Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/oldnomad/picosocks5
Lightweight and simple SOCKS5 proxy server. This is a mirror, the main repository is on GitLab.
https://github.com/oldnomad/picosocks5
c proxy socks socks5
Last synced: about 1 month ago
JSON representation
Lightweight and simple SOCKS5 proxy server. This is a mirror, the main repository is on GitLab.
- Host: GitHub
- URL: https://github.com/oldnomad/picosocks5
- Owner: oldnomad
- License: gpl-3.0
- Created: 2018-05-09T14:26:22.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-04-12T18:35:21.000Z (9 months ago)
- Last Synced: 2024-04-13T02:30:54.747Z (8 months ago)
- Topics: c, proxy, socks, socks5
- Language: C
- Homepage: https://gitlab.com/oldnomad/picosocks5
- Size: 382 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# PicoSOCKS5: a lightweight and simple SOCKS5 proxy server
[![pipeline status](https://gitlab.com/oldnomad/picosocks5/badges/master/pipeline.svg)](https://gitlab.com/oldnomad/picosocks5/commits/master)PicoSOCKS5 is a very simple and very lightweight SOCKS5 proxy server.
It is written in pure C and by default uses no extra libraries besides GLibc
or any other POSIX-compatible runtime (such as `musl`).# License
PicoSOCKS5 is licensed under GNU General Public License Version 3 (GPLv3).
For full text of the license see file [LICENSE.txt](LICENSE.txt) in the
root of the project.In addition, linking to and/or using OpenSSL is allowed. This additional
permission is required since recent OpenSSL license is considered by some
to be incompatible with GPL.# Supported features
- PicoSOCKS5 implements SOCKS5 ([RFC 1928](https://www.ietf.org/rfc/rfc1928.txt)).
Currently only `CONNECT` and `BIND` are supported, but `UDP ASSOCIATE`
may be implemented later.
Draft [SOCKS5a](https://datatracker.ietf.org/doc/draft-ietf-aft-socks-pro-v5/)
is partially taken into account, but not completely implemented.
Earlier versions of SOCKS (SOCKS4, SOCKS4a) are not implemented.
Draft [SOCKS6](https://datatracker.ietf.org/doc/draft-olteanu-intarea-socks-6/)
and other enhancements are not implemented.
- PicoSOCKS5 implements username/password authentication for SOCKS5
([RFC 1929](https://www.ietf.org/rfc/rfc1929.txt)).
- PicoSOCKS5 implements CHAP authentication for SOCKS5
([draft](https://www.ietf.org/archive/id/draft-ietf-aft-socks-chap-01.txt)),
including mutual authentication. PicoSOCKS5 can use external crypto libraries
(GnuTLS or OpenSSL), if available, or fall back to its own home-grown crypto
implementation.
- PicoSOCKS5 supports incoming and outgoing connections both in IPv4 and
IPv6. In particular, it can accept requests to connect to IPv6 servers
from IPv4 clients, and vice versa, serving as a gateway for mechanism
described in [RFC 3089](https://www.ietf.org/rfc/rfc3089.txt).# Known disadvantages
- User list for authentication (in the default password format) is kept
in memory, so PicoSOCKS5 doesn't work well for really large number of users.
- There's currently no support for GSS-API authentication method
([RFC 1961](https://www.ietf.org/rfc/rfc1961.txt)), required for full
SOCKS5 compliance.
- SOCKS5 `BIND` request support relies on "external" interface addresses
specified in daemon configuration. Automatic interface selection is
difficult to implement portably.# Building PicoSOCKS5
For building PicoSOCKS5 you'll need:
- GCC compiler. Any version supporting C99 will do (v4.8.4 or newer is
guaranteed to work). PicoSOCKS5 conforms to C99 standard, so it can be
ported to any compiler supporting it; however, if C11 or later
is supported, some of newer features may be used.- GLibc or compatible library (such as `musl`). PicoSOCKS5 uses POSIX.1-2017
(with XSI extensions) and following GNU extensions:- `vsyslog(3)`.
- `getopt_long(3)`.
- `crypt_r(3)` and algorithm extensions for `crypt(3)` family.
- Format specifier `"%m"` in `printf(3)` family.
- Optionally, `getifaddrs(3)`. The program will compile without it,
but when it's available, additional functionality is enabled.
- If the program is compiled without external crypto libraries, it
will use home-grown crypto implementation, which uses following
extensions:
- Header `` (if available) and macros `htole32(x)` and
`le32toh(x)` defined in it. If there is no `` for
your platform, or if it doesn't define these macros, and you
want to avoid using external crypto, you'll have to define
these macros yourself and pass them in `CFLAGS`.
- Optionally, `getentropy(3)`. If this function is not available,
the program will use direct reading from `/dev/urandom`. If
either method fails at runtime, low-quality standard `rand(3)`
will be used instead.So if you have another POSIX-compliant C runtime library that includes
these features, PicoSOCKS5 can be ported to it. In particular, PicoSOCKS5
is known to successfully build and run with `musl` (version 1.2.2).- For crypto implementation, PicoSOCKS5 can use GnuTLS or OpenSSL library.
Following features are used:- Random bytes generation.
- MD5 hash and HMAC functions.Without at least one of these libraries, PicoSOCKS5 will use
`getentropy(3)` (if available) or standard `rand(3)` (which is very
low quality), and a home-grown HMAC-MD5 implementation, which is not
provably secure. Also, internal HMAC-MD5 implementation needs macros
`htole32(x)` and `le32toh(x)` for converting 32-bit unsigned integers
between native (host) byte order and little-endian byte order. In many
systems these macros are defined in header file ``, but if
your system is not one of them, you'll have to define these macros
yourself and pass your definitions in `CFLAGS`.If you have another library implementing random bytes generation
and HMAC-MD5, you can write a wrapper for it as described in
[docs/crypto-libs.md](docs/crypto-libs.md).- GNU Autoconf/Automake, and their dependencies. The project was built
initially using automake version 1.15, but version 1.14 is also known
to work.- If you want to build man pages, you'll also need [pandoc](https://pandoc.org/).
First, get the latest sources and configure the project:
```bash
git clone https://gitlab.com/oldnomad/picosocks5
cd picosocks5
autoreconf -f -i -Wall
./configure
```Configure script supports option `with-crypto=`, which allows
you to specify which crypto library you want to use for CHAP authentication.
Possible values are `yes` (default, use whatever is available), `gnutls`,
`openssl`, and `no` (use internal implementation). It is possible to write
your own wrapper if you want to use some other library (see
[documentation](docs/crypto-libs.md)).Next, build and install the daemon:
```bash
make && sudo make install
```# Using PicoSOCKS5
```bash
picosocks5 -u nobody -g nogroup -a authfile.txt "*:1080"
```For more information on running PicoSOCKS5 see file
[src/picosocks5.md](src/picosocks5.md) or man page for _picosocks5_(8).
Short summary of options is also available from command line:```bash
picosocks5 --help
```