Skip to content

network interface binding option #535

Closed
@crucifyer

Description

@crucifyer

hi,

I wish bind address option.
thank you.

ex) pc ips (1.1.1.2, 1.1.1.3, 1.1.1.4)

`# ip a

2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether ****
inet 1.1.1.2/24 brd 1.1.1.255 scope global enp2s0
inet 1.1.1.3/24 brd 1.1.1.255 scope global enp2s0
inet 1.1.1.4/24 brd 1.1.1.255 scope global enp2s0`

I wish choice 1.1.1.3

`import http.client

conn = http.client.HTTPConnection('xenosi.de', source_address=tuple(['1.1.1.3', 0]));

h = {}
h['User-Agent'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36'
conn.request('GET', '/ip.php?json', headers=h);

res = conn.getresponse();
print(res.status, res.reason, res.read())`

result)
proxy --hostname=0.0.0.0 --bindip=1.1.1.3

Activity

crucifyer

crucifyer commented on Apr 8, 2021

@crucifyer
Author

proxy --hostname=1.1.1.3 is not solution. proxy using 1.1.1.2

abhinavsingh

abhinavsingh commented on Apr 8, 2021

@abhinavsingh
Owner

Hi @crucifyer , IMO using desired interface IP with --hostname flag must do the trick.

Can you post the logs printed, when you start proxy with custom --hostname flag? Thank you!!!

crucifyer

crucifyer commented on Apr 8, 2021

@crucifyer
Author
# proxy --hostname=1.1.1.3
2021-04-08 16:15:01,771 - pid:1980 [I] load_plugins:334 - Loaded plugin proxy.http.proxy.HttpProxyPlugin
2021-04-08 16:15:01,772 - pid:1980 [I] listen:115 - Listening on 1.1.1.3:8899
2021-04-08 16:15:01,777 - pid:1980 [I] start_workers:136 - Started 2 workers
2021-04-08 16:15:20,754 - pid:1983 [I] access_log:397 - 3.4.5.6:59064 - CONNECT ogs.google.com:443 - 17772 bytes - 10508.13 ms
2021-04-08 16:15:21,073 - pid:1984 [I] access_log:397 - 3.4.5.6:59067 - CONNECT www.gstatic.com:443 - 792 bytes - 10320.72 ms
2021-04-08 16:15:21,090 - pid:1983 [I] access_log:397 - 3.4.5.6:59066 - CONNECT www.google.com:443 - 4121 bytes - 10447.67 ms
2021-04-08 16:15:21,255 - pid:1983 [I] access_log:397 - 3.4.5.6:59068 - CONNECT apis.google.com:443 - 1531 bytes - 10499.93 ms
2021-04-08 16:15:21,378 - pid:1984 [I] access_log:397 - 3.4.5.6:59069 - CONNECT lh3.google.com:443 - 2865 bytes - 10576.36 ms
2021-04-08 16:15:21,925 - pid:1983 [I] access_log:397 - 3.4.5.6:59070 - CONNECT lh3.googleusercontent.com:443 - 17078 bytes - 10553.79 ms
2021-04-08 16:15:22,163 - pid:1984 [I] access_log:397 - 3.4.5.6:59071 - CONNECT xenosi.de:443 - 1828 bytes - 10266.32 ms
2021-04-08 16:15:22,452 - pid:1984 [I] access_log:397 - 3.4.5.6:59065 - CONNECT ssl.gstatic.com:443 - 1566 bytes - 12104.30 ms```


but, 3.4.5.6 browser connect proxy https://xenosi.de/ip.php return 1.1.1.2
thank you.
abhinavsingh

abhinavsingh commented on Apr 8, 2021

@abhinavsingh
Owner
crucifyer

crucifyer commented on Apr 8, 2021

@crucifyer
Author

Of course.
The foxy proxy is set to 1.1.1.3:8899.

I have a lot of ips on my server.
I want to pick one of them and use it.
Add an option that accepts source_address= like the code above.

The exact purpose is
PCs in the office intranet do not have Internet by themselves,
This is to make the Internet work only by proxy settings in the browser.

thank you.

crucifyer

crucifyer commented on Apr 8, 2021

@crucifyer
Author

Maybe this is the part.
Wouldn't it be possible to apply it with setsockopt?

https://docs.python.org/3/library/socket.html

# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))

# Include IP headers
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

Please understand that this may be wrong as this is not well known.
thank you.

abhinavsingh

abhinavsingh commented on Apr 10, 2021

@abhinavsingh
Owner

Maybe this is the part.
Wouldn't it be possible to apply it with setsockopt?

https://docs.python.org/3/library/socket.html

# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))

# Include IP headers
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

Please understand that this may be wrong as this is not well known.
thank you.

