sockit 0.0.4 → 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 50833e20c884206e0980ecc9f51dac27923f9576
+  data.tar.gz: 5655f2fb0c447475ebe9d917ee36cdb4ddb6a4fe
+SHA512:
+  metadata.gz: f99c488283970a80aa8f78a4e33833e4de12d5aa771163fcc538a7618783e064e40b973aad0e1256e2c72836beb812bca327d808fa74815c06c9c521b7a9785a
+  data.tar.gz: 2a2c634c3dcc3ae1f82206229ca69aaafc93f7fb616de09855b696ca0b2575f82c2e7bbc7bb89cd65e893919ee47b29ad7c6c73c5bd053ad5883e873793ef330

data/.rspec

@@ -1 +1 @@
--c -b -fd
+-c -b -fd --require spec_helper

data/.ruby-gemset

@@ -0,0 +1 @@
+sockit

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.3.0

data/.travis.yml

@@ -1,14 +1,16 @@
 language: ruby
-
 rvm:
-  - ree-1.8.7
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-
+  - 2.0.0
+  - 2.2.4
+  - 2.3.0
 branches:
   only:
-    - master
-
-before_script:
-  - ./bin/setup-travis-ci.sh
+  - master
+before_install:
+- "./spec/support/before_install.sh"
+notifications:
+  irc:
+    channels:
+    - "irc.freenode.net#jovelabs"
+    use_notice: true
+    skip_join: true

data/.yardopts

@@ -0,0 +1,2 @@
+--markup-provider=redcarpet
+--markup=markdown

data/README.md

@@ -1,10 +1,19 @@
+[![Gem Version](https://badge.fury.io/rb/sockit.png)](http://badge.fury.io/rb/sockit)
 [![Build Status](https://secure.travis-ci.org/zpatten/sockit.png)](http://travis-ci.org/zpatten/sockit)
+[![Coverage Status](https://coveralls.io/repos/zpatten/sockit/badge.png?branch=master)](https://coveralls.io/r/zpatten/sockit)
 [![Dependency Status](https://gemnasium.com/zpatten/sockit.png)](https://gemnasium.com/zpatten/sockit)
 [![Code Climate](https://codeclimate.com/github/zpatten/sockit.png)](https://codeclimate.com/github/zpatten/sockit)
 
 # SOCKIT
 
-Transparent SOCKS 5 support for TCPSocket
+Transparent SOCKS v4 and SOCKS v5 support for TCPSocket
+
+Seamlessly route all TCP for you application through a SOCKS server with nearly zero effort.  Once `require`'d and configured all traffic leveraging the `TCPSocket` class will route via your configured SOCKS server.
+
+This is especially useful for many cases; here are a couple:
+
+- Ensure all outbound traffic from your application appears from a single IP.
+- Ensure development traffic does not give away private IP addresses.
 
 ## INSTALLATION
 
@@ -30,36 +39,36 @@ You can configure on the singleton class or an instance of the class.  The SOCKS
 
 The defaults are as follows:
 
-    TCPSocket.socks do |socks|
-      socks.version = 5
-      socks.ignore = ["127.0.0.1"]
-      socks.debug = false
+    Sockit.config do |config|
+      config.version = 5
+      config.ignore = ["127.0.0.1"]
+      config.debug = false
     end
 
 Specify your SOCKS server and port:
 
-    TCPSocket.socks do |socks|
-      socks.host = "127.0.0.1"
-      socks.port = "1080"
+    Sockit.config do |config|
+      config.host = "127.0.0.1"
+      config.port = "1080"
     end
 
 If you want to use username/password authentication:
 
-    TCPSocket.socks do |socks|
-      socks.username = "username"
-      socks.password = "password"
+    Sockit.config do |config|
+      config.username = "username"
+      config.password = "password"
     end
 
 Turn on debug output:
 
-    TCPSocket.socks do |socks|
-      socks.debug = true
+    Sockit.config do |config|
+      config.debug = true
     end
 
 Ignore some more hosts:
 
-    TCPSocket.socks do |socks|
-      socks.ignore << "192.168.0.1"
+    Sockit.config do |config|
+      config.ignore << "192.168.0.1"
     end
 
 
@@ -85,7 +94,7 @@ Documentation:
 
