Set up your socks5 proxy server. Remote access via proxy. Getting a proxy from the SOCKS Admin control panel

Anonymity on the Internet is not a new topic. And you probably installed a program like A4Proxy, SocksChain on your computer
and the like. Personally, I don’t like it when you need some kind of separate program to work with proxies. Firstly
it’s ugly when there are a lot of windows on the taskbar or tray icons, secondly, these programs require cracks, and they
I’m too lazy to look :) That’s why I wrote classes to support SOCKS5 servers, which I can now use
in some of your programs. And now I want to tell everyone how to do it.

Which servers and which protocols we can access through a proxy depends on
the type of this proxy, i.e. the protocol by which we access it. There are several types of proxies:
HTTP proxies, SOCKS4, SOCKS5, SSL CONNECT, etc. HTTP proxies are the most common, they are the easiest to find on the Internet, but they only work with HTTP, moreover
they can insert the client’s address into the request headers, that is, be
not anonymous. The SOCKS protocol is most notable in that it encapsulates not application protocols, but
transport layer, i.e. TCP/IP and UDP/IP. Since only these protocols are used to work on the Internet,
through SOCKS you can work with any servers, including the same SOCKS and,
thus, organize chains of SOCKS servers. For the same reason, ALL SOCKS servers are anonymous - impossible
at the TCP/IP and UDP/IP level, transmit additional information without disrupting the work of the higher one
protocol.

We will focus on the SOCKS5 protocol. Its description is in
. For SOCKS5 the standard port is 1080, but, however, this
No one pays much attention to the standard. Each SOCKS connection goes through an authentication stage, if required, then the client
sends a command. The command can be one of three:
CONNECT - outgoing TCP connection to the specified address. We will look at using this command
in more detail, since it is needed most often. BIND - open a port (the server selects a port and sends the address and port to the client) and accept a TCP connection.
The server may need to know who will be connecting. In this case, you need to pass on this information. UDP ASSOCIATE - open a UDP port (the server selects the port). Data intended for the end
host and data from it also travels via UDP. Data in SOCKS5 is transmitted in binary form, and not in text form, as in HTTP, SMTP, POP3, etc.

Protocol Description

Having connected to the server, the client sends a packet indicating the protocol version and supported
authentication methods. This package has the following format:

BYTE Version;
BYTE nMethods;
BYTE methods

The version must be 5. Each methods element defines not only the authentication method, but also the method of data encryption,
if it is used. The server chooses one of these methods. You can specify any number of methods, but if the server does not require authentication, then no methods
other than 0x00 (use neither authentication nor encryption) will not be required. In response, the server sends a packet with the following content:

BYTE Version
BYTE method

where method is the method chosen by the server or 0xFF (none of the proposed methods are supported). If the method is 0x00, then you can immediately send the command.

The command packet has the following format:

BYTE Version; // 5
BYTE Cmd ; // 1 — CONNECT
BYTE Reserved; // 0

BYTE addr;
WORD port; // Bytes in network order, i.e. htons(Port);

If a domain name is used, the length byte comes first, and then the string without the terminating null.

The server sends a response:

BYTE Version; // 5
BYTE Rep ; // 0 — Ok
BYTE Reserved; // 0
BYTE AType; // 1 - IPv4; 3 - domain name; 4 - IPv6
BYTE addr;
WORD port;

Here address and port are the address and port visible to the host. As a rule, the IP address is returned, not the domain
Name. This address may differ from the one at which we access the server, especially if the server
used for its intended purpose, i.e. to exit from the local area to the Internet. If Rep is not zero, i.e. an error, then close the connection, in
otherwise we work with the host. We don't use encryption, so we simply send and receive data as with a normal connection. If one of the parties closes the connection to the socks server, it will immediately close the connection to the other
side. One socks connection encapsulates one TCP connection or attempt to establish one,
so if you use socks for anonymous port scanning, then this
the procedure may take half a day.

Coding

Since socks encapsulates TCP, it makes sense to make the socks connection class derive from
socket class, but MFC's CSocket is not suitable, because he has all the methods
not virtual. Let's write our own socket class and call it, say, CTSocket

#include

class CTSocket
{
public:





virtual void Close();
virtual unsigned long GetHost(); // Find out your address. This may also be needed.

private:
SOCKET sock;
};

Everyone can write the implementation of this class themselves (who doesn’t know how, RTFM MSDN), so I won’t write it
consider. Now let's write a socks connection class. It will support only the most necessary set
functions: only the CONNECT command is supported, authentication and SOCKS server are not supported
is specified only by IP address, not by domain name. More cannot fit in one article.

