-# This is free and unencumbered software released into the public domain.
-#
-# Anyone is free to copy, modify, publish, use, compile, sell, or
-# distribute this software, either in source code form or as a compiled
-# binary, for any purpose, commercial or non-commercial, and by any
-# means.
-#
-# In jurisdictions that recognize copyright laws, the author or authors
-# of this software dedicate any and all copyright interest in the
-# software to the public domain. We make this dedication for the benefit
-# of the public at large and to the detriment of our heirs and
-# successors. We intend this dedication to be an overt act of
-# relinquishment in perpetuity of all present and future rights to this
-# software under copyright law.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-# OTHER DEALINGS IN THE SOFTWARE.
-#
-# For more information, please refer to <http://unlicense.org/>
-#
-# Example:
-# import socks
-# import ftplib
-# import socket
-#
-# socks.patch_socket()
-#
-# f = ftplib.FTP('ftp.kernel.org')
-# f.login()
-# print f.retrlines('LIST')
-# f.quit()
-#
-# s = socket.create_connection(('www.google.com', 80))
-# s.sendall('HEAD / HTTP/1.0\r\n\r\n')
-# print s.recv(1024)
-# s.close()
+# Public Domain SOCKS proxy protocol implementation
+# Adapted from https://gist.github.com/bluec0re/cafd3764412967417fd3
+
from __future__ import unicode_literals
-import os
-import struct
+
+# References:
+# SOCKS4 protocol http://www.openssh.com/txt/socks4.protocol
+# SOCKS4A protocol http://www.openssh.com/txt/socks4a.protocol
+# SOCKS5 protocol https://tools.ietf.org/html/rfc1928
+# SOCKS5 username/password authentication https://tools.ietf.org/html/rfc1929
+
+import collections
import socket
-import time
+
+from .compat import (
+ compat_ord,
+ compat_struct_pack,
+ compat_struct_unpack,
+)
__author__ = 'Timo Schmid <coding@timoschmid.de>'
-_orig_socket = socket.socket
+SOCKS4_VERSION = 4
+SOCKS4_REPLY_VERSION = 0x00
+# Excerpt from SOCKS4A protocol:
+# if the client cannot resolve the destination host's domain name to find its
+# IP address, it should set the first three bytes of DSTIP to NULL and the last
+# byte to a non-zero value.
+SOCKS4_DEFAULT_DSTIP = compat_struct_pack('!BBBB', 0, 0, 0, 0xFF)
+
+SOCKS5_VERSION = 5
+SOCKS5_USER_AUTH_VERSION = 0x01
+SOCKS5_USER_AUTH_SUCCESS = 0x00
+
+
+class Socks4Command(object):
+ CMD_CONNECT = 0x01
+ CMD_BIND = 0x02
+
-try:
- from collections import namedtuple
-except ImportError:
- from Collections import namedtuple
+class Socks5Command(Socks4Command):
+ CMD_UDP_ASSOCIATE = 0x03
-try:
- from urllib.parse import urlparse
-except:
- from urlparse import urlparse
-try:
- from enum import Enum
-except ImportError:
- Enum = object
+class Socks5Auth(object):
+ AUTH_NONE = 0x00
+ AUTH_GSSAPI = 0x01
+ AUTH_USER_PASS = 0x02
+ AUTH_NO_ACCEPTABLE = 0xFF # For server response
+
+
+class Socks5AddressType(object):
+ ATYP_IPV4 = 0x01
+ ATYP_DOMAINNAME = 0x03
+ ATYP_IPV6 = 0x04
+
+
+class ProxyError(socket.error):
+ ERR_SUCCESS = 0x00
+
+ def __init__(self, code=None, msg=None):
+ if code is not None and msg is None:
+ msg = self.CODES.get(code) or 'unknown error'
+ super(ProxyError, self).__init__(code, msg)
+
+
+class InvalidVersionError(ProxyError):
+ def __init__(self, expected_version, got_version):
+ msg = ('Invalid response version from server. Expected {0:02x} got '
+ '{1:02x}'.format(expected_version, got_version))
+ super(InvalidVersionError, self).__init__(0, msg)
-class ProxyError(IOError): pass
class Socks4Error(ProxyError):
+ ERR_SUCCESS = 90
+
CODES = {
- 0x5B: 'request rejected or failed',
- 0x5C: 'request rejected becasue SOCKS server cannot connect to identd on the client',
- 0x5D: 'request rejected because the client program and identd report different user-ids'
+ 91: 'request rejected or failed',
+ 92: 'request rejected because SOCKS server cannot connect to identd on the client',
+ 93: 'request rejected because the client program and identd report different user-ids'
}
- def __init__(self, code=None, msg=None):
- if code is not None and msg is None:
- msg = self.CODES.get(code)
- if msg is None:
- msg = 'unknown error'
- super(Socks4Error, self).__init__(code, msg)
-class Socks5Error(Socks4Error):
+
+class Socks5Error(ProxyError):
+ ERR_GENERAL_FAILURE = 0x01
+
CODES = {
0x01: 'general SOCKS server failure',
0x02: 'connection not allowed by ruleset',
0xFF: 'all offered authentication methods were rejected'
}
-class ProxyType(Enum):
- SOCKS4 = 0
+
