How to specify server by DOMAIN PORT not IP PORT? #246
Comments
|
yes, you write a script that resolves the host and then creates a proxychains.conf from a template like this: #!/bin/sh
# proxychains wrapper
PROXY_DNS=foobar.com
PROXY_PORT=1080
PROXY_IP=$(host $PROXY_DNS | tail -n 1 | awk '{n=split($0, a, " "); print a[n];}')
conf=/tmp/pxc4.conf.$$
cat << EOF > $conf
strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
EOF
echo "socks5 $PROXY_IP $PROXY_PORT" >> $conf
trap "rm -f $conf" INT TERM
proxychains4 -f "$conf" "$@"
ec="$?"
rm -f "$conf"
return "$ec" |
|
when i run the script, it occurs: what should i do? |
|
did you pass parameters ? usage is like if it still doesn't work use |
|
to @rofl0r , but shell script is very unreliable, such like: the alias will cause error of host command, and also to multi-line output of some domainname by cut command. |
|
@Justsoos see above, i fixed the host command, should work now (i wrote the above script "blind", without ever running it) |
|
@rofl0r :D still the obviurs bug |
|
@Justsoos fixed. can you confirm it works now ? |
|
so, that is what I need:
suggest setting system alias like: thx @rofl0r, this script will be maintained at here https://gist.github.com/Justsoos/8c06f2df7b7c1b01749c19fe598e1e11 |
|
Hi, So works fine, whereas: does not (Permission denied). Unfortunately your workaround does not solve this problem. Regards |
conditions that need to be met are: 1) chaintype strict 2) proxy_dns on 3) not the first proxy in the list if these conditions are met, the dns name can be passed to be receiving proxy and be resolved there. addressing #246 (comment)
|
@philurlaub see latest commit ^ |
|
@rofl0r thanks a lot! Really appreciate your fast response. |
|
Okay, one more thing, if you could confirm, that basic auth works for the second proxy with dns name, that would help alot :) I currently get always |
|
it worked for my socks5 test server with password auth. can you provide me a pcap recording of the transaction (recorded with tcpdump or wireshark)? (you could change user/pass to something non-sensitive for testing) |
|
tcpdumping something is not a trivial task in my case as I'm in a big company setup surrounded with lots of restrictions. Basic auth seems to work though, it just behaviors not the way I suspected. Some URLs work some doesn't but that's probably because of one of the proxys having more restrictions. Nevertheless thanks again for testing! |
|
Why is domain name not directly supported by the |
it's explained in great detail in one of the issues here. please post a link when you find it. |
I'm curious about this as well. While I agree that adding code to support this is unnecessary since it can be handled via the wrapper script, at first glance it doesn't seem like there's any major hurdles implementation-wise. The only reference I found was in #184 where you mention that "it's not possible due to the way DNS resolution is internally done." However, in strict-chain mode proxychains already supports hostnames in the config for all except the first server. It seems like one should be able to modify |
ok, try it out and file a PR if it works. |
|
@rofl0r Ah you're right, since diff --git a/src/libproxychains.c b/src/libproxychains.c
index fc6880f..437cbae 100644
--- a/src/libproxychains.c
+++ b/src/libproxychains.c
@@ -82,6 +82,7 @@ unsigned int remote_dns_subnet = 224;
pthread_once_t init_once = PTHREAD_ONCE_INIT;
static int init_l = 0;
+static int getting_chain_data = 0;
static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_type * ct);
@@ -131,13 +132,16 @@ static void do_init(void) {
srand(time(NULL));
core_initialize();
+ setup_hooks();
+
/* read the config file */
+ getting_chain_data = 1;
get_chain_data(proxychains_pd, &proxychains_proxy_count, &proxychains_ct);
DUMP_PROXY_CHAIN(proxychains_pd, proxychains_proxy_count);
+ getting_chain_data = 0;
proxychains_write_log(LOG_PREFIX "DLL init: proxychains-ng %s\n", proxychains_get_version());
- setup_hooks();
while(close_fds_cnt) true_close(close_fds[--close_fds_cnt]);