 SOCKIT - Transparent SOCKS 5 support for TCPSocket
 
-* Author: Zachary Patten <zachary@jovelabs.net>
+* Author: Zachary Patten <zachary AT jovelabs DOT com> [![endorse](http://api.coderwall.com/zpatten/endorsecount.png)](http://coderwall.com/zpatten)
 * Copyright: Copyright (c) Zachary Patten
 * License: Apache License, Version 2.0
 

data/bin/sockit

@@ -19,8 +19,9 @@
 #
 ################################################################################
 
-require "pry"
-require "sockit"
+require 'bundler/setup'
+require 'pry'
+require 'sockit'
 
 ##
 #

data/lib/sockit/connection.rb

@@ -0,0 +1,43 @@
+module Sockit
+  module Connection
+
+    def direct_connect(socket, remote_host, remote_port, local_host=nil, local_port=nil)
+      log(:yellow, "Directly connecting to #{remote_host}:#{remote_port}")
+      socket.__send__(:initialize_tcp, remote_host, remote_port, local_host=nil, local_port=nil)
+      log(:green, "Connected to #{remote_host}:#{remote_port}")
+    end
+
+    def connect(socket, host, port)
+      log(:yellow, "Connecting to SOCKS v#{config.version} server #{config.host}:#{config.port}")
+
+      # when doing proxy mode on SS5; we seemingly need to resolve all names first.
+      if host !~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/
+        host = Resolv::DNS.new.getaddress(host).to_s
+      end
+
+      data = case config.version.to_i
+      when 4 then
+        build_v4_connection_request(host, port)
+      when 5 then
+        build_v5_connection_request(host, port)
+      end
+      data = data.flatten.join
+
+      log(:yellow, "Requesting SOCKS v#{config.version} connection to #{host}:#{port}")
+      dump(:write, data)
+      socket.write(data)
+
+      log(:yellow, "Waiting for SOCKS v#{config.version} connection reply")
+      host, port = case config.version.to_i
+      when 4 then
+        process_v4_connection_response(socket)
+      when 5 then
+        process_v5_connection_response(socket)
+      end
+      log(:green, [host, port].inspect)
+
+      log(:green, "Connected to #{host}:#{port} via SOCKS v#{config.version} server #{config.host}:#{config.port}")
+    end
+
+  end
+end

data/lib/sockit/support.rb

@@ -0,0 +1,53 @@
+module Sockit
+  module Support
+
+    def is_host_configured?
+      (!config.host.nil? && !config.host.empty?)
+    end
+
+    def is_port_configured?
+      (!config.port.nil? && !config.port.empty?)
+    end
+
+    def is_version_configured?
+      ((config.version == 4) || (config.version == 5))
+    end
+
+    def is_configured?
+      (is_host_configured? && is_port_configured? && is_version_configured?)
+    end
+
+    def connect_via_socks?(host)
+      (is_configured? && !config.ignore.flatten.include?(host))
+    end
+
+    def is_socks_v5?
+      (is_configured? && config.version.to_i == 5)
+    end
+
+    def is_socks_v4?
+      (is_configured? && config.version.to_i == 4)
+    end
+
+    def log(color, message)
+      return if !config.debug
+
+      timestamp = Time.now.utc
+      puts("%s%s.%06d %s%s" % [COLORS[color], timestamp.strftime("%Y-%m-%d|%H:%M:%S"), timestamp.usec, message, COLORS[:reset]])
+    end
+
+    def dump(action, data)
+      return if !config.debug
+
+      bytes = Array.new
+      chars = Array.new
+      for x in 0..(data.length - 1) do
+        bytes << ("%03d" % data[x].ord)
+        chars << ("%03s" % (data[x] =~ /^\w+$/ ? data[x].chr : "..."))
+      end
+      log(:blue, "#{action.to_s.upcase}: #{bytes.join(" ")}#{COLORS[:reset]}")
+      log(:blue, "#{action.to_s.upcase}: #{chars.join(" ")}#{COLORS[:reset]}")
+    end
+
+  end
+end

