hmgle / graftcp Goto Github PK
View Code? Open in Web Editor NEWA flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
License: GNU General Public License v3.0
graftcp's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
linecode fcccode applesky6 github-yxb xiaotujun comahax b81404324df7098a8e021232d7db superdong0 mwylaoma oldbigbomb freegit9527 liumorgan xuacker orf53975 flamepeak crackercat wxlg1117 5up3rc fbion jinnu92 acxlm showyoushowme charleswan liminaab beordle qhduan beaquant oyangjian haoxj darrennong luojiego pobizhe bsed ollcp glace rayroot kanamu larygwil shownb imulmul mondaywoo asdlei99 cchord xiaochen-2050 tonyable geekhuyang slooppe sireof eln1x quikilr arora123you lubyruffy blue-infosec explosivebattery followmedown hello-xbugs zhang2050cc 0xerick hoodoer kurikomoe cofyc wangyubow generalzzd dragonlinux forkdown haetao sunlewuyou chaoqing zhongmeng laurentfough soitun sesyi fdlucifer ayanamist thoaivo wangcheng711 fantasy1316 chaodada fxdian rtl8710 xianum rockyou ckwindowsproject fengjixuchui tiaotiao97 yangboyd v-e-o l34rner caledoniaproject ysmull lzy1102 wonderbeyond foxhack usench xbite209 xbeark lossmaster matt-moses jaskon139 wy353208214graftcp's Issues
make需要到github上下载依赖包
系统版本声明: Rocky Linu8.4(Centos8.4)
大佬,这是个死循环啊.我是因为无法正常拉去强外包才来安装graftcp,现在安装graftcp又要从墙外拉取依赖包......
make -C local VERSION=v0.5.0-beta.1 CC=gcc CXX=g++ AR=ar
make[1]: 进入目录“/root/code/graftcp/local”
go build -ldflags "-s -w -X main.version=v0.5.0-beta.1" ./cmd/graftcp-local
go: github.com/jedisct1/[email protected]: Get "https://proxy.golang.org/github.com/jedisct1/dlog/@v/v0.0.0-20210101122416-354ffe815216.mod": dial tcp 142.251.43.17:443: connect: connection refused
go: downloading github.com/jedisct1/dlog v0.0.0-20210101122416-354ffe815216
go: downloading github.com/kardianos/service v1.2.0
go: downloading golang.org/x/net v0.0.0-20210614182718-04defd469f4e
go: github.com/jedisct1/[email protected]: Get "https://proxy.golang.org/github.com/jedisct1/dlog/@v/v0.0.0-20210101122416-354ffe815216.mod": dial tcp 142.251.43.17:443: connect: connection refused
make[1]: *** [Makefile:28:graftcp-local] 错误 1
make[1]: 离开目录“/root/code/graftcp/local”
make: *** [Makefile:71:local/graftcp-local] 错误 2Linux上另外一种实现更简单的重定向方法
基于iptables + network classifier cgroup的,用于实现per app的TCP、DNS重定向,支持子进程自动继承,实现更简单。
EnvironmentFile=-/etc/sysconfig/graftcp-local
Ubuntu 18.10 make install 过后, 没有生成环境参数文件.
查找后发现我电脑上没有 /etc/sysconfig 这个目录, 不过没有影响, 我目前 socks 代理等同默认设置.
最后感谢作者, 用此工具新开终端配合 ss-local 的 acl 模式, repo 命令完美工作.
Completion of error handling
Would you like to add more error handling for return values from functions like the following?
Some problems of graftcp on Ubuntu 20.04.
On Ubuntu 20.04, I try to test graftcp with the following example, but failed:
$ sudo gdebi graftcp_0.4.0-1_amd64.deb
$ sudo systemctl disable graftcp-local.service
$ mgraftcp --socks5 127.0.0.1:18889 ipython
Python 3.9.1 (default, Feb 10 2021, 15:30:33)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.23.1 -- An enhanced Interactive Python. Type '?' for help.
In [1]: import imapclient
In [2]: imapObj = imapclient.IMAPClient('imap.gmail.com', ssl=True)
---------------------------------------------------------------------------
SSLEOFError Traceback (most recent call last)
<ipython-input-2-08c6d4884af9> in <module>
----> 1 imapObj = imapclient.IMAPClient('imap.gmail.com', ssl=True)
~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/imapclient.py in __init__(self, host, port, use_uid, ssl, stream, ssl_context, timeout)
282 self._idle_tag = None
283
--> 284 self._imap = self._create_IMAP4()
285 logger.debug(
286 "Connected to host %s over %s",
~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/imapclient.py in _create_IMAP4(self)
319
320 if self.ssl:
--> 321 return tls.IMAP4_TLS(
322 self.host,
323 self.port,
~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in __init__(self, host, port, ssl_context, timeout)
42 self.ssl_context = ssl_context
43 self._timeout = timeout
---> 44 imaplib.IMAP4.__init__(self, host, port)
45
46 def open(self, host, port=993, timeout=None):
~/.pyenv/versions/3.9.1/lib/python3.9/imaplib.py in __init__(self, host, port, timeout)
200 # Open socket to server.
201
--> 202 self.open(host, port, timeout)
203
204 try:
~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in open(self, host, port, timeout)
50 (host, port), timeout if timeout is not None else self._timeout
51 )
---> 52 self.sock = wrap_socket(sock, self.ssl_context, host)
53 self.file = self.sock.makefile("rb")
54
~/.pyenv/versions/3.9.1/envs/datasci/lib/python3.9/site-packages/imapclient/tls.py in wrap_socket(sock, ssl_context, host)
30 ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
31
---> 32 return ssl_context.wrap_socket(sock, server_hostname=host)
33
34
~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, session)
498 # SSLSocket class handles server_hostname encoding before it calls
499 # ctx._wrap_socket()
--> 500 return self.sslsocket_class._create(
501 sock=sock,
502 server_side=server_side,
~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in _create(cls, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, context, session)
1038 # non-blocking
1039 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
-> 1040 self.do_handshake()
1041 except (OSError, ValueError):
1042 self.close()
~/.pyenv/versions/3.9.1/lib/python3.9/ssl.py in do_handshake(self, block)
1307 if timeout == 0.0 and block:
1308 self.settimeout(None)
-> 1309 self._sslobj.do_handshake()
1310 finally:
1311 self.settimeout(timeout)
SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1123)
In [3]:
OTOH, it really works for Emacs, but I meet some strange messages:
$ mgraftcp --socks5 127.0.0.1:18889 /usr/local/bin/emacs
Then run M-x multi-term RET in Emacs, the following info will be triggered:
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Any hints for these problems?