Class CSocksSocket: public CTSocket
{
public:
virtual BOOL CreateSocket();
virtual BOOL Connect(unsigned long ip, unsigned short port);
virtual BOOL Connect(LPCSTR name, unsigned short port);
virtual int Send(const char* str, int len);
virtual int Recv(char* buf, int max);
virtual BOOL Close();
virtual unsigned long GetHost();

CTSocket* pSocket;
unsigned long socks_ip;
unsigned short socks_port;

private:
char buffer; // This size is definitely enough
unsigned long l_ip; // Address returned by the function
GetHost()
};

// Implementation
BOOL CSocksSocket::CreateSocket()
{
if (!pSocket->CreateSocket()) return FALSE;
if (!pSocket->Connect(socks_ip, socks_port)) return FALSE;
buffer = 5; //Ver
buffer = 1; // 1 method
buffer = 0; // no authentication
pSocket->Send(buffer, 3);
int n = pSocket->Recv(buffer, 2);
if (n != 2) return FALSE;
method 0 not supported
return TRUE;
}

BOOL CSocksSocket::Connect(unsigned long ip, unsigned short port)
{
buffer = 5; //Ver
buffer = 1; // CONNECT
buffer = 0; //Reserved
buffer = 1; //IPv4
*((unsigned long*)(buffer + 4)) = ip;
*((unsigned short*)(buffer + 8)) = port;
pSocket->Send(buffer, 10);
int n = pSocket->Recv(buffer, 10);
if (n != 10) return FALSE;
if (buffer != 0) return FALSE; // Can't connect

return TRUE;
}

BOOL CSocksSocket::Connect(LPCSTR name, unsigned short port)
{
buffer = 5;
buffer = 1;
buffer = 0;
buffer = 3; // Domain name
int m = strlen(name);
buffer = m; // Length byte
memcpy(buffer+5, name, m); //Copying a string without a terminating null
*((unsigned short*)(buffer + 5 + m)) = port;
pSocket->Send(buffer, m + 7);
int n = pSocket->Recv(buffer, 10);
if (n != 10) return FALSE;
if (buffer != 0) return FALSE;
if (buffer != 1) return FALSE; //We will demand that they tell us the IP, and not something else.
l_ip = *((unsigned long*)(buffer + 4));
return TRUE;
}

int CSocksSocket::Send(const char* str, int len)
{
return pSocket->Send(str, len);
}

int CSocksSocket::Recv(char* buf, int max)
{
return pScoket->Recv(buf, max);
}

void CSocksSocket::Close()
{
pSocket->Close();
}

unsigned long CSocksSocket::GetHost()
{
return l_ip;
}

//Well, now the test program
void main()
{
WSADATA wsadata;
CTSocket tsock;
CSocksSocket ssock(&tsock);

WSAStartup(MAKEWORD(2,2), &wsadata);

ssock.socks_ip = inet_addr("10.10.10.10"); // Enter the desired address here
ssock.socks_port = 1080; //Enter the port here

if (!ssock.CreateSocket()) return; // Can't connect to socks
// or authentication required
if (!ssock.Connect("www.mail.ru", htons(80))) return; // www.mail.ru
// is inaccessible
LPSTR q = "HEAD / HTTP/1.1\xD\xAHost: www.mail.ru:80\xD\xAUser-Agent: xakep\xD\xA\xD\xA";
ssock.Send(q, strlen(q));

char buf;
int n = ssock.Recv(buf, 1000);
buf[n] = 0;
printf("%s", buf);

Today, there are several main technologies whose purpose is to hide the IP address. In this article you will have the opportunity to familiarize yourself with one of them, namely VPN.

First of all, to complete this process, you need to know not only your personal IP address, but also the server DNS address. In principle, there are no difficulties in obtaining this information; it is enough, for example, to visit the website www.whoer.net.

Even if you want to change your IP address data, it is not enough to use a VPN or Socks, since today there are a lot of technologies with which you can easily identify it. So, let's return to our topic and study the VPN method in more detail.

VPN (Virtual Private Network, virtual private network)

First of all, it is worth noting that an external VPN connection is practically no different from a regular connection to a particular local network. In this case, applications will not feel any difference in any way, and therefore will use it as an “entrance” to the Internet.

The main thing is that they will not need any settings. If one of them accesses a remote direct service, a special so-called GRE package will be created on the computer. It, in turn, will be sent in encrypted form to the VPN server.

