is a simple python code to get the list of banned IP addresses from Fail2ban

Fail2ban Scripts Usage banned_list.py This script tries to get the banned list of IP addresses by Fail2ban for the service freeswitch. You can modify

Yehor Smoliakov 9 Dec 28, 2022
This Python script can be used to bypass IP source restrictions using HTTP headers.

ipsourcebypass This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON expo

Podalirius 322 Dec 28, 2022
List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

Anders Pitman 7.3k Jan 03, 2023
Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding

Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding Tor ağı ile Dark Web servislerini kullanarak anonim biçimde p

249 Dec 29, 2022
Python module to interface with Tuya WiFi smart devices

TinyTuya Python module to interface with Tuya WiFi smart devices Description This python module controls and monitors Tuya compatible WiFi Smart Devic

Jason Cox 365 Dec 26, 2022
API Server for VoIP analysis (CDR + Audio CODECs)

Swagger generated server Overview This server was generated by the swagger-codegen project. By using the OpenAPI-Spec from a remote server, you can ea

Noor Muhammad Malik 1 Jan 11, 2022
This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file

IP-ARP-Vendor_lookup This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file Why? Answers the questi

Stew Alexander 1 Dec 24, 2022
A Python package for handling free proxies from sslproxies.org

SSLProxies Get free working proxy from https://www.sslproxies.org/ and use it in your script This is a port/rewrite of free-proxy with additional feat

Nate Harris 2 Mar 17, 2022
Lets you remove all friends, leave GCs, and leave servers, in an instant!

anonymity Lets you remove all friends, leave GCs, and leave servers, in an instant! You can also do each of them by themselves. First, you need to get

1 Dec 07, 2021