Regards,
HY
v0.5.0-beta.1 pre-release: It doesn't work
Describe the bug
I would like to use the latest version of graftcp, but it doesn't work.
To Reproduce
Steps to reproduce the behavior:
$ ./graftcp curl 1.1.1.1
curl: (56) Recv failure: Connection reset by peer
./graftcp-local -select_proxy_mode direct
[2022-08-12 19:42:33] [NOTICE] graftcp-local start
[2022-08-12 19:42:33] [INFO] select_proxy_mode: direct
[2022-08-12 19:42:33] [INFO] graftcp-local start listening :2233...
[2022-08-12 19:42:47] [ERROR] getPidByAddr(127.0.0.1:34528, 127.0.0.1:2233) failed
[2022-08-12 19:43:01] [ERROR] getPidByAddr(127.0.0.1:40190, 127.0.0.1:2233) failed
[2022-08-12 19:43:03] [ERROR] getPidByAddr(127.0.0.1:40206, 127.0.0.1:2233) failed
[2022-08-12 19:43:05] [ERROR] getPidByAddr(127.0.0.1:40222, 127.0.0.1:2233) failed
[2022-08-12 19:44:22] [ERROR] getPidByAddr(127.0.0.1:47046, 127.0.0.1:2233) failed
[2022-08-12 19:44:26] [ERROR] getPidByAddr(127.0.0.1:47056, 127.0.0.1:2233) failed
I'm using Debian testing, Linux kernel 5.18.14 amd64, graftcp compiled with GCC 11.3.0, graftcp-local compiled with go 1.18.3.
graftcp 不支持端口扫描吗
以下是用proxychains4和graftcp使用nmap进行端口扫描的结果
graftcp结果显示 全部端口打开
graftcp nmap -Pn -sT -top-ports 5 172.16.0.1
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 11:26 CST
Nmap scan report for 172.16.0.1
Host is up (0.0013s latency).
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
graftcp-local的设置是
graftcp-local -socks5 127.0.0.1:10808 -select_proxy_mode only_socks5
proxychains4结果
pc4 nmap -Pn -sT -top-ports 5 172.16.0.1
[proxychains] config file found: /home/ahao/.proxychains/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 11:26 CST
Nmap scan report for 172.16.0.1
Host is up (0.094s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp open telnet
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
proxy mode issue
Can I choose a proxy mode like proxychain-ng?such as:
random_chain :Random use of proxy from a proxy list
dynamic_chain:Automatically select available proxy according to the order of the proxy list
HTTP Proxy redirecting support
Redirect the TCP connection to HTTP proxy.
white list for ip:port
Can I configire to only proxy 127.0.0.1:8080 http requests on a program?
赶紧更新版本,项目没更新版本,别人以为gg了
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
建议增加dotfiles配置
建议增加从 ~/graftcp-local/graftcp-local.conf 读取配置的选择,方便非root用户通过dotfiles管理配置
Awesome project
Please add more proxy model.. like ss, ssr..
reserved identifier violation
I would like to point out that identifiers like “_GRAFTCP_H” and “_STRING_SET_H” do not fit to the expected naming convention of the C language standard.
Would you like to adjust your selection for unique names?
the fourth argument register should be %rcx
long get_syscall_arg(pid_t pid, int order)
{
int offset;
long val;
switch (order) {
case 0:
offset = offsetof(struct user, regs.rdi);
break;
case 1:
offset = offsetof(struct user, regs.rsi);
break;
case 2:
offset = offsetof(struct user, regs.rdx);
break;
case 3:
offset = offsetof(struct user, regs.r10);
break;
case 4:
offset = offsetof(struct user, regs.r8);
break;
case 5:
offset = offsetof(struct user, regs.r9);
break;
default:
return -1;
}
errno = 0;
val = ptrace(PTRACE_PEEKUSER, pid, offset);
assert(errno == 0);
return val;
}case 3:
offset = offsetof(struct user, regs.r10);
mgraftcp doesn't pick up the http_proxy at all.
On Ubuntu 20.04, I try to test the mgraftcp with a local http proxy, but it seems that it doesn't use the proxy at all:
$ ./local/mgraftcp --version
mgraftcp version v0.4.0-2-ge6daf52
$ ./local/mgraftcp --enable-debug-log --http_proxy 127.0.0.1:8080 curl -Ivs www.google.com -o /dev/null
[2021-08-11 16:37:18] [INFO] graftcp-local start listening :0...
* Trying 172.217.24.4:80...
* TCP_NODELAY set
* Connected to www.google.com (127.0.0.1) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.68.0
> Accept: */*
>
[2021-08-11 16:37:18] [INFO] Request PID: 1902024, Source Addr: 127.0.0.1:53722, Dest Addr: 172.217.24.4:80
^C
At the same time, no traffic is observed on the proxy port:
$ sudo tcpdump -i any port 8080
But it works well with the socks5 proxy.
Any hints for this problem?
Regards,
HY
批量添加黑白名单
我看到样例是只能一个个添加ip
是否可以考虑增加批量添加的功能
例如:192.168.0.0-192.168.0.255
另外讨论另一个小功能 是否在里面是否可以实现url黑白名单
wget 可以正常使用,但 curl 不行
centos 7 x64,使用 graftcp 运行
wget 都可以正常使用,curl ip 地址可以,curl 带域名不行,会卡住
会无线循环进入 trace_syscall_entering 约 1 秒 1 次,pinfp->csn 值为 7,SYS_poll
可能是什么原因?
graftcp absorbs child signal and exits cleanly
When a program running through graftcp receives SIGKILL/SIGABRT, graftcp still exits cleanly, when in my opinion it should forward the signal of the child to itself (not sure if this would break some functionality, though).
For example, leave ping running on a terminal window:
$ ping www.google.com
Now on a second terminal window, kill ping:
$ kill -KILL $(pidof ping)
Go back to the first window, and if you use bash, right at the end it should say Killed, which is expected.
However, that is not what happens when you kill ping running through graftcp.