data/lib/sockit/v4/connection.rb

@@ -0,0 +1,62 @@
+module Sockit
+  module V4
+    module Connection
+
+      # SOCKS v4 Client Connection Request
+      # field 1: SOCKS version number, 1 byte (must be 0x04 for this version)
+      # field 2: command code, 1 byte:
+      # 0x01 = establish a TCP/IP stream connection
+      # field 3: port number in a network byte order, 2 bytes
+      # field 4: destination address of
+      # 4 bytes for IPv4 address
+      # field 5: userid
+      # variables bytes for userid, null terminate (0x00)
+      def build_v4_connection_request(host, port)
+        data = Array.new
+        data << [config.version.to_i, 0x01].pack("C*")
+
+        data << [port.to_i].pack("n")
+        if host =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/
+          data << [$1.to_i, $2.to_i, $3.to_i, $4.to_i].pack("C*")
+        end
+        data << config.username
+        data << [0x00].pack("C*")
+
+        data
+      end
+
+      # SOCKS v4 Server Connection Response
+      # field 1: version number, 1 byte (must be 0x00)
+      # field 2: result code, 1 byte:
+      # 90 = request granted
+      # 91 = request rejected or failed
+      # 92 = request rejected because SOCKS server can not connect to identd on the client
+      # 93 = request rejected because the client program and identd report different user-ids
+      # field 3: port number in a network byte order, 2 bytes
+      # field 4: destination address of
+      # 4 bytes for IPv4 address
+      def process_v4_connection_response(socket)
+        packet = socket.recv(2).unpack("C*")
+        dump(:read, packet)
+        version = packet[0]
+        result_code = packet[1]
+
+        case result_code
+        when 90 then
+          log(:green, build_v4_result_code_message(result_code))
+        else
+          raise SockitError, build_v4_result_code_message(result_code)
+        end
+
+        port = socket.recv(2).unpack("n")
+        dump(:read, port)
+
+        host = socket.recv(4).unpack("C*")
+        dump(:read, host)
+
+        [host.join('.'), port.join]
+      end
+
+    end
+  end
+end

data/lib/sockit/v4/support.rb

@@ -0,0 +1,31 @@
+module Sockit
+  module V4
+    module Support
+
+      # 90 = request granted
+      # 91 = request rejected or failed
+      # 92 = request rejected because SOCKS server can not connect to identd on the client
+      # 93 = request rejected because the client program and identd report different user-ids
+      def build_v4_result_code_message(result_code)
+        message = case result_code
+        when 90 then
+          "Request granted"
+        when 91 then
+          "Request rejected or failed"
+        when 92 then
+          "Request rejected because SOCKS server can not connect to identd on the client"
+        when 93 then
+          "Request rejected because the client program and identd report different user-ids"
+        else
+          "Unknown"
+        end
+
+        "%s (Code: 0x%02X)" % [message, result_code]
+
+      rescue
+        "Result Code: #{result_code.inspect}"
+      end
+
+    end
+  end
+end

