I want to create a tor like clone in Go, where I have a local socks5 proxy server from which I get the request, encrypt it and send it via tcp to the network. To work with proxies in go I found the golang.org/x/net/proxy package. By searching how to create a server with it and getting the request data I only find something like this Creating a go socks5 client where people use it to only forward the traffic to another server.
Currently I have this implementation.
dialer, err := proxy.SOCKS5("tcp", "127.0.0.1:31415", nil, proxy.Direct)
if err != nil {
panic(err)
}
My question now is how I can get the data which the computer send via socks5 to this local proxy.
Related
I have an Envoy proxy instance configured to proxy http and websocket requests. Note that this is not a CONNECT proxy. I want my websocket client to create a websocket request as if it was sending it to the original destination and then deliver the payload to the proxy's listener instead.
What's the recommended way to connect to the local proxy? I believe this is dependent on the specific Go websocket package being used. I can see packages that allow overriding the http.Client used, but the destination address is determined using the websocket URL specified. The only alternative I have is to send the request to ws://proxy_ip:proxy_port/path directly, and specify the destination using some custom HTTP header that the proxy is configured to use for routing. I am not a big fan of this approach.
I want to dial an address different from that in the request
Use Gorilla's Dialer.NetDialContext to dial an address different from the request:
d := websocket.Dialer{
NetDialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
return net.DialContext(ctx, network, "proxy_ip:proxy_port")
},
}
c, r, err := d.Dial("ws://example.com/path", nil)
if err != nil {
// handle error
}
I'm trying to connect to G Suite's LDAPS server with Golang's LDAP library.
However, in the example, I don't really understand two things.
It seems like it connects via non-encrypted LDAP first? Then it upgrades? Is that true, if so, can't I just start out by connecting encrypted?
Google supplies a .cer & .key file to connect to their ldap server. I don't see where it use these files. I do see in their docs that a lot of LDAP clients require the files to be combined into a .p12. Is that necessary for Go?
If the person that answers this could supply an example, that would really help. Thank you.
StartTLS, as you've noted, allows one to upgrade a connection to use a TLS later on in the connections lifecycle.
If you want to connect via TLS immediately, then use the well known ldaps port 636 (instead of 389) - and use DialTLS:
// l, err := ldap.Dial("tcp", "ldap.example.com:389"))
var tlsConf *tls.Config
ldaps, err := ldap.DialTLS("tcp", "gsuite.google.com:636", tlsConf)
You may also use DialURL which infers TLS or non-TLS by the schema e.g.
conn, err := ldap.DialURL("ldap://ldap.example.com") // non-TLS on default port 389
conn, err := ldap.DialURL("ldaps://ldap.example.com") // TLS on default port 636
conn, err := ldap.DialURL("ldaps://myserver.com:1234") // TLS on custom port 1234
// Note: there is no way to add a custom tls.Config with this method
So if using, DialTLS: since you are using a Google service, it's trust cert should already be in your keychain, so a simple tls.Config should suffice:
tlsConf = &tls.Config{ServerName:"gsuite.google.com"} // <- ensure this matches the hostname provided by the server
If you want to get things up an running for testing:
// DONT EVER USE THIS IN PRODUCTION...
tlsConf = &tls.Config{InsecureSkipVerify: true} // DO NOT USE EVER
To add a client cert for client-side authentication:
// Load cer & key files into a pair of []byte
cert, err := tls.X509KeyPair(cer, key)
if err != nil {
log.Fatal(err)
}
tlsCong := &tls.Config{Certificates: []tls.Certificate{cert}}
I have a Go server-side program hosted on an Ubuntu 18.04 server. I want to handle example.com with Go, then example.com/blog or blog.example.com with PHP in shared hosting.
I prefer to do this with Go itself, not with another web server (ex: Nginx),
How can I do this?
You need to handle the endpoints served by another server/process as a reverse proxy. The standard library gives you httputil.ReverseProxy, which acts as a standard http.Handler, to make this very easy.
Try something like this:
target, err := url.Parse("http://blog.example.com/")
if err != nil {
panic(err)
}
proxy := httputil.NewSingleHostReverseProxy(target)
mux.Handle("/blog", proxy)
I am trying to create an UDP Proxy in Go without success.
My objective is to get the DNS response from a server and write it back to the client.
$ kdig -d #0.0.0.0:8853 facebook.com
n, client, err := u.server.ReadFromUDP(buf) // read request
n, err = u.server.WriteToUDP(buf, client) // write it back
Should i be doing something different? Response:
WARNING: response timeout for 0.0.0.0#8853(UDP)
PS: My TCP Implementation works fine.
Thanks!
I am using iris platform to do programming in go language (I am very beginner). I want to make all my computers at home be available for accessing to go server which is one of the local machine as well. When I set the listener with my network IP (192.168.0.0) or with any specified IP (192.168.0.15) it gives me panic error back. Only available 0.0.0.0 or 127.0.0.1/localhost or 192.168.0.19 - that is same as localhost
import "net"
...
ln, err := net.Listen("tcp4", "192.168.12:9999")
if err != nil{
panic(err)
}
iris.Serve(ln)
...
The error is: panic: listen tcp4 192.168.0.12:9999: bind: The requested address is not valid in its context.
Thanks to all for help.
You should read up on how networking works but here are some points to get you started.
You listen on a port, not an IP address. So whatever machine you're using as your server, find your local IP address:
On Linux or Mac you can do it many ways:
ifconfig | grep netmask and get your local address eg. 192.168.x.xx
Then start up your server with your Go program and listen on a localhost port like 8080.
eg.
if err := http.ListenAndServe(":8080", nil); err != nil {
//handle error
}
Then you can access the server with other machines in your house assuming they are on the same Wifi. Use a different computer and visit 192.168.x.xx:8080 from a browser.
To answer your question in your comments, outsiders cannot access your local server unless they have a connection to your Wifi.