Thanks.
help: not support virtual machine
Describe the bug
To Reproduce
/etc/graftcp-local/graftcp-local.conf
## graftcp-local configuation
## Listen address (default ":2233")
listen = :2233
## Write logs to file, to stdout if empty
# logfile = graftcp-local.log
## Log level (0-6), 0: debug, 1: info, 2: notice, 3: warn, 4: error,
## 5: critical: 6: fatal
loglevel = 0
## Pipe path for graftcp to send address info (default "/tmp/graftcplocal.fifo")
# pipepath = /tmp/graftcplocal.fifo
## SOCKS5 address (default "127.0.0.1:1080")
socks5 = 192.168.3.35:1089
## SOCKS5 proxy username (default "")
# socks5_username = SOCKS5USERNAME
## SOCKS5 proxy password (default "")
# socks5_password = SOCKS5PASSWORD
## HTTP proxy address (default "")
http_proxy = 192.168.3.35:1088
## Set the mode for select a proxy (default "auto")
## "auto": select socks5 if socks5 is reachable, else HTTP proxy if HTTP proxy
## is rechable, else direct.
## "random": select the reachable proxy randomly.
## "only_http_proxy": only use http proxy.
## "only_socks5": only use socks5 proxy.
## "direct": direct connect.
select_proxy_mode = only_http_proxy
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
以上配置proxy的地址保证没有问题,因为我通过执行http_proxy=192.168.3.35:1088 curl 'http://www.google.com'是可以访问到内容的
启动graftcp-local后
/usr/bin/graftcp-local -config /etc/graftcp-local/graftcp-local.conf
执行
graftcp wget 'http://www.google.com'
依然不能翻墙
graftcp bash
同样没有效果
Expected behavior
能够翻墙
日志
从日志看,DNS没有问题,每次执行对应一条Request PID日志,就是无法翻成功
root@u1:/home/whf/install# journalctl -f -u graftcp-local.service
6月 23 07:28:32 u1 graftcp-local[35941]: [2022-06-23 07:28:32] [NOTICE] graftcp-local stop
6月 23 07:28:32 u1 systemd[1]: Stopping Translate graftcp TCP to SOCKS5 or HTTP proxy...
6月 23 07:28:32 u1 systemd[1]: graftcp-local.service: Deactivated successfully.
6月 23 07:28:32 u1 systemd[1]: Stopped Translate graftcp TCP to SOCKS5 or HTTP proxy.
6月 23 07:28:32 u1 systemd[1]: Started Translate graftcp TCP to SOCKS5 or HTTP proxy.
6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [NOTICE] graftcp-local start
6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [INFO] select_proxy_mode: only_http_proxy
6月 23 07:28:32 u1 graftcp-local[45674]: [2022-06-23 07:28:32] [INFO] graftcp-local start listening :2233...
6月 23 07:28:51 u1 graftcp-local[45674]: [2022-06-23 07:28:51] [INFO] Request PID: 45690, Source Addr: 127.0.0.1:46872, Dest Addr: 202.182.98.125:80
6月 23 07:31:38 u1 graftcp-local[45674]: [2022-06-23 07:31:38] [INFO] Request PID: 45742, Source Addr: 127.0.0.1:46874, Dest Addr: 31.13.84.34:80
6月 23 07:41:49 u1 graftcp-local[45674]: [2022-06-23 07:41:49] [INFO] Request PID: 46473, Source Addr: 127.0.0.1:46876, Dest Addr: 128.242.240.212:80
6月 23 07:42:15 u1 graftcp-local[45674]: [2022-06-23 07:42:15] [INFO] Request PID: 46494, Source Addr: 127.0.0.1:46878, Dest Addr: 128.242.240.212:80
Desktop (please complete the following information):
我用的windows下VMware虚拟机,虚拟机系统是Ubuntu 22.04,主机是intel nuc
root@u1:/home/whf# graftcp-local -version
graftcp-local version v0.4
root@u1:/home/whf# graftcp -V
graftcp v0.4
安装途径: 通过下载编译好的二进制deb
System:
Host: u1 Kernel: 5.15.0-39-generic x86_64 bits: 64 Console: pty pts/4
Distro: Ubuntu 22.04 (Jammy Jellyfish)
Machine:
Type: Vmware System: VMware product: VMware Virtual Platform v: N/A
serial: VMware-56 4d b2 8e 0f d8 4a e7-51 fa a1 f5 22 67 b1
Mobo: Intel model: 440BX Desktop Reference Platform serial: N/A BIOS: Phoenix v: 6.00
date: 07/22/2020
CPU:
Info: 2x 1-core model: Intel Celeron J4005 bits: 64 type: SMP cache: L2: 2x 4 MiB (8 MiB)
Speed (MHz): avg: 1997 min/max: N/A cores: 1: 1997 2: 1997
Graphics:
Device-1: VMware SVGA II Adapter driver: vmwgfx v: 2.19.0.0
Display: server: X.org v: 1.21.1.3 with: Xwayland v: 22.1.1 driver: gpu: vmwgfx
note: X driver n/a tty: 148x44
Message: GL data unavailable in console for root.
Audio:
Device-1: Ensoniq ES1371/ES1373 / Creative Labs CT2518 driver: snd_ens1371
Sound Server-1: ALSA v: k5.15.0-39-generic running: yes
Sound Server-2: PulseAudio v: 15.99.1 running: yes
Sound Server-3: PipeWire v: 0.3.48 running: yes
Network:
Device-1: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge driver: N/A
Device-2: Intel 82545EM Gigabit Ethernet driver: e1000
IF: ens33 state: up speed: 1000 Mbps duplex: full mac: 00:0c:29:22:67:b1
Bluetooth:
Device-1: VMware Virtual Bluetooth Adapter type: USB driver: btusb
Report: hciconfig ID: hci0 state: up address: 14:85:7F:80:95:89
Drives:
Local Storage: total: 20 GiB used: 11.83 GiB (59.2%)
ID-1: /dev/sda vendor: VMware model: Virtual S size: 20 GiB
Partition:
ID-1: / size: 19.02 GiB used: 11.83 GiB (62.2%) fs: ext4 dev: /dev/sda3
ID-2: /boot/efi size: 512 MiB used: 5.2 MiB (1.0%) fs: vfat dev: /dev/sda2
Swap:
Alert: No swap data was found.
Sensors:
Message: No sensor data found. Is lm-sensors configured?
