From f2e9e9351b9d66f9d93e44e3a08a548310725911 Mon Sep 17 00:00:00 2001 From: Sarun Rattanasiri Date: Fri, 11 Apr 2025 23:20:07 +0700 Subject: [PATCH 1/2] add socks mode --- go.mod | 1 + go.sum | 2 ++ handler/socks.go | 17 +++++++++++++++++ main.go | 25 +++++++++++++++++++------ 4 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 handler/socks.go diff --git a/go.mod b/go.mod index 24f281a..0586d52 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ toolchain go1.24.2 require ( github.com/AdguardTeam/dnsproxy v0.75.2 github.com/Snawoot/go-http-digest-auth-client v1.1.3 + github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 github.com/hashicorp/go-multierror v1.1.1 golang.org/x/net v0.38.0 ) diff --git a/go.sum b/go.sum index 49d07b0..ec71cfe 100644 --- a/go.sum +++ b/go.sum @@ -8,6 +8,8 @@ github.com/ameshkov/dnscrypt/v2 v2.4.0 h1:if6ZG2cuQmcP2TwSY+D0+8+xbPfoatufGlOQTM github.com/ameshkov/dnscrypt/v2 v2.4.0/go.mod h1:WpEFV2uhebXb8Jhes/5/fSdpmhGV8TL22RDaeWwV6hI= github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo= github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= diff --git a/handler/socks.go b/handler/socks.go new file mode 100644 index 0000000..e19754d --- /dev/null +++ b/handler/socks.go @@ -0,0 +1,17 @@ +package handler + +import ( + "github.com/Snawoot/opera-proxy/dialer" + "github.com/armon/go-socks5" + "log" +) + +func NewSocksServer(dialer dialer.ContextDialer, logger *log.Logger) (*socks5.Server, error) { + return socks5.New(&socks5.Config{ + Rules: &socks5.PermitCommand{ + EnableConnect: true, + }, + Logger: logger, + Dial: dialer.DialContext, + }) +} diff --git a/main.go b/main.go index afbcfd9..ce67b40 100644 --- a/main.go +++ b/main.go @@ -85,6 +85,7 @@ type CLIArgs struct { listCountries bool listProxies bool bindAddress string + socksMode bool verbosity int timeout time.Duration showVersion bool @@ -125,7 +126,8 @@ func parse_args() *CLIArgs { flag.StringVar(&args.country, "country", "EU", "desired proxy location") flag.BoolVar(&args.listCountries, "list-countries", false, "list available countries and exit") flag.BoolVar(&args.listProxies, "list-proxies", false, "output proxy list and exit") - flag.StringVar(&args.bindAddress, "bind-address", "127.0.0.1:18080", "HTTP proxy listen address") + flag.StringVar(&args.bindAddress, "bind-address", "127.0.0.1:18080", "proxy listen address") + flag.BoolVar(&args.socksMode, "socks-mode", false, "listen for SOCKS requests instead of HTTP") flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+ "(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)") flag.DurationVar(&args.timeout, "timeout", 10*time.Second, "timeout for network operations") @@ -187,6 +189,8 @@ func run() int { proxyLogger := clog.NewCondLogger(log.New(logWriter, "PROXY : ", log.LstdFlags|log.Lshortfile), args.verbosity) + socksLogger := log.New(logWriter, "SOCKS : ", + log.LstdFlags|log.Lshortfile) mainLogger.Info("opera-proxy client version %s is starting...", version) @@ -339,8 +343,7 @@ func run() int { } } - - var handlerBaseDialer dialer.ContextDialer = d + var handlerBaseDialer = d if args.overrideProxyAddress != "" { mainLogger.Info("Original endpoint: %s", endpoint.IP) handlerBaseDialer = dialer.NewFixedDialer(args.overrideProxyAddress, handlerBaseDialer) @@ -359,9 +362,19 @@ func run() int { caPool, handlerBaseDialer) mainLogger.Info("Starting proxy server...") - h := handler.NewProxyHandler(handlerDialer, proxyLogger) - mainLogger.Info("Init complete.") - err = http.ListenAndServe(args.bindAddress, h) + if args.socksMode { + socks, initError := handler.NewSocksServer(handlerDialer, socksLogger) + if initError != nil { + mainLogger.Critical("Failed to start: %v", err) + return 16 + } + mainLogger.Info("Init complete.") + err = socks.ListenAndServe("tcp", args.bindAddress) + } else { + h := handler.NewProxyHandler(handlerDialer, proxyLogger) + mainLogger.Info("Init complete.") + err = http.ListenAndServe(args.bindAddress, h) + } mainLogger.Critical("Server terminated with a reason: %v", err) mainLogger.Info("Shutting down...") return 0 From f5834e6919a911e53b4da4c439deb6bffe35c7d4 Mon Sep 17 00:00:00 2001 From: Sarun Rattanasiri Date: Sat, 12 Apr 2025 02:18:43 +0700 Subject: [PATCH 2/2] update README for `socks-mode` --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5675fe2..995da4a 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ eu3.sec-tunnel.com,77.111.244.22,443 | api-login | String | SurfEasy API login (default "se0316") | | api-password | String | SurfEasy API password (default "SILrMEPBmJuhomxWkfm3JalqHX2Eheg1YhlEZiMh8II") | | api-user-agent | String | user agent reported to SurfEasy API (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0") | -| bind-address | String | HTTP proxy listen address (default "127.0.0.1:18080") | +| bind-address | String | proxy listen address (default "127.0.0.1:18080") | | bootstrap-dns | String | Comma-separated list of DNS/DoH/DoT/DoQ resolvers for initial discovery of SurfEasy API address. See https://github.com/ameshkov/dnslookup/ for upstream DNS URL format. Examples: `https://1.1.1.1/dns-query`, `quic://dns.adguard.com` (default `https://1.1.1.3/dns-query,https://8.8.8.8/dns-query,https://dns.google/dns-query,https://security.cloudflare-dns.com/dns-query,https://fidelity.vm-0.com/q,https://wikimedia-dns.org/dns-query,https://dns.adguard-dns.com/dns-query,https://dns.quad9.net/dns-query,https://doh.cleanbrowsing.org/doh/adult-filter/`) | | cafile | String | use custom CA certificate bundle file | | certchain-workaround | Boolean | add bundled cross-signed intermediate cert to certchain to make it check out on old systems (default true) | @@ -112,6 +112,7 @@ eu3.sec-tunnel.com,77.111.244.22,443 | timeout | Duration | timeout for network operations (default 10s) | | verbosity | Number | logging verbosity (10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical) (default 20) | | version | - | show program version and exit | +| socks-mode | - | listen for SOCKS requests instead of HTTP | ## See also