data/lib/sockit/v5/authentication.rb

@@ -0,0 +1,105 @@
+module Sockit
+  module V5
+    module Authentication
+
+      def perform_v5_authenticate(socket)
+        log(:yellow, "Authenticating with SOCKS server #{config.host}:#{config.port}")
+
+        # The authentication methods supported are numbered as follows:
+        # 0x00: No authentication
+        # 0x01: GSSAPI[10]
+        # 0x02: Username/Password[11]
+        # 0x03-0x7F: methods assigned by IANA[12]
+        # 0x80-0xFE: methods reserved for private use
+
+        # The initial greeting from the client is
+        # field 1: SOCKS version number (must be 0x05 for this version)
+        # field 2: number of authentication methods supported, 1 byte
+        # field 3: authentication methods, variable length, 1 byte per method supported
+        if (config.username || config.password)
+          data = Array.new
+          data << [config.version, 0x02, 0x02, 0x00].pack("C*")
+          data = data.flatten.join
+
+          log(:yellow, "Requesting username/password authentication")
+          dump(:write, data)
+          socket.write(data)
+        else
+          data = Array.new
+          data << [config.version, 0x01, 0x00].pack("C*")
+          data = data.flatten.join
+
+          log(:yellow, "Requesting no authentication")
+          dump(:write, data)
+          socket.write(data)
+        end
+
+        # The server's choice is communicated:
+        # field 1: SOCKS version, 1 byte (0x05 for this version)
+        # field 2: chosen authentication method, 1 byte, or 0xFF if no acceptable methods were offered
+        log(:yellow, "Waiting for SOCKS authentication reply")
+        auth_reply = socket.recv(2).unpack("C*")
+        dump(:read, auth_reply)
+        server_socks_version = auth_reply[0]
+        server_auth_method = auth_reply[1]
+
+        if server_socks_version != config.version
+          raise SockitError, "SOCKS server does not support version #{config.version}!"
+        end
+
+        if server_auth_method == 0xFF
+          raise SockitError, authentication_method(server_auth_method)
+        else
+          log(:green, authentication_method(server_auth_method))
+        end
+
+        # The subsequent authentication is method-dependent. Username and password authentication (method 0x02) is described in RFC 1929:
+        case server_auth_method
+        when 0x00 then
+          # No authentication
+        when 0x01 then
+          # GSSAPI
+          raise SockitError, "Authentication method GSSAPI not implemented"
+        when 0x02 then
+          # For username/password authentication the client's authentication request is
+          # field 1: version number, 1 byte (must be 0x01)
+          # field 2: username length, 1 byte
+          # field 3: username
+          # field 4: password length, 1 byte
+          # field 5: password
+          data = Array.new
+          data << [0x01].pack("C*")
+          data << [config.username.length.to_i].pack("C*")
+          data << config.username
+          data << [config.password.length.to_i].pack("C*")
+          data << config.password
+          data = data.flatten.join
+
+          log(:yellow, "Sending username and password")
+          dump(:write, data)
+          socket.write(data)
+
+          # Server response for username/password authentication:
+          # field 1: version, 1 byte
+          # field 2: status code, 1 byte.
+          # 0x00 = success
+          # any other value = failure, connection must be closed
+          log(:yellow, "Waiting for SOCKS authentication reply")
+          auth_reply = socket.recv(2).unpack("C*")
+          dump(:read, auth_reply)
+          version = auth_reply[0]
+          status_code = auth_reply[1]
+
+          if status_code == 0x00
+            log(:green, authentication_status(status_code))
+          else
+            raise SockitError, authentication_status(status_code)
+          end
+        end
+
+        log(:green, "Authenticated to SOCKS server #{config.host}:#{config.port}")
+      end
+
+    end
+  end
+end

data/lib/sockit/v5/connection.rb

@@ -0,0 +1,98 @@
+module Sockit
+  module V5
+    module Connection
+
+      # SOCKS v5 Client Connection Request
+      # field 1: SOCKS version number, 1 byte (must be 0x05 for this version)
+      # field 2: command code, 1 byte:
+      # 0x01 = establish a TCP/IP stream connection
+      # 0x02 = establish a TCP/IP port binding
+      # 0x03 = associate a UDP port
+      # field 3: reserved, must be 0x00
+      # field 4: address type, 1 byte:
+      # 0x01 = IPv4 address
+      # 0x03 = Domain name
+      # 0x04 = IPv6 address
+      # field 5: destination address of
+      # 4 bytes for IPv4 address
+      # 1 byte of name length followed by the name for Domain name
+      # 16 bytes for IPv6 address
+      # field 6: port number in a network byte order, 2 bytes
+      def build_v5_connection_request(host, port)
+        data = Array.new
+        data << [config.version.to_i, 0x01, 0x00].pack("C*")
+
+        if host =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/
+          data << [0x01].pack("C*")
+          data << [$1.to_i, $2.to_i, $3.to_i, $4.to_i].pack("C*")
+        elsif host =~ /^[:0-9a-f]+$/
+          data << [0x04].pack("C*")
+          data << [$1].pack("C*")
+        else
+          data << [0x03].pack("C*")
+          data << [host.length.to_i].pack("C*")
+          data << host
+        end
+        data << [port.to_i].pack("n")
+
+        data
+      end
+
+      # SOCKS v5 Server Connection Response
+      # field 1: SOCKS protocol version, 1 byte (0x05 for this version)
+      # field 2: status, 1 byte:
+      # 0x00 = request granted
+      # 0x01 = general failure
+      # 0x02 = connection not allowed by ruleset
+      # 0x03 = network unreachable
+      # 0x04 = host unreachable
+      # 0x05 = connection refused by destination host
+      # 0x06 = TTL expired
+      # 0x07 = command not supported / protocol error
+      # 0x08 = address type not supported
+      # field 3: reserved, must be 0x00
+      # field 4: address type, 1 byte:
+      # 0x01 = IPv4 address
+      # 0x03 = Domain name
+      # 0x04 = IPv6 address
+      # field 5: destination address of
+      # 4 bytes for IPv4 address
+      # 1 byte of name length followed by the name for Domain name
+      # 16 bytes for IPv6 address
+      # field 6: network byte order port number, 2 bytes
+      def process_v5_connection_response(socket)
+        packet = socket.recv(4).unpack("C*")
+        dump(:read, packet)
+        socks_version = packet[0]
+        result_code = packet[1]
+        reserved = packet[2]
+        address_type = packet[3]
+
+        if result_code == 0x00
+          log(:green, build_v5_result_code_message(result_code))
+        else
+          raise SockitError, build_v5_result_code_message(result_code)
+        end
+
+        address_length = case address_type
+        when 0x01 then
+          4
+        when 0x03 then
+          data = socket.recv(1).unpack("C*")
+          dump(:read, data)
+          data[0]
+        when 0x04 then
+          16
+        end
+        host = socket.recv(address_length).unpack("C*")
+        dump(:read, host)
+
+        port = socket.recv(2).unpack("n")
+        dump(:read, port)
+
+        [host.join('.'), port.join]
+      end
+
+    end
+  end
+end

data/lib/sockit/v5/support.rb

@@ -0,0 +1,82 @@
+module Sockit
+  module V5
+    module Support
+
+      # 0x00 = request granted
+      # 0x01 = general failure
+      # 0x02 = connection not allowed by ruleset
+      # 0x03 = network unreachable
+      # 0x04 = host unreachable
+      # 0x05 = connection refused by destination host
+      # 0x06 = TTL expired
+      # 0x07 = command not supported / protocol error
+      # 0x08 = address type not supported
+      def build_v5_result_code_message(result_code)
+        message = case result_code
+        when 0x00 then
+          "Request granted"
+        when 0x01 then
+          "General failure"
+        when 0x02 then
+          "Connection not allowed by ruleset"
+        when 0x03 then
+          "Network unreachable"
+        when 0x04 then
+          "Host unreachable"
+        when 0x05 then
+          "Connection refused by destination host"
+        when 0x06 then
+          "TTL expired"
+        when 0x07 then
+          "Command not supported / Protocol error"
+        when 0x08 then
+          "Address type not supported"
+        else
+          "Unknown"
+        end
+
+        "%s (Code: 0x%02X)" % [message, result_code]
+
+      rescue
+        "Result Code: #{result_code.inspect}"
+      end
+
+      # The authentication methods supported are numbered as follows:
+      # 0x00: No authentication
+      # 0x01: GSSAPI[10]
+      # 0x02: Username/Password[11]
+      # 0x03-0x7F: methods assigned by IANA[12]
+      # 0x80-0xFE: methods reserved for private use
+      def authentication_method(auth_method)
+        case auth_method
+        when 0x00 then
+          "No authentication (Code: 0x%02X)" % auth_method
+        when 0x01 then
+          "GSSAPI authentication (Code: 0x%02X)" % auth_method
+        when 0x02 then
+          "Username/Password authentication (Code: 0x%02X)" % auth_method
+        when 0x03..0x7F then
+          "Authentication method assigned by IANA (Code: 0x%02X)" % auth_method
+        when 0x80..0xFE then
+          "Authentication method reserved for private use (Code: 0x%02X)" % auth_method
+        when 0xFF then
+          "Unsupported authentication (Code: 0x%02X)" % auth_method
+        else
+          "Unknown authentication (Code: 0x%02X)" % auth_method
+        end
+      end
+
+      # 0x00 = success
+      # any other value = failure, connection must be closed
+      def authentication_status(auth_status)
+        case auth_status
+        when 0x00 then
+          "Authentication success (Code: 0x%02X)" % auth_status
+        else
+          "Authentication failure (Code: 0x%02X)" % auth_status
+        end
+      end
+
+    end
+  end
+end

data/lib/sockit/version.rb

@@ -19,5 +19,9 @@
 ################################################################################
 
 module Sockit
-  VERSION = "0.0.4" unless const_defined?(:VERSION)
+
+  unless const_defined?(:VERSION)
+    VERSION = "1.0.0"
+  end
+
 end