Info:
Processes: 323 Uptime: 23h 52m Memory: 3.8 GiB used: 1.78 GiB (47.0%) Init: systemd runlevel: 5
Shell: Bash inxi: 3.3.13
是否考虑给 blackip-file whiteip-file not-ignore-local 三个参数增加配置文件支持
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
背景是在wsl2里使用,默认是走 http_proxy https_proxy 环境变量来使用代理,只有少数不支持这两个环境变量的程序才用graftcp,但就导致一个问题,如果不小心给支持环境变量的程序也用了graftcp,就会冲突,相当于graftcp连了代理后,程序自己又尝试连接代理的ip,此时一般的代理都会报错。这里把代理的ip加入到graftcp的blackip-file里就好了,但现在这个参数不支持放到配置文件里,每次都要输入,或者配置成alias,后者有在脚本里直接调用不生效的问题
Describe the solution you'd like
A clear and concise description of what you want to happen.
是否可以直接在配置文件中支持这些参数的配置?
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
自己写个wrapper脚本包一下graftcp和mgraftcp,加一下这两个参数,但不是很优雅。
现在是我自己简单改了一下mgraftcp的实现 ayanamist@27803ec
Additional context
Add any other context or screenshots about the feature request here.
还有一个场景,就是部分node程序,是部分支持上面说的环境变量的,就是http请求支持,但其余协议不支持,就导致无论用或者不用graftcp,都会不正常,所以必须使用graftcp的blackip能力。
Proxy Password
Is there a way to supply a username/password for a proxy? I did not see it documented. I tried username:password@address as proxy string. I also tried setting the SOCKS_USERNAME and SOCKS_PASSWORD environment variables.
A search for "password" yields graftcp-local/http_proxy.go, but this should not work for a socks proxy? I am also not sure how it should be set for the http proxy.
sys/reg.h file not found on OSX
➜ graftcp git:(master) ✗ make
In file included from util.c:15:
./graftcp.h:31:10: fatal error: 'sys/reg.h' file not found
#include <sys/reg.h>
^~~~~~~~~~~
1 error generated.
In file included from main.c:18:
./graftcp.h:31:10: fatal error: 'sys/reg.h' file not found
#include <sys/reg.h>
^~~~~~~~~~~
1 error generated.
cc -Wall -O2 -DNDEBUG -c -o main.o main.c
In file included from main.c:18:
./graftcp.h:31:10: fatal error: 'sys/reg.h' file not found
#include <sys/reg.h>
^~~~~~~~~~~
1 error generated.
make: *** [main.o] Error 1
_amd asset not found in v0.5.0
current release v0.5.0 only shows source archives and no longer the pre-compiled binary release.
Can you add the binary releases please?
IPv6 redirect Support?
Do you have plan support ipv6 proxy?
not work for windows subsystem for linux(WSL)
Not run on windows subsystem linux:
./graftcp go get -v golang.org/x/net/proxy
runtime/cgo: pthread_create failed: Function not implemented
SIGABRT: abort
PC=0x7f210d61ee97 m=0 sigcode=18446744073709551610
goroutine 0 [idle]:
runtime: unknown pc 0x7f210d61ee97
stack: frame={sp:0x7fffef5e3720, fp:0x0} stack=[0x7fffeede4cd0,0x7fffef5e3d00)
00007fffef5e3620: 00007fffef5e3b30 00000000016692a0
00007fffef5e3630: 00000000000000f1 0000000000000011
00007fffef5e3640: 0000000000000000 00007f210dc0fec3
00007fffef5e3650: 0000000000000001 0000000000000000
00007fffef5e3660: 2525252525252525 2525252525252525
00007fffef5e3670: 0000000000000000 0000000000000000
00007fffef5e3680: 0000000000000000 0000000000000000
00007fffef5e3690: 414fffffe0000000 0000000000000000
00007fffef5e36a0: 7261632e2f70797a 2f3a6e69622f6f67
00007fffef5e36b0: 61636f6c2f727375 2f3a6e6962732f6c
00007fffef5e36c0: 61636f6c2f727375 752f3a6e69622f6c
00007fffef5e36d0: 3a6e6962732f7273 6e69622f7273752f
00007fffef5e36e0: 6574616572635f64 3a64656c69616620
00007fffef5e36f0: 0000000000000000 0000000000000000
00007fffef5e3700: 6c61636f6c2f7273 752f3a6e6962732f
00007fffef5e3710: 6c61636f6c2f7273 73752f3a6e69622f
00007fffef5e3720: <0000000000000000 3a6e69622f727375
00007fffef5e3730: 622f3a6e6962732f 2f7273752f3a6e69
00007fffef5e3740: 752f3a73656d6167 6c61636f6c2f7273
00007fffef5e3750: 2f3a73656d61672f 6e69622f70616e73
00007fffef5e3760: 0000000000000000 0000000000000000
00007fffef5e3770: 00007f210d9cc560 00007f210d9cfbc0
00007fffef5e3780: bfe62e42fefa39ef 0000000000000000
00007fffef5e3790: 414fffffe0000000 0000000000000000
00007fffef5e37a0: fffffffe7fffffff ffffffffffffffff
00007fffef5e37b0: ffffffffffffffff ffffffffffffffff
00007fffef5e37c0: ffffffffffffffff ffffffffffffffff
00007fffef5e37d0: ffffffffffffffff ffffffffffffffff
00007fffef5e37e0: ffffffffffffffff ffffffffffffffff
00007fffef5e37f0: ffffffffffffffff ffffffffffffffff
00007fffef5e3800: ffffffffffffffff ffffffffffffffff
00007fffef5e3810: ffffffffffffffff ffffffffffffffff
runtime: unknown pc 0x7f210d61ee97
stack: frame={sp:0x7fffef5e3720, fp:0x0} stack=[0x7fffeede4cd0,0x7fffef5e3d00)
00007fffef5e3620: 00007fffef5e3b30 00000000016692a0
00007fffef5e3630: 00000000000000f1 0000000000000011
00007fffef5e3640: 0000000000000000 00007f210dc0fec3
00007fffef5e3650: 0000000000000001 0000000000000000
00007fffef5e3660: 2525252525252525 2525252525252525
00007fffef5e3670: 0000000000000000 0000000000000000
00007fffef5e3680: 0000000000000000 0000000000000000
00007fffef5e3690: 414fffffe0000000 0000000000000000
00007fffef5e36a0: 7261632e2f70797a 2f3a6e69622f6f67
00007fffef5e36b0: 61636f6c2f727375 2f3a6e6962732f6c
00007fffef5e36c0: 61636f6c2f727375 752f3a6e69622f6c
00007fffef5e36d0: 3a6e6962732f7273 6e69622f7273752f
00007fffef5e36e0: 6574616572635f64 3a64656c69616620
00007fffef5e36f0: 0000000000000000 0000000000000000
00007fffef5e3700: 6c61636f6c2f7273 752f3a6e6962732f
00007fffef5e3710: 6c61636f6c2f7273 73752f3a6e69622f
00007fffef5e3720: <0000000000000000 3a6e69622f727375
