diff --git a/README.md b/README.md index a901a46..35833f8 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# GoHPTS - HTTP(S) proxy to SOCKS5 proxy (chain) written in Go +# GoHPTS - HTTP(S) and TCP/UDP transparent proxy to SOCKS5 proxy (chain) written in Go [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Go Reference](https://pkg.go.dev/badge/github.com/shadowy-pycoder/go-http-proxy-to-socks.svg)](https://pkg.go.dev/github.com/shadowy-pycoder/go-http-proxy-to-socks) @@ -6,6 +6,7 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/shadowy-pycoder/go-http-proxy-to-socks)](https://goreportcard.com/report/github.com/shadowy-pycoder/go-http-proxy-to-socks) ![GitHub Release](https://img.shields.io/github/v/release/shadowy-pycoder/go-http-proxy-to-socks) ![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/shadowy-pycoder/go-http-proxy-to-socks/total) +![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/shadowy-pycoder/go-http-proxy-to-socks/latest/total)

MrGopher @@ -20,8 +21,8 @@ - [Transparent proxy](#transparent-proxy) - [redirect (via NAT and SO_ORIGINAL_DST)](#redirect-via-nat-and-so_original_dst) - [tproxy (via MANGLE and IP_TRANSPARENT)](#tproxy-via-mangle-and-ip_transparent) - - [UDP support](#udp-support) - [ARP spoofing](#arp-spoofing) + - [UDP support](#udp-support) - [Traffic sniffing](#traffic-sniffing) - [JSON format](#json-format) - [Colored format](#colored-format) @@ -105,7 +106,7 @@ You can download the binary for your platform from [Releases](https://github.com Example: ```shell -GOHPTS_RELEASE=v1.10.0; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h +GOHPTS_RELEASE=v1.10.1; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h ``` Alternatively, you can install it using `go install` command (requires Go [1.24](https://go.dev/doc/install) or later): @@ -163,6 +164,7 @@ Options: -j Show logs in JSON format -logfile Log file path (Default: stdout) -nocolor Disable colored output for logs (no effect if -j flag specified) + -pprof Address of pprof server with profiling data Sniffing: -sniff Enable traffic sniffing for HTTP and TLS @@ -385,6 +387,8 @@ iptables -t nat -X GOHPTS ### Auto configuration for `redirect` mode +[[Back]](#table-of-contents) + To configure your system automatically, run the following command: ```shell @@ -456,6 +460,8 @@ ip link del veth1 ### Auto configuration for `tproxy` mode +[[Back]](#table-of-contents) + To configure your system automatically, run the following command (for example, on a separate VM): ```shell @@ -494,6 +500,8 @@ fi ### ARP spoofing +[[Back]](#table-of-contents) + `GoHPTS` has in-built ARP spoofer that can be used to make all TCP talking devices of your LAN to use proxy server to connect to the Internet. This is achieved by adding `-arpspoof` flag with couple of parameters, separated by semicolon. @@ -528,6 +536,8 @@ Check proxy logs for traffic from other devices from your LAN ### UDP support +[[Back]](#table-of-contents) + `GoHPTS` has UDP support that can be enabled in `tproxy` mode. For this setup to work you need to connect to a socks5 server capable of serving UDP connections (`UDP ASSOCIATE`). For example, you can use [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) to deploy UDP capable socks5 server on some remote or local machine. Once you have the server to connect to, run the following command: ```shell @@ -548,7 +558,7 @@ To test it locally, you can combine UDP transparent proxy with `-arpspoof` flag. sudo ./gohpts -s -T 8888 -Tu :8989 -M tproxy -sniff -body -auto -mark 100 -d -arpspoof "targets ;fullduplex true;debug false" ``` -4. Check connection on your host machine, the traffic should go through Kali machine. +5. Check connection on your host machine, the traffic should go through Kali machine. ## Traffic sniffing @@ -690,6 +700,8 @@ gohpts -sniff -snifflog ~/sniff.log -j ### Colored format +[[Back]](#table-of-contents) + ![GoHPTS - Colors example](resources/sniffing_color.png) You can see the example of colored output in the picture above. In this mode, `GoHPTS` tries to highlight import information such as TLS Handshake, HTTP metadata, something that looks line login/passwords or different types of auth and secret tokens. The output is limited comparing to JSON but way easier to read for humans. @@ -723,6 +735,16 @@ Learn more about transparent proxies by visiting the following links: - [Simple tproxy example](https://github.com/FarFetchd/simple_tproxy_example) - [Golang TProxy](https://github.com/KatelynHaworth/go-tproxy) - [Transparent Proxy Implementation using eBPF and Go](https://medium.com/all-things-ebpf/building-a-transparent-proxy-with-ebpf-50a012237e76) +- [https://github.com/heiher/hev-socks5-tproxy](https://github.com/heiher/hev-socks5-tproxy) + + `socks5` proxy