The action of the VPN server is that when it receives the packet, it will decrypt it, disassemble it and perform the necessary action on its behalf. After receiving a response from a resource of the remote type, it will place it directly into the GRE package. After this, it will encrypt and send it to the client.

It must be remembered that to increase the degree of security, systematic encryption of the data that is transmitted is necessary. It is important that by using MPPE (Microsoft Point-to-Point Encryption) PPTP traffic can be encrypted.

It represents a Microsoft protocol. It is important that the first versions were not only impractical, but also systematically subject to hacking, but even today they are not famous for their particular effectiveness. The thing is that modern versions of Microsoft simply do not analyze any penalties.

OpenVPN is a free technological implementation of VPN, which is organized taking into account the generally accepted Internet protocol stack TCP/IP. Thus, you can be fully confident that the connection will be made with those providers that do not actually support the required PPTP.

In particular, OpenVPN operates if you do not have a personal IP address. This feature is distinctive, for example, from PPTP, which necessarily requires two network sessions at once.

To speed up work with some programs and parsers that I use, proxies are required; at first I rented them, but then I decided to install my SOKS5 proxy servers on existing servers with websites.

All servers are running Ubuntu Server 14.04, maybe 12.04 somewhere, but the description should also be suitable for all other Debian-based systems.

There are 2 ways known to me to organize the operation of a SOKS5 server:

1. SOCKS over SSH. This method is convenient in its simplicity but inconvenient if used frequently, or used from different machines;
2. Installing a SOCKS server. Using this method will take a little more time for the initial setup, but then using a proxy will be faster and more convenient.

SOCKS over SSH

In order to install SOCKS5 via SSH, you only need access to the SSH server.

Enter in the terminal or SSH client (PuTTY for Windows)

Ssh -D 1080 user@server

If it asks for a password, you need to enter the password from the SSH server.

-D- indicates the port on which the SOKS5 server will be accessible

That's it, after that you can connect to the SOKS5 server at localhost:1080 or 127.0.0.1:1080

This method is convenient because you do not need to install or configure anything additional. But before each connection or after the ssh connection is broken, for example due to Internet problems, you will have to re-enter this command.

Installing a SOCKS server

Installing an older version of Dante Server

sudo apt-get update sudo apt-get install dante-server

Sudo nano /etc/danted.conf

Bringing him to this form

Logoutput: syslog /var/log/danted.log internal: eth0 port = 1085 external: eth0 method: username user.privileged: root user.notprivileged: nobody client pass ( from: 0.0.0.0/0 to: 0.0.0.0/0 log: error ) pass ( from: 0.0.0.0/0 to: 0.0.0.0/0 command: connect log: error method: username )

While a standard HTTP proxy is great for web browsing, SOCKS proxy are targeted at other software such as email, instant messengers and even Internet telephony, adding another layer of security to them. David Koblas invented the SOCKS proxy while working on MIPS Computer Systems, the predecessor of Silicon Graphics. Koblas presented the architecture SOCKS in 1992 and the use of a new type of proxy spread very quickly.

Instructions for using SOKCS proxy

1. Access the list of SOCKS proxy servers. There are two search methods. The first is to search sites such as Public Proxy Servers for information about free proxy servers. Another option is to sign up for a private proxy service, such as Unique Internet Services, which provides access to thousands of private SOCKS proxies.

2. Download and install a free copy of Proxy Firewall. Go to proxyfirewall.org, at the bottom of the page click on the "Download" link. Select the "Run" command in the window that opens. When the installer completes, you will be prompted to restart your computer. Save all open files and restart your computer.

3. Open Proxy Firewall and add your proxies to the list. Go to the "Private Proxies" tab if you are a member of Unique Internet Services, then enter your username and password to automatically import thousands of proxies. If you are not a member of Unique Internet Services, you can use the application by clicking "Add Proxies" in the lower left corner and then manually entering the IP address and port number for each SOCKS proxy server.

4. Set the resolution for your programs. The first time you open each program after installing Proxy Firewall, the program will detect Proxy Firewall and ask you how to proceed. You can choose to access the Internet directly or choose to connect via SOCKS proxy. Proxy Firewall will remember the settings for each program on your computer, but you can change them at any time by clicking on the "Rules" tab in Proxy Firewall.

Socks can be extremely useful. Now we will tell you how to properly configure them on a MikroTik router. So let's talk about SOCKS?