00007fffef5e3730: 622f3a6e6962732f 2f7273752f3a6e69
00007fffef5e3740: 752f3a73656d6167 6c61636f6c2f7273
00007fffef5e3750: 2f3a73656d61672f 6e69622f70616e73
00007fffef5e3760: 0000000000000000 0000000000000000
00007fffef5e3770: 00007f210d9cc560 00007f210d9cfbc0
00007fffef5e3780: bfe62e42fefa39ef 0000000000000000
00007fffef5e3790: 414fffffe0000000 0000000000000000
00007fffef5e37a0: fffffffe7fffffff ffffffffffffffff
00007fffef5e37b0: ffffffffffffffff ffffffffffffffff
00007fffef5e37c0: ffffffffffffffff ffffffffffffffff
00007fffef5e37d0: ffffffffffffffff ffffffffffffffff
00007fffef5e37e0: ffffffffffffffff ffffffffffffffff
00007fffef5e37f0: ffffffffffffffff ffffffffffffffff
00007fffef5e3800: ffffffffffffffff ffffffffffffffff
00007fffef5e3810: ffffffffffffffff ffffffffffffffff
goroutine 1 [running]:
runtime.systemstack_switch()
/usr/lib/go-1.10/src/runtime/asm_amd64.s:363 fp=0xc420042788 sp=0xc420042780 pc=0x4547f0
runtime.main()
/usr/lib/go-1.10/src/runtime/proc.go:128 +0x63 fp=0xc4200427e0 sp=0xc420042788 pc=0x42c8a3
runtime.goexit()
/usr/lib/go-1.10/src/runtime/asm_amd64.s:2361 +0x1 fp=0xc4200427e8 sp=0xc4200427e0 pc=0x457361
rax 0x0
rbx 0x7f210d9cc840
rcx 0x8
rdx 0x0
rdi 0x2
rsi 0x7fffef5e3720
rbp 0x914c5a
rsp 0x7fffef5e3720
r8 0x0
r9 0x7fffef5e3720
r10 0x8
r11 0x8
r12 0x16692a0
r13 0xf1
r14 0x11
r15 0x0
rip 0x7f210d61ee97
rflags 0x246
cs 0x33
fs 0x53
gs 0x2b
I used wrk to replace curl app,which can not invoke line, _, err := r.ReadLine()
fail
./graftcp -p 2233 wrk -t2 -c10 -d10s http://ww.baidu.com
_, err := r.ReadLine() can not invoke
ok
wrk -t2 -c10 -d10s http://ww.baidu.com
ok
./graftcp -p 2233 curl http://ww.baidu.com
_, err := r.ReadLine() can invoke
Improve efficiency / speed
Hi man ! The work you made is insane, it works perfeclty for me. I ended up here because i needed to proxy my traffic from some Go pentesting tools (like Kerbrute).
I wanted to say congrats, and also bring to light something you could improve : speed.
I don't know if it's possible for you to add an option to set a number of threads or something like that, but i've noticed that it took me like 25 min to make a basic kerbrute attack (which usually takes less than 1 min).
I was wondering if theres a way for you to improve that, because it can be very unpractical if we need to proxy a lot of requests.
Anyway, that is said, you did a great job man. Thanks a lot ! ❤️🔥
socks5_proxy still used while explicitly set 'select_proxy_mode' to 'only_http_proxy'
Describe the bug
option select_proxy_mode doesn't work as described with value only_http_proxy.
To Reproduce
- My graftcp-local configuration:
$ grep -hv '^#' /etc/graftcp-local.conf | sed '/^$/d'
listen = :32233
loglevel = 1
socks5 = 127.0.0.1:9050
http_proxy = 127.0.0.1:18118
select_proxy_mode = only_http_proxy
use_syslog = true
- proxy on my machine:
$ sudo ss -ltunp | egrep '9050|18118'
tcp LISTEN 0 10 127.0.0.1:18118 0.0.0.0:* users:(("VirtualBoxVM",pid=4059,fd=43))
- curl GET output througth VirtualBox proxy without graftcp (ensure that the VirtualBox http proxy actually works):
$ curl --verbose --proxy http://127.0.0.1:18118 https://google.com
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 18118 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.64.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 OK
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=*.google.com
* start date: Mar 1 09:43:57 2019 GMT
* expire date: May 24 09:25:00 2019 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services; CN=Google Internet Authority G3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x556dcd136f20)
> GET / HTTP/2
> Host: google.com
> User-Agent: curl/7.64.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Fri, 08 Mar 2019 06:37:02 GMT
< expires: Sun, 07 Apr 2019 06:37:02 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 1; mode=block
< x-frame-options: SAMEORIGIN
< alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host 127.0.0.1 left intact
- curl GET output with graftcp:
graftcp -p 32233 curl --verbose https://google.com
* Trying 216.58.220.206...
* TCP_NODELAY set
* Connected to google.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to google.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to google.com:443
- graftcp-local output (socks5 proxy still used here while I don't have a running socks5 proxy in my Linux box atm, as a result the connection failed):
$ graftcp-local -config /etc/graftcp-local.conf
[2019-03-08 14:36:29] [NOTICE] graftcp-local start
[2019-03-08 14:36:29] [INFO] graft-local start listening :32233...
[2019-03-08 14:46:31] [INFO] Request PID: 24102, Source Addr: 127.0.0.1:57148, Dest Addr: 216.58.220.206:443
[2019-03-08 14:46:31] [ERROR] dialer.Dial(216.58.220.206:443) err: dial tcp 127.0.0.1:9050: connect: connection refused
Expected behavior
curl should be able to connect to https://google.com via graftcp using the specified http_proxy (127.0.0.1:18118) as in configuration file.
Desktop:
我注意到当上游sock5代理关闭时, mgraftcp会试图用非代理的方式继续连接. 这会导致信息泄露.
验证方式:
$ mgraftcp bash
$ curl ddns.oray.com/checkip
如果这时sock5代理被关闭了,那么上述curl应该运行失败, 而现在mgraftcp的处理方式是用非代理的方式连接.
在一些隐私要求高的场景中,这会导致信息泄露.