@crucifyer This possibly can work (haven't tried it myself before) but will definitely require sudo privileges.

Can you work on a small POC, where:

  1. Simple take your code above
  2. Establish a connection to upstream server
  3. Check upstream logs to see if IP header indeed gets injected

If it does, we can wrap this POC as a feature within proxy.py, wdyt?

crucifyer

crucifyer commented on Apr 11, 2021

@crucifyer
Author

I tested it like this. The bind() alone works very well.

import sys

HOST = 'xenosi.de'
PORT = 80
s = None

for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM):
    af, socktype, proto, canonname, sa = res
    try:
        s = socket.socket(af, socktype, proto)
    except OSError as msg:
        s = None
        print(msg)
        continue
    try:
        s.bind(('1.1.1.3', 0))
        s.connect(sa)
    except OSError as msg:
        s.close()
        s = None
        print(msg)
        continue
    break

if s is None:
    print('could not open socket')
    sys.exit(1)

with s:
    s.sendall(b'GET /ip.php?json HTTP/1.1\r\nHOST: xenosi.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36\r\n\r\n')
    data = s.recv(1024)

print(data)
b'HTTP/1.1 200 OK\r\nDate: Sun, 11 Apr 2021 06:57:32 GMT\r\nContent-Type: application/x-javascript; charset=utf-8\r\n
Transfer-Encoding: chunked\r\n
Connection: keep-alive\r\n
Set-Cookie: __cfduid=da71asdf8ab352awef7e3eee0dd61618124252; expires=Tue, 11-May-21 06:57:32 GMT; path=/; domain=.xenosi.de; HttpOnly; SameSite=Lax\r\n
X-Powered-By: PHP/5.5.9-1ubuntu4.29\r\n
Strict-Transport-Security: max-age=63072000; preload\r\n
CF-Cache-Status: DYNAMIC\r\ncf-request-id: 096151bcb5000asdf8000000001\r\n
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report?s=esqZBasdf4KsVCy%2FkMT6Z5tPhdasdfH8t1JlxkIQ0YtlDLpcu5dLycGX3ZqQ%3D"}],"group":"cf-nel"}\r\nNEL: {"report_to":"cf-nel","max_age":604800}\r\nServer: cloudflare\r\nCF-RAY: 63e252412edf0a9c-NRT\r\nalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400\r\n\r\n15\r\n
{"ip":"1.1.1.3"}\r\n
0\r\n\r\n'

thank you.

abhinavsingh

abhinavsingh commented on Apr 12, 2021

@abhinavsingh
Owner

Thank you @crucifyer , but I am left a little confused over what is our objective here. If I understand correctly, you did a bind on 1.1.1.3 and upstream server saw the request coming from 1.1.1.3.

I think same should be achievable using proxy --hostname 1.1.1.3. Is you upstream server seeing 1.1.1.2 when making a request from proxy.py? If yes, may be we must put the bind login you demonstrated. Please let me know.

crucifyer

crucifyer commented on Apr 12, 2021

@crucifyer
Author

yes.
I think, need bind on self.client

crucifyer

crucifyer commented on Apr 15, 2021

@crucifyer
Author

I want to put a bind statement, but I can't find where to make the client socket. 😿

abhinavsingh

abhinavsingh commented on Apr 15, 2021

@abhinavsingh
Owner

@crucifyer You may hardcode bind here in the constructor of TcpClientConnection class https://github.com/abhinavsingh/proxy.py/blob/develop/proxy/core/connection/client.py#L25. If it works out, we can later add this in a more generic sense.

abhinavsingh

abhinavsingh commented on Oct 29, 2021

@abhinavsingh
Owner

@crucifyer Are you still here with me on this :). I am looking into it but would like to clarify what exactly are we after. Your example is a little misaligned, because bind is supposed to be used by servers and connect by clients. But IIUC, you are trying to call bind and connect on the same socket object. This is not a valid usage.

May you be can convey your requirement via this diagram and let me know where exactly are you expecting bind.

YQ5ES

More useful will be to explain the scenario you are trying to achieve, Thank you!!!

21 remaining items

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Participants

    @abhinavsingh@crucifyer@theol-git@saldiray06

    Issue actions

      network interface binding option · Issue #535 · abhinavsingh/proxy.py