Preface

SOCKS (SOCKet Secure) is a network protocol that can be used to ensure the passage of TCP packets bypassing Firewall blocking rules. This is implemented through a proxy server (also called a SOCKS server), which controls the connection of internal clients and their rights to access external resources or, conversely, external clients, to resources within the network. SOCKS operates at the session level, so it can be used to proxy FTP, HTTP, Telnet and other high-level protocols. While an HTTP proxy, as a rule, only allows you to proxy GET and POST requests.

Establishing a connection

When a client wants to access an external resource that is blocked by the Firewall, the connection occurs as follows:

1. The client connects to the proxy server (usually TCP port 1080 is used);
2. The server checks the access list and determines whether the client has rights to access external resources;
3. If the client has such rights, then the proxy server forwards the packet to the external resource that the client wants to access;
4. The server creates a session between the client and the external resource and the exchange of top-level protocol packets begins between them. Once the connection is established, UDP packets can also be transmitted.

Currently, MikroTik supports SOCKS version 4, when specifying an external resource it only understands the IP address. SOCKS4a version – can resolve domain names of external resources. A later version of the protocol, SOCKS5, includes expanded support for authentication, UDP and IPv6 connections.

As of today, the SOCKS5 protocol is not yet supported on MikroTik devices. Although users have been asking developers to include SOCKS5 support in new RouterOS releases for 8 years now. Therefore, when working with SOCKS together with MikroTik, the client must also have version 4.

It is necessary to very carefully configure Firewall rules and the SOCKS access list to exclude unwanted access from the outside. As a rule, devices compromised through SOCKS vulnerabilities are used to send spam and phishing emails.

Let's move on to the settings of the SOCKS server on MikroTik:

Settings via WinBox

SOCKS server settings in WinBox are located in IP → Socks:

Once you check the box Enabled the server will become active. Next, you need to configure access lists; to do this, click on the button Access:

Active SOCKS sessions passing through the server can be tracked on the tab Connections

Settings via Terminal

In order to configure SOCKS via the terminal, you must also first configure the server settings. Configuration is carried out through the ip socks set command, the following parameters are available:

• enabled- includes SOCKS proxy server functionality ( yes- included, no- switched off);
• port- port number on which the server will listen for SOCKS requests. Default - 1080
• connection-idle-timeout- time after which inactive sessions will be reset (default – 2 minutes ( 2m));
• max-connections- maximum number of simultaneous connections (default - 200 )

You can view the current or configured parameters with the command:

• action- the action that will be taken if the criteria of this rule are met:
• allow- allow traffic to pass according to this rule;
• deny- prohibit the passage of traffic according to this rule.
• dst-address- destination server address;
• dst-port- TCP destination port on which the remote server listens for SOCKS
• src-address- packet source address (client);
• src-port- TCP source port

Practical use

Let's say an evil system administrator blocked our favorite site, found out the address and banned us.

But one of our employees must have access to this resource. Therefore, the system administrator opens, activates the SOCKS server and configures the access list.

The IP address of the employee’s computer to whom you need to grant access is indicated as the client address (in our case 192.168.11.48 ), as a source port – any TCP port from 1024 to 65535..

The same setup via terminal looks like this:

Ip socks> set enabled=yes ip socks access> add src-address=192.168.11.48 src-port=1024-65535 dst-address=212.193.249.136 dst-port=80 \ \... action=allow

Done, now it’s up to the client to be configured by an employee. Let's show the setting using a browser example Google Chrome. Opening Settings → Advanced → Confidentiality and Security, scroll to the very bottom to the point System and choose Proxy settings. In the window that appears, select LAN settings→ put a checkmark opposite Use a proxy server for your LAN and go to Advanced. In the window that appears, enter the parameters of our SOCKS server into the line Socks(in our case 192.168.11.1 and port 1080 ) and apply the settings:

Now we update the website page and woo-a-la, everything works! In the window Connections connections from our computer to the site’s IP address are visible.

Afterword

This article is for educational purposes only and is not intended to teach anyone how to bypass Firewall rules. The SOCKS 4 protocol is outdated, does not support authentication, and cannot resolve domain addresses. For security reasons, we do not recommend using this protocol at all, including setting it up on MikroTik.

By default, the SOCKS server on MikroTik routers is disabled. If you find that it is activated, then this may be a sign that your router has been compromised by attackers. We will talk about this in more detail in the following articles.

Was this article useful to you?

Please tell me why?

We are sorry that the article was not useful for you: (Please, if it is not difficult, indicate why? We will be very grateful for a detailed answer. Thank you for helping us become better!