至少请提供一个选项可以让用户来进行选择是中断还是继续非代理连接.
sudo make install 后 rm -rf graftcp文件夹后 ,graftcp-local service fail
Describe the bug
正常安装
make install
rm -rf graftcp
sudo systemctl restart graftcp-local.service
sudo systemctl status graftcp-local.service # 这时服务就坏了
(base) xtcc@archwork:~ $ sudo systemctl status graftcp-local.service 127 ↵
● graftcp-local.service - Translate graftcp TCP to SOCKS5 or HTTP proxy
Loaded: loaded (/etc/systemd/system/graftcp-local.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Fri 2020-10-30 18:54:40 CST; 4min 14s ago
Condition: start condition failed at Fri 2020-10-30 18:54:40 CST; 4min 14s ago
└─ ConditionFileIsExecutable=/home/xtcc/graftcp/graftcp-local/graftcp-local was not met
Process: 33724 ExecStart=/bin/bash -c /home/xtcc/graftcp/graftcp-local/graftcp-local (code=exited, status=0/SUCCES>
Main PID: 33724 (code=exited, status=0/SUCCESS)
10月 30 18:53:36 archwork systemd[1]: Started Translate graftcp TCP to SOCKS5 or HTTP proxy.
10月 30 18:53:36 archwork bash[33724]: [2020-10-30 18:53:36] [NOTICE] graftcp-local start
10月 30 18:53:36 archwork bash[33724]: [2020-10-30 18:53:36] [INFO] select_proxy_mode: auto
10月 30 18:53:36 archwork bash[33724]: [2020-10-30 18:53:36] [INFO] graftcp-local start listening :2233...
10月 30 18:54:40 archwork systemd[1]: Stopping Translate graftcp TCP to SOCKS5 or HTTP proxy...
10月 30 18:54:40 archwork bash[33724]: [2020-10-30 18:54:40] [NOTICE] graftcp-local stop
10月 30 18:54:40 archwork systemd[1]: graftcp-local.service: Succeeded.
10月 30 18:54:40 archwork systemd[1]: Stopped Translate graftcp TCP to SOCKS5 or HTTP proxy.
10月 30 18:54:40 archwork systemd[1]: Condition check resulted in Translate graftcp TCP to SOCKS5 or HTTP proxy being >
Desktop (please complete the following information):
- OS: archlinux
- Browser vivaldi
- Version :Linux archwork 5.9.1-arch1-1
Additional context
应该是安装没安装完全吧.希望修复一下.或者把包弄成"."开头的,隐藏下,不然很难受啊
Why not merge local and graftcp?
May I ask whether there is any concern on merging the graftcp-local and graftcp into one single binary?
It seems strange to me if I just want to proxy one command but need to open another terminal for local to running.
If it is already designed behavior which make merging in framework level a hard task, we can do it the simple way by spawn another thread inside go for local. Is this a valid solution?
mgraftcp redirect DNS rerquests?
looks like graftcp redirected aws internal dns requests. it make connection refused.
graftcp node log:
[2023-05-18 17:44:11] [INFO] Request PID: 45, Source Addr: 127.0.0.1:43100, Dest Addr: 99.84.140.88:443
[2023-05-18 17:44:14] [INFO] Request PID: 45, Source Addr: 127.0.0.1:43106, Dest Addr: 10.16.0.2:53
ss5 proxy server log:
[18/May/2023:09:50:39 UTC] [15254] 52.82.106.138 winter "CONNECT" STARTED 0 0 0 (52.82.106.138:8054 -> 74.125.204.82:443)
[18/May/2023:09:50:43 UTC] [15152] [ERRO] $ConnectServing$: (Connection timed out).
[18/May/2023:09:50:43 UTC] [15152] 52.82.106.138 winter "CONNECT" CONNREFUSED 0 0 - (52.82.106.138:46722 -> 10.16.0.2:53)
[18/May/2023:09:51:04 UTC] [15254] 52.82.106.138 winter "CONNECT" TERMINATED 9456971 21159 25 (52.82.106.138:8054 -> 74.125.204.82:443)
Feature request: splice() support
When I test graftcp (0.4.0) in direct mode with iperf3 I get the following speed:
graftcp --not-ignore-local iperf3 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[ 6] local 127.0.0.1 port 49714 connected to 127.0.0.1 port 2233
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 6] 0.00-1.00 sec 2.31 GBytes 19.9 Gbits/sec 0 1.31 MBytes
[ 6] 1.00-2.00 sec 2.33 GBytes 20.0 Gbits/sec 0 1.31 MBytes
[ 6] 2.00-3.00 sec 2.25 GBytes 19.4 Gbits/sec 0 1.31 MBytes
[ 6] 3.00-4.00 sec 2.26 GBytes 19.4 Gbits/sec 0 1.31 MBytes
[ 6] 4.00-5.00 sec 2.44 GBytes 21.0 Gbits/sec 0 1.31 MBytes
[ 6] 5.00-6.00 sec 2.19 GBytes 18.8 Gbits/sec 0 1.31 MBytes
[ 6] 6.00-7.00 sec 2.20 GBytes 18.9 Gbits/sec 0 1.31 MBytes
[ 6] 7.00-8.00 sec 2.25 GBytes 19.3 Gbits/sec 0 1.31 MBytes
[ 6] 8.00-9.00 sec 2.19 GBytes 18.8 Gbits/sec 0 1.31 MBytes
[ 6] 9.00-10.00 sec 2.11 GBytes 18.1 Gbits/sec 0 1.31 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 6] 0.00-10.00 sec 22.5 GBytes 19.4 Gbits/sec 0 sender
[ 6] 0.00-10.00 sec 22.5 GBytes 19.4 Gbits/sec receiver
iperf Done.