with `UDP ASSOCIATE` support: + +- [https://github.com/wzshiming/socks5](https://github.com/wzshiming/socks5) +- [https://github.com/things-go/go-socks5](https://github.com/things-go/go-socks5) +- [https://github.com/0990/socks5](https://github.com/0990/socks5) +- [https://github.com/dizda/fast-socks5](https://github.com/dizda/fast-socks5) +- [https://github.com/semigodking/redsocks](https://github.com/semigodking/redsocks) +- [https://github.com/ginuerzh/gost](https://github.com/ginuerzh/gost) ## Contributing diff --git a/cmd/gohpts/cli.go b/cmd/gohpts/cli.go index 3d80897..49a95f3 100644 --- a/cmd/gohpts/cli.go +++ b/cmd/gohpts/cli.go @@ -51,6 +51,7 @@ Options: -j Show logs in JSON format -logfile Log file path (Default: stdout) -nocolor Disable colored output for logs (no effect if -j flag specified) + -pprof Address of pprof server with profiling data Sniffing: -sniff Enable traffic sniffing for HTTP and TLS @@ -140,6 +141,7 @@ func root(args []string) error { flags.BoolVar(&conf.JSON, "j", false, "Show logs in JSON format") flags.BoolVar(&conf.Sniff, "sniff", false, "Enable traffic sniffing for HTTP and TLS") flags.StringVar(&conf.SniffLogFile, "snifflog", "", "Sniffed traffic log file path (Default: the same as -logfile)") + flags.StringVar(&conf.AddrPprof, "pprof", "", "Address of pprof server with profiling data") flags.BoolVar(&conf.NoColor, "nocolor", false, "Disable colored output for logs (no effect if -j flag specified)") flags.BoolVar(&conf.Body, "body", false, "Collect request and response body for HTTP traffic (credentials, tokens, etc)") flags.BoolFunc("v", "Show version and build information", func(flagValue string) error { diff --git a/go.mod b/go.mod index 3e9c370..0d8df3b 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/google/uuid v1.6.0 github.com/rs/zerolog v1.34.0 github.com/shadowy-pycoder/colors v0.0.1 - github.com/shadowy-pycoder/mshark v0.0.13 + github.com/shadowy-pycoder/mshark v0.0.14 github.com/wzshiming/socks5 v0.5.2 golang.org/x/sys v0.33.0 golang.org/x/term v0.32.0 diff --git a/go.sum b/go.sum index ce397ac..99ec5f7 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= github.com/shadowy-pycoder/colors v0.0.1 h1:weCj/YIOupqy4BSP8KuVzr20fC+cuAv/tArz7bhhkP4= github.com/shadowy-pycoder/colors v0.0.1/go.mod h1:lkrJS1PY2oVigNLTT6pkbF7B/v0YcU2LD5PZnss1Q4U= -github.com/shadowy-pycoder/mshark v0.0.13 h1:ROEuey/Th4YAmfRg8Xc17aboMs5fknQho4mNBC9h+KE= -github.com/shadowy-pycoder/mshark v0.0.13/go.mod h1:FqbHFdsx0zMnrZZH0+oPzaFcleP4O+tUWv8i5gxo87k= +github.com/shadowy-pycoder/mshark v0.0.14 h1:Gou+y9tIEjNSztGWzfFSYJJ8G0DDNYmkvKTQUZDYeVQ= +github.com/shadowy-pycoder/mshark v0.0.14/go.mod h1:FqbHFdsx0zMnrZZH0+oPzaFcleP4O+tUWv8i5gxo87k= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/wzshiming/socks5 v0.5.2 h1:LtoowVNwAmkIQSkP1r1Wg435xUmC+tfRxorNW30KtnM= diff --git a/gohpts.go b/gohpts.go index 4a4a517..065fccc 100644 --- a/gohpts.go +++ b/gohpts.go @@ -17,6 +17,7 @@ import ( "math/rand" "net" "net/http" + "net/http/pprof" "os" "os/exec" "os/signal" @@ -57,6 +58,7 @@ var ( type Config struct { AddrHTTP string AddrSOCKS string + AddrPprof string User string Pass string ServerUser string @@ -136,6 +138,7 @@ type proxyapp struct { certFile string keyFile string httpServerAddr string + pprofAddr string iface *net.Interface tproxyAddr string tproxyAddrUDP string @@ -244,6 +247,12 @@ func New(conf *Config) *proxyapp { lvl = zerolog.DebugLevel } p.debug = conf.Debug + if conf.AddrPprof != "" { + p.pprofAddr, err = getFullAddress(conf.AddrPprof, "", false) + if err != nil { + p.logger.Fatal().Err(err).Msg("") + } + } // the only way I found to make debug level independent between loggers l := logger.Level(lvl) sl := snifflogger.Level(lvl) @@ -504,6 +513,9 @@ func New(conf *Config) *proxyapp { if p.tproxyAddrUDP != "" { p.logger.Info().Msgf("TPROXY (UDP): %s", p.tproxyAddrUDP) } + if p.pprofAddr != "" { + p.logger.Info().Msgf("PPROF: %s", p.pprofAddr) + } return &p } @@ -512,6 +524,15 @@ func (p *proxyapp) Run() { quit := make(chan os.Signal, 1) p.closeConn = make(chan bool) signal.Notify(quit, os.Interrupt) + if p.pprofAddr != "" { + sm := http.NewServeMux() + sm.HandleFunc("/debug/pprof/", pprof.Index) + sm.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + sm.HandleFunc("/debug/pprof/profile", pprof.Profile) + sm.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + sm.HandleFunc("/debug/pprof/trace", pprof.Trace) + go http.ListenAndServe(p.pprofAddr, sm) + } if p.arpspoofer != nil { go p.arpspoofer.Start() } diff --git a/version.go b/version.go index 63bc2ac..1e84760 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package gohpts -const Version string = "gohpts v1.10.0" +const Version string = "gohpts v1.10.1"