Skip to content
/ pr0cks Public
forked from n1nj4sec/pr0cks-py

python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target

License

GPL-3.0 license
0 stars 109 forks Branches Tags Activity
Star
Notifications

cclauss/pr0cks

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

iptables_example.rules

iptables_example.rules

 
 

pr0cks.py

pr0cks.py

 
 

socks.py

socks.py

 
 

Repository files navigation

pr0cks

python script to transparently forward all TCP and DNS traffic through a socks (like ssh -D option) or HTTPS (CONNECT) proxy using iptables -j REDIRECT target. Only works on linux for now.

Features :

  • set up a local transparent proxy compatible with socks4 socks5 and HTTP CONNECT proxies allowing to forward any TCP traffic transparently using iptables
  • set up a local transparent DNS proxy translating UDP port 53 requests to TCP allowing DNS traffic to go through a proxy without UDP support (like ssh -D option)
  • DNS caching mechanism to speed up the DNS resolutions through pr0cks

Usage example: let's rock

As an example we will use the socks5 proxy of openssh (the option -D)

$ ssh -D 1080 user@sshserver

then you can add some iptables rules :

$ iptables -t nat -A OUTPUT ! -d <my_ssh_server_IP>/32 -o eth0 -p tcp -m tcp -j REDIRECT --to-ports 10080
$ iptables -t nat -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1053

then start pr0cks :

$ python pr0cks.py --proxy SOCKS5:127.0.0.1:1080

All your TCP traffic and DNS traffic should now pass through the ssh server kinda like if you had setup a tun VPN through ssh but without admin rights on the server ! #help

python pr0cks.py -h
usage: procks [-h] [--proxy PROXY] [-p PORT] [-v] [--username USERNAME]
              [--password PASSWORD] [--dns-port DNS_PORT]
              [--dns-server DNS_SERVER]

Transparent SOCKS5/SOCKS4/HTTP_CONNECT Proxy

optional arguments:
  -h, --help            show this help message and exit
  --proxy PROXY         proxytype:ip:port to forward our connections through.
                        proxytype can be SOCKS5, SOCKS4 or HTTP
  -p PORT, --port PORT  port to bind the transparent proxy on the local socket
                        (default 10080)
  -v, --verbose         print all the connections requested through the proxy
  --username USERNAME   Username to authenticate with to the server. The
                        default is no authentication.
  --password PASSWORD   Only relevant when a username has been provided
  --dns-port DNS_PORT   dns port to listen on (default 1053)
  --dns-server DNS_SERVER
                        ip:port of the DNS server to forward all DNS requests
                        to using TCP through the proxy (default
                        208.67.222.222:53)

Dependencies

TODO

  • support UDP (with socks5)
  • support proxy chaining

Don't hesitate to send me your feedback or any issue you may find

I hope it will be useful to someone ! Have fun :)

About

python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages

  • Python 100.0%