When testing with a SOCKS5 server with splice() support and proxychains-ng I get this:
proxychains4 -q iperf3 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[ 9] local 127.0.0.1 port 56922 connected to 127.0.0.1 port 1081
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 9] 0.00-1.00 sec 2.99 GBytes 25.6 Gbits/sec 0 512 KBytes
[ 9] 1.00-2.00 sec 3.25 GBytes 27.9 Gbits/sec 5 320 KBytes
[ 9] 2.00-3.00 sec 3.02 GBytes 25.9 Gbits/sec 0 512 KBytes
[ 9] 3.00-4.00 sec 3.23 GBytes 27.7 Gbits/sec 0 512 KBytes
[ 9] 4.00-5.00 sec 3.10 GBytes 26.6 Gbits/sec 1 512 KBytes
[ 9] 5.00-6.00 sec 2.93 GBytes 25.2 Gbits/sec 5 512 KBytes
[ 9] 6.00-7.00 sec 3.03 GBytes 26.0 Gbits/sec 2 512 KBytes
[ 9] 7.00-8.00 sec 3.02 GBytes 26.0 Gbits/sec 11 320 KBytes
[ 9] 8.00-9.00 sec 3.04 GBytes 26.2 Gbits/sec 4 320 KBytes
[ 9] 9.00-10.00 sec 3.04 GBytes 26.1 Gbits/sec 7 512 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 9] 0.00-10.00 sec 30.7 GBytes 26.3 Gbits/sec 35 sender
[ 9] 0.00-10.00 sec 30.6 GBytes 26.3 Gbits/sec receiver
iperf Done.
===============================
Looking in graftcp code and its performance, I can see that it doesn't use splice().
It would be a good idea to implement it and take a little more advantage.
My suggestion.
stalling
Describe the bug
using graftcp with some tools stalls indefinitely
To Reproduce
Steps to reproduce the behavior:
graftcp-local -socks5 :9050
graftcp curl ipinfo.io
Expected behavior
contrary to curl, wget doesn't stall and works
Desktop (please complete the following information):
- OS: alpine linux 3.8
Additional context
execve("/opt/bin/graftcp", ["graftcp", "curl", "ipinfo.io"], 0x7fff26890a20 /* 18 vars */) = 0
arch_prctl(ARCH_SET_FS, 0x7f419063bb88) = 0
set_tid_address(0x7f419063bbc0) = 253654
mprotect(0x7f4190638000, 4096, PROT_READ) = 0
mprotect(0x562142fa1000, 4096, PROT_READ) = 0
brk(NULL) = 0x562144572000
brk(0x562144574000) = 0x562144574000
open("/tmp/graftcplocal.fifo", O_WRONLY) = 3
rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
fork() = 253655
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGSTOP}], 0, NULL) = 253655
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_TRAPPED, si_pid=253655, si_uid=0, si_status=SIGSTOP, si_utime=0, si_stime=0} ---
ptrace(PTRACE_SETOPTIONS, 253655, NULL, PTRACE_O_TRACEFORK|PTRACE_O_TRACEVFORK|PTRACE_O_TRACECLONE|PTRACE_O_TRACEEXEC) = 0
ptrace(PTRACE_SYSCALL, 253655, NULL, SIG_0) = 0
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGTRAP}], 0, NULL) = 253655
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_TRAPPED, si_pid=253655, si_uid=0, si_status=SIGTRAP, si_utime=0, si_stime=0} ---
ptrace(PTRACE_PEEKUSER, 253655, 8*ORIG_RAX, [0x3b]) = 0
ptrace(PTRACE_SYSCALL, 253655, NULL, SIG_0) = 0
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGTRAP}], 0, NULL) = 253655
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_TRAPPED, si_pid=253655, si_uid=0, si_status=SIGTRAP, si_utime=0, si_stime=0} ---
ptrace(PTRACE_SYSCALL, 253655, NULL, SIG_0) = 0
wait4(-1, [{WIFSTOPPED(s) && WSTOPSIG(s) == SIGTRAP}], 0, NULL) = 253655
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_TRAPPED, si_pid=253655, si_uid=0, si_status=SIGTRAP, si_utime=0, si_stime=0} ---
对 MacOS 的支持
你好,请问目前是否支持 MacOS 系统?
graftcp bash for GitLab CI pipeline .gitlab-ci.yml image Dockerfile ENTRYPOINT
my proxy server is a squid proxy server.
failed at graftcp crane pull gcr.io/kaniko-project/executor:v1.9.0-debug kaniko.tar -v
only failed on pulling gcr.io images, works on other registries
root@18f481e9c3e5:/opt# crane version
0.14.0
https://github.com/google/go-containerregistry
root@18f481e9c3e5:/opt# graftcp --version
graftcp v0.4
root@18f481e9c3e5:/opt# cat /etc/graftcp-local/graftcp-local.conf
## graftcp-local configuation
## Listen address (default ":2233")
listen = :2233
## Write logs to file, to stdout if empty
# logfile = graftcp-local.log
## Log level (0-6), 0: debug, 1: info, 2: notice, 3: warn, 4: error,
## 5: critical: 6: fatal
loglevel = 1
## Pipe path for graftcp to send address info (default "/tmp/graftcplocal.fifo")
# pipepath = /tmp/graftcplocal.fifo
## SOCKS5 address (default "127.0.0.1:1080")
# socks5 = 127.0.0.1:1080
## SOCKS5 proxy username (default "")
# socks5_username = SOCKS5USERNAME
## SOCKS5 proxy password (default "")
# socks5_password = SOCKS5PASSWORD
## HTTP proxy address (default "")
### it's a squid http proxy server.
http_proxy = my_proxy:3128
https_proxy = my_proxy:3128
## Set the mode for select a proxy (default "auto")
## "auto": select socks5 if socks5 is reachable, else HTTP proxy if HTTP proxy
## is rechable, else direct.
## "random": select the reachable proxy randomly.
## "only_http_proxy": only use http proxy.
## "only_socks5": only use socks5 proxy.
## "direct": direct connect.
# select_proxy_mode = only_socks5
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
the error log:
root@18f481e9c3e5:/opt# graftcp crane pull gcr.io/kaniko-project/executor:v1.9.0-debug kaniko.tar -v
2023/05/10 07:53:54 --> GET https://gcr.io/v2/
2023/05/10 07:53:54 GET /v2/ HTTP/1.1
Host: gcr.io
User-Agent: crane/0.14.0 go-containerregistry/0.14.0
Accept-Encoding: gzip
2023/05/10 07:54:04 <-- net/http: TLS handshake timeout GET https://gcr.io/v2/ (10.020513479s)
2023/05/10 07:54:04 retrying net/http: TLS handshake timeout
2023/05/10 07:54:04 --> GET https://gcr.io/v2/
2023/05/10 07:54:04 GET /v2/ HTTP/1.1
Host: gcr.io
User-Agent: crane/0.14.0 go-containerregistry/0.14.0
Accept-Encoding: gzip
Replacement for redsocks
When trying to run a program with Wine I'm getting the an error saying: could not connect to 192.168.11.150:2081.
So I started to look for a way to get it to connect.