init_l = 1;
@@ -341,13 +345,32 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
ip_type4 internal_ip = at_get_ip_for_host(host, strlen(host));
pd[count].ip.is_v6 = 0;
host_ip->addr.v4 = internal_ip;
- if(internal_ip.as_int == IPT4_INVALID.as_int)
- goto inv_host;
} else {
+ struct addrinfo* addr;
+ int result = true_getaddrinfo(host, NULL, NULL, &addr);
+ if (result != 0) {
+ goto inv_host;
+ }
+ for (struct addrinfo* res = addr; res != NULL; res = res->ai_next) {
+ int af = res->ai_family;
+ struct sockaddr *addr = res->ai_addr;
+ switch (af)
+ {
+ case AF_INET:
+ pd[count].ip.is_v6 = 0;
+ host_ip->addr.v4 = IPT4_INT(((struct sockaddr_in*) addr)->sin_addr.s_addr);
+ goto got_host;
+ case AF_INET6:
+ pd[count].ip.is_v6 = 1;
+ memcpy(host_ip->addr.v6, ((struct sockaddr_in6*) addr)->sin6_addr.s6_addr, 16);
+ goto got_host;
+ }
+ }
+ }
+got_host:
+ if (!host_ip->is_v6 && host_ip->addr.v4.as_int == IPT4_INVALID.as_int) {
inv_host:
- fprintf(stderr, "proxy %s has invalid value or is not numeric\n", host);
- fprintf(stderr, "non-numeric ips are only allowed under the following circumstances:\n");
- fprintf(stderr, "chaintype == strict (%s), proxy is not first in list (%s), proxy_dns active (%s)\n\n", bool_str(*ct == STRICT_TYPE), bool_str(count > 0), rdns_resolver_string(proxychains_resolver));
+ fprintf(stderr, "proxy %s has invalid value\n", host);
exit(1);
}
}
@@ -547,6 +570,9 @@ static int is_v4inv6(const struct in6_addr *a) {
return !memcmp(a->s6_addr, "\0\0\0\0\0\0\0\0\0\0\xff\xff", 12);
}
int connect(int sock, const struct sockaddr *addr, unsigned int len) {
+ if (getting_chain_data) {
+ return true_connect(sock, addr, len);
+ }
INIT();
PFUNC(); |
congrats. yes, to know whether it's bulletproof one would have to test it with all different proxy_dns/remote_dns backends. which reminds me that in case the proxyresolv script is installed, one could eventually just call proxy_gethostbyname_old(), which i recently re-added, without any hacks. |
I also wonder if there could be some thread related race condition where we after we set
That script injects the libproxychains dylib before calling dig, which would seem to cause an issue since that newly forked process will again try to call That seems even more hacky than the above though. I'll leave it to someone else who cares enough about this to rigorously test and polish the implementation. |
|
Is is possible to specify hostname if it can be resolvable by the local DNS or Bonjour? I have a proxy server on |
|
Or could proxychains at least parse hostnames in config file from |
it does already |
|
But Using the config file: and Is this not the use case? |
|
there's hostsreader code in proxychains-ng, but apparently it's only used for getaddrinfo-style lookups for the proxified program, but not for config processing. eventually this could be added without big effort. |
|
Any updates on this ? Seems like DNS resolution would come a long way to e.g automate proxychains conf deployment in Kubernetes for instance, where you might have a proxy like: That links to an egress proxy service deployed in k8s to control outgoing traffic. |
no. use the wrapper script from my first post. |
|
Sorry but your wrapper script is not very good, goes against all rules of automation ... Not too mention IPs can change in time and make deployments drift ... Seems trivial to add DNS resolution to proxychains, too bad you don't want to open a discussion, I could even have helped write it. |
Our proxy IP address may change. If the proxy IP address changes after the program is started, how can it automatically use the new address without restarting? |
it can't. you'd need some kind of background task which contiously polls what the hostname resolves to, and then restart proxychains tasks. much simpler solution: don't change the proxy ip. |
I'm having a server with a dynamic IP address(ADSL) and a DDNS configured for it, thus I need to use DOMAIN to specify the server, any way?
The text was updated successfully, but these errors were encountered: