How to add proxy support to c# socket connection? - proxy

I have a socket app that needs to have support for SOCKS 4 and 5 proxy connections, since my users may be behind firewalls. I am using WPF and C# 3.5 SP1. I see no options in the default Socket class for proxys, do I have to roll my own?
I'd prefer not to use 3rd party libs if possible - how difficult is it to enable proxy support with a standard C# Socket?

It is not terribly hard but you have to read through a couple of RFCs. You need to read the RFC spec on Socks v4, Socks v4a and Socks v5. I wrote a library that will do all the work for you but if you would rather write you own that is cool too. My library was mentioned in the previous post (Starksoft). You can implement the Socks protocol using a standard TcpClient object or a Socket connection. The TcpClient is easier. You simply need to send the commands immediately after connection to your proxy server. Those command will instruct the proxy server what final end point you are interested in connecting to. There is also specs for a UDP Socks connection but it sounds like you won't be needing that.
You can find all the RFCs and generation information on wikipedia. I can't post more because this crazy stackoverflow site limits the number of hyperlinks I am allowed to 1 since I am not a regular user. Very annoying.
http://en.wikipedia.org/wiki/SOCKS
Finally, you can rip off my code if you like since it is under the MIT license and I let you do that kind of thing. :) Take at look at my class Socks4ProxyClient.cs that implements the Socks v4 protocol. The method of most interest to you is named SendCommand() located on line 282. You can find my code at Google Code. Search for Starksoft. Or you can go to my web site directly and I have link to the source code in Google.
Socks5 implementation is a little trickier with more options to specify and a little more chatter to the server but basically very similar to Socks4.
Good luck and you should implement a solution yourself if you want to learn Socks. So, kudos to you!
Benton

You could ask google for some info. One of the first links will lead you to Mentalis.org and their free proxy implementation. They were once well known for their free network and security stuff but the projects seem to not being maintained for a while.
But it might be worth a look anyway.

I know you said that you did not want to use 3rd party librarys if possbile, but I would like to recommend this http://www.starksoft.com/prod_proxy.html.

Related

Using an alternative connection channel/transport for GRPC

I currently have a primitive RPC setup relying on JSON transferred over secured sockets, but I would like to switch to gRPC. Unfortunately I also need access to AF_UNIX on windows (Which Microsoft recently started supporting, but gRPC has not implemented).
Since I have an existing working connection (managed with a different library), my preference would be to just use that in conjunction with GRPC to send/receive commands in place of my JSON parsing, but I am struggling to identify the best way to do that.
I have seen Plugging custom transport into gRPC but this question differs in the following ways (As well as my hope for a more recent answer)
I am wanting to avoid making changes to the core of gRPC. I'd prefer to extend it if possible from within my library, but the answer here implies adding a new transport to gRPC.If I did need to do this at the transport level, is there a mechanism to register it with gRPC after the core has been built?
I am unsure if I need to define this as a full custom transport, since I do already have an existing connection established and ready. I have seen some things that imply I could simply extend Channel, but I might be wrong.
I need to be able to support Windows, or at least modern versions of it (Which means that the from_fd options gRPC provides are not available since they are currently only implemented for POSIX)
Has anyone solved similar problems with gRPC?
I may have figured out my own answer. I seem to have been overly focused on gRPC, when the service definition component of Protobuf is not dependent on that.
How can i write my own RPC Implementation for Protocol Buffers utilizing ZeroMQ is very similar to my use case, with https://developers.google.com/protocol-buffers/docs/proto#services seeming to resolve my issue (And this also explains why I seem to have been mixing up the different kinds of "Channels" involved
I welcome any improvements/suggestions, and hope that maybe this can be found in future searches by people that had the same confusion.

How to implement secure network message passing using Cocoa

I'm interested in having clients, on iOS/OS X platforms using Cocoa, having secure transaction with a dedicated server. I'm looking for the easiest and most 'proper' use of the fancy highly abstracted APIs that Apple has developed. An example of what I'm talking about with those "fancy" APIs is that https is implemented "for free" and could suit my purposes - except that I don't know how to implement the corresponding server portion of that?
The network messages basically need to be a secure session where a client can create an account, or log in with that account, can send a request to the server, and receive a response from the server. The traffic is low volume, latency is OK, most important thing is to implement confidentiality and to make my software effort as short as possible.
The server will be on FreeBSD and will either run Cocoa via Cocotron or can use some other technology you mention that would make development faster. The computation being done on the server is minimal, requires db intfc, etc.
On the client side, NSURLRequest and NSURLConection all support HTTPS mode. You could also try third party libraries such as ASIHTTPRequest.
On the server side, I'm not sure what you mean by "The server will be on FreeBSD and will either run Cocoa via Cocotron". Are you saying that your server will be written in Objective-C and using Cocoa API? I'm not really sure why you want to do something like that. If the code on server is minimal, why not use the Apache server combined with mod_ssl and perhaps PHP to get it done? PHP is excellent for quick and dirty server. You can also use django / rails and other established frameworks (all of which support HTTPS) if those suit your need better.

Man in the Middle (MITM) proxy with HTTPS support [duplicate]

This question already has answers here:
How to create Man in the Middle instrumentation
(3 answers)
Closed 8 years ago.
We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following.
Proxy HTTPS requests between a browser and a Web app. e.g. GMail
Intercept and modify the request/responses - Man in the Middle modification
Generate on the fly SSL certs (or maybe us pre-configured) for use between the proxy and the browser
Using Ruby, we've experimented with em-proxy and Goliath but I don't think these are quite the right fit.
Any suggestions would be very much appreciated.
Best Regards,
Carlskii.
There is also mitmproxy written in Python.
Fiddler can do this, although it's not Ruby-based.
There is also nice looking multiplatform http://www.charlesproxy.com/ with SSL support. It's in java/native code. It's closed-source paid app with free trail.
You can try https://github.com/odcinek/mallory it is more recent though not as fully mature as the previously mentioned other language proxies, this one however IS written in ruby.
Another alternative.
Burp Proxy, freemium, closed source written in java.
Burp Proxy is an interactive HTTP/S proxy server for attacking and
testing web applications. It operates as a man-in-the-middle between
the end browser and the target web server, and allows the user to
intercept, inspect and modify the raw traffic passing in both
directions.
Burp Proxy allows you to find and exploit application vulnerabilities
by monitoring and manipulating critical parameters and other data
transmitted by the application. By modifying browser requests in
various malicious ways, Burp Proxy can be used to perform attacks such
as SQL injection, cookie subversion, privilege escalation, session
hijacking, directory traversal and buffer overflows.
https://github.com/lightbody/browsermob-proxy open-source, well-known solution written in java, can be configured on-the-fly using REST API or Java API

Telnet lib and language choice for cross OS telnet client?

I'm looking to start a MUD client application, which connects to a MUD hosted on a telnet server. The only thing important to me is that it runs painlessly and efficiently across any OS. Aside from that requirement, I'm not really sold on any language.
So I'm looking for a freely available telnet client library on which I can base my application, so I don't have to deal with the details of the protocol too much.
I would always consider Twisted for this kind of thing (Python).
The beauty is that if you later decide to swap it out to SSH or anything more secure than telnet, you can with little pain.
Twisted, twisted, twisted!
To use telnet, see package twisted.conch.telnet. It's got some spartan API docs, but the real information on using it comes from searching on Google Code Search, such as this nugget from grailmud - a MUD server.
For all of my MUD programming, I just created my own routines from the ground up using the RFCs.
In case you'd like to avoid some of my pain, I wrapped it up into a fairly simple C# class that handles Telnet properly. In case you'd like to peruse it, you can view it here.
This code has been copy/pasted and run on Windows and on Linux (through Mono) on a handful of separate projects and works pretty good.
There is a telnet interface in CPAN if you like Perl. It's pretty minimal, but it should get the job done.
[edit]
libcurl is also supposed to be able to do telnet, although I couldn't find any examples of it.
pmc ( http://sourceforge.net/projects/perlmudclient/ ) was an attempt to do exactly this. I've spent some of the last week going through it; it uses an older modified version of Net::Telnet to do its connectivity work.
My problem is that Net::Telnet seems to have a blocking interface when a partial line is sent by the server, i.e. a line not terminated by a newline. It has two features that support this (waitfor and its prompt mechanism), because almost all telnet servers have prompts that are not newline-terminated.
MUDs often have "prompts" that are non-standard and vary through the course of the game; the MUD I admin on has a "Your choice: " prompt as its login [it's not just for usernames], and many game features present alternative prompts. So I suspect you'll need to bear this in mind when you go looking for a cross-platform Telnet library!
If you like C, I heartily recommend libtelnet. It will maintain an internal state that does all the IAC sequence parsing for you, and handles option negotiation using the Q method.

Firefox plugin - sockets

I've always wanted a way to make a socket connection to a server and allow the server to manipulate the page DOM. For example, this could be used in a stock quotes page, so the server can push new quotes as they become available.
I know this is a classic limitation (feature?) of HTTP's request/response protocol, but I think this could be implemented as a Firefox plugin (cross-browser compatibility is not important for my application). Java/Flash solutions are not acceptable, because (as far as i know) they live in a box and can't interact with the DOM.
Can anyone confirm whether this is within the ability of a Firefox plugin? Has someone already created this or something similar?
You may want to look at Comet which is a fancy name for a long running HTTP connection where the server can push updates to the page.
It should be possible. I have developed a xulrunner application that connects to a TCP server using sockets. Extension development would likely have the same capabilities. I used a library from mozdev - JSLib. Specifically check out the networking code. The fact that there is a Firefox add-on for JSlib add-on for Firefox makes more more confident.
Essentially, as I understand it, sockets are not part of JavaScript, but through XPCOM, you can get raw socket access like you would in any c/c++ application.
Warning: JSLib doesn't seem to receive a lot of attention and the mailing list is pretty sparse.
Java/Flash solutions are not acceptable, because (as far as i know)
they live in a box and can't interact with the DOM.
That's not actually true of Java. You can interact with Java via JavaScript and make DOM changes.
http://stephengware.com/proj/javasocketbridge/
In this example there are two JavaScript methods for interaction
Send:
socket_send("This was sent via the socket\n\n");
Receive:
on_socket_get(message){ more_code(message); }
You may want to look at Comet
a.k.a. server push. This does not let the server "update" the client page directly, but all the new data is sent to the page through a single connection.
Of course, a Firefox extension (as well as plugins, which are binary libraries that can do whatever any other application can do) can work with sockets too. See 1, 2.

Resources