I started by finding Running World of Warcraft (or any application in Wine) through a SOCKS Proxy Server
That brought me to looking at redrocks but, redrocks hasn't been updated in 4 years!
As such I'd like to know if graftcp can act as a replacement.
There is some configuration at the top of the article I'm not sure how I'd do that in graftcp.
I look forward to looking into the use of graftcp.
wake up the blocking pipe goroutine
graftcp/graftcp-local/local.go
Lines 207 to 210 in fc5d1fb
graftcp/graftcp-local/local.go
Lines 198 to 202 in fc5d1fb
io.Copy return.graftcp go get -v这一步必须的么?
1:
git clone https://github.com/hmgle/graftcp.git
cd graftcp
make
后 graftcp位于当前源码目录,而graftcp-local出现在go/bin下;
2:
通过 graftcp 安装来自 golang.org 的 Go 包:
./graftcp go get -v golang.org/x/net/proxy
卡在这里了,如果跳过这步直接启用graftcp 好像某些能用有些不能用?
graftcp wget 之类的能用,因为请求会出现在graftcp-local实时刷新的日志里
graftcp yum 之类的好像不能?graftcp-local实时刷新的日志里完全没有请求
代理出错,graftcp-local 报 getPidByAddr failed 错误
-
使用环境
使用 master 最新分支编译,操作系统 Ubuntu 14.04.5 -
问题重现
- 创建一个 socks5 代理: ssh localhost -D 1080
- 启动 graftcp-local: ./graftcp-local/graftcp-local -select_proxy_mode only_socks5
- 访问百度:./graftcp curl www.baidu.com
重复执行命令,访问百度,则有很大概率出现错误:curl: (56) Recv failure: 连接被对方重设
此时,graftcp-local 报错:[ERROR] getPidByAddr(127.0.0.1:42354) failed
Redirect docker example
使用 docker 命令拉取镜像,实际上会通过 unix socket 通知运行于后台的 docker 进程,让后台的 docker 发出网络请求拉取镜像。因此,如果要让 docker 的网络请求走代理的话,需要停止后台的 docker 进程,再让 graftcp 重新启动 docker 进程就可以了。
例如:
sudo stop docker
sudo graftcp docker -d
docker pull hello-world
怎么个理论上能实现 mac os 版的 graftcp,DTrace 貌似只是个探针。
正如你所说,mac os 的 ptrace 是个半残品,也提到了理论上参考 DTrace 那一套也能实现,但是我简单了解了下 DTrace, 它并不能修改操纵被跟踪的程序,纯粹就是个探针。
还请指教下,怎么个理论上能实现?我想躺这趟浑水。一直好奇 proxifier 是怎么在 mac os 里做到跟 graftcp 一样的效果。
感谢你写的如此好的程序。
Use BPF and prctl to avoid tracking irrelevant syscall
Hello, does graftcp support redirect traffic on android or iOS platform ? and UDP packets?
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
runtime.main_main·f: function main is undeclared in the main package
On Ubuntu 20.04, I try to compile the git master version of graftcp, but meet the following messages:
$ make
cc -Wall -O2 -DNDEBUG -DVERSION=\"v0.4.0-2-ge6daf52\" -c -o main.o main.c
cc -Wall -O2 -DNDEBUG -DVERSION=\"v0.4.0-2-ge6daf52\" -c -o graftcp.o graftcp.c
cc -Wall -O2 -DNDEBUG -DVERSION=\"v0.4.0-2-ge6daf52\" -c -o util.o util.c
cc -Wall -O2 -DNDEBUG -DVERSION=\"v0.4.0-2-ge6daf52\" -c -o string-set.o string-set.c
cc main.o graftcp.o util.o string-set.o -o graftcp
make -C local VERSION=v0.4.0-2-ge6daf52
make[1]: Entering directory '/home/werner/Public/repo/github.com/hmgle/graftcp.git/local'
go build -ldflags "-s -w -X main.version=v0.4.0-2-ge6daf52" ./cmd/graftcp-local
make -C .. libgraftcp.a
make[2]: Entering directory '/home/werner/Public/repo/github.com/hmgle/graftcp.git'
ar rcs libgraftcp.a graftcp.o util.o string-set.o
make[2]: Leaving directory '/home/werner/Public/repo/github.com/hmgle/graftcp.git'
go build -ldflags "-s -w -X main.version=v0.4.0-2-ge6daf52" ./cmd/mgraftcp
# github.com/hmgle/graftcp/local/cmd/mgraftcp
runtime.main_main·f: function main is undeclared in the main package
make[1]: *** [Makefile:18: mgraftcp] Error 2
make[1]: Leaving directory '/home/werner/Public/repo/github.com/hmgle/graftcp.git/local'
make: *** [Makefile:61: local/graftcp-local] Error 2
Any hints for this problem?
Regards,
HY
Autocomplete when using graftcp invokes other programs
For zsh, you can add this to the zshrc file:
compdef _precommand graftcpMore details: https://unix.stackexchange.com/a/178054
gaftcp 不能代理 sudo
说起来可能有点奇怪,不过确实需要
graftcp sudo xxx 时 sudo 会提示“有效用户 ID 不是 0,/usr/bin/sudo 位于一个设置了“nosuid”选项的文件系统或没有 root 权限的 NFS 文件系统中吗?”
至于为什么会用到这个,个人在 yay 安装 aur 时需要,因为 yay 会自动 sudo pacman 安装
graftcp-local listen on localhost will fail
graftcp-local -listen=127.0.0.1:2233 -socks5=127.0.0.1:1081
[2019-03-26 18:30:27] [NOTICE] graftcp-local start
[2019-03-26 18:30:27] [INFO] select_proxy_mode: auto
[2019-03-26 18:30:27] [INFO] graft-local start listening 127.0.0.1:2233...
[2019-03-26 18:30:27] [ERROR] getPidByAddr(127.0.0.1:55604) failed
[2019-03-26 18:30:30] [ERROR] getPidByAddr(127.0.0.1:55702) failed
have to change to graftcp-local -listen=:2233 -socks5=127.0.0.1:1081
why?
graftcp sudo does not work
Describe the bug
graftcp sudo does not work, so graftcp yay which uses it will cause error.
To Reproduce
Try command graftcp sudo or graftcp yay
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Additional context
I found some notes here
For security reasons, the setuid bit and ptrace (used to run binaries under a debugger) cannot both be honored at the same time. Failure to enforce this restriction in the past led to CVE-2001-1384.
So maybe this will not be fixed? (I am not familiar with this)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.