+class ProxyType(object):
+ SOCKS4 = 0
SOCKS4A = 1
- SOCKS5 = 2
-
-Proxy = namedtuple('Proxy', ('type', 'host', 'port', 'username', 'password', 'remote_dns'))
-
-_default_proxy = None
-
-def setdefaultproxy(proxytype=None, addr=None, port=None, rdns=True, username=None, password=None, allow_env_override=True):
- global _default_proxy
- if allow_env_override:
- all_proxy = os.environ.get('ALL_PROXY', os.environ.get('all_proxy'))
- if all_proxy:
- all_proxy = urlparse(all_proxy)
- if all_proxy.scheme.startswith('socks'):
- if all_proxy.scheme == 'socks' or all_proxy.scheme == 'socks4':
- proxytype = ProxyType.SOCKS4
- elif all_proxy.scheme == 'socks4a':
- proxytype = ProxyType.SOCKS4A
- elif all_proxy.scheme == 'socks5':
- proxytype = ProxyType.SOCKS5
- addr = all_proxy.hostname
- port = all_proxy.port
- username = all_proxy.username
- password = all_proxy.password
-
- if proxytype is not None:
- _default_proxy = Proxy(proxytype, addr, port, username, password, rdns)
-
-
-def wrap_socket(sock):
- return socksocket(_sock=sock._sock)
-
-def wrap_module(module):
- if hasattr(module, 'socket'):
- sock = module.socket
- if isinstance(sock, socket.socket):
- module.socket = sockssocket
- elif hasattr(socket, 'socket'):
- socket.socket = sockssocket
-
-def patch_socket():
- import sys
- if 'socket' not in sys.modules:
- import socket
- sys.modules['socket'].socket = sockssocket
+ SOCKS5 = 2
+
+
+Proxy = collections.namedtuple('Proxy', (
+ 'type', 'host', 'port', 'username', 'password', 'remote_dns'))
class sockssocket(socket.socket):
def __init__(self, *args, **kwargs):
- self.__proxy = None
- if 'proxy' in kwargs:
- self.__proxy = kwargs['proxy']
- del kwargs['proxy']
+ self._proxy = None
super(sockssocket, self).__init__(*args, **kwargs)
- @property
- def _proxy(self):
- if self.__proxy:
- return self.__proxy
- return _default_proxy
-
- @property
- def _proxy_port(self):
- if self._proxy:
- if self._proxy.port:
- return self._proxy.port
- return 1080
- return None
-
- def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None):
- if proxytype is None:
- self.__proxy = None
- else:
- self.__proxy = Proxy(proxytype, addr, port, username, password, rdns)
+ def setproxy(self, proxytype, addr, port, rdns=True, username=None, password=None):
+ assert proxytype in (ProxyType.SOCKS4, ProxyType.SOCKS4A, ProxyType.SOCKS5)
+
+ self._proxy = Proxy(proxytype, addr, port, username, password, rdns)
def recvall(self, cnt):
data = b''
while len(data) < cnt:
cur = self.recv(cnt - len(data))
if not cur:
- raise IOError("{0} bytes missing".format(cnt-len(data)))
+ raise EOFError('{0} bytes missing'.format(cnt - len(data)))
data += cur
return data
- def _setup_socks4(self, address, is_4a=False):
- destaddr, port = address
+ def _recv_bytes(self, cnt):
+ data = self.recvall(cnt)
+ return compat_struct_unpack('!{0}B'.format(cnt), data)
+ @staticmethod
+ def _len_and_data(data):
+ return compat_struct_pack('!B', len(data)) + data
+
+ def _check_response_version(self, expected_version, got_version):
+ if got_version != expected_version:
+ self.close()
+ raise InvalidVersionError(expected_version, got_version)
+
+ def _resolve_address(self, destaddr, default, use_remote_dns):
try:
- ipaddr = socket.inet_aton(destaddr)
+ return socket.inet_aton(destaddr)
except socket.error:
- if is_4a and self._proxy.remote_dns:
- ipaddr = struct.pack('!BBBB', 0, 0, 0, 0xFF)
+ if use_remote_dns and self._proxy.remote_dns:
+ return default
else:
- ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))
-
- packet = struct.pack('!BBH', 0x4, 0x1, port) + ipaddr
- if self._proxy.username:
- username = self._proxy.username
- if hasattr(username, 'encode'):
- username = username.encode()
- packet += struct.pack('!{0}s'.format(len(username)+1), username)
- else:
- packet += b'\x00'
+ return socket.inet_aton(socket.gethostbyname(destaddr))
+
+ def _setup_socks4(self, address, is_4a=False):
+ destaddr, port = address
+
+ ipaddr = self._resolve_address(destaddr, SOCKS4_DEFAULT_DSTIP, use_remote_dns=is_4a)
+
+ packet = compat_struct_pack('!BBH', SOCKS4_VERSION, Socks4Command.CMD_CONNECT, port) + ipaddr
+
+ username = (self._proxy.username or '').encode('utf-8')
+ packet += username + b'\x00'
if is_4a and self._proxy.remote_dns:
- if hasattr(destaddr, 'encode'):
- destaddr = destaddr.encode()
- packet += struct.pack('!{0}s'.format(len(destaddr)+1), destaddr)
+ packet += destaddr.encode('utf-8') + b'\x00'
self.sendall(packet)
- packet = self.recvall(8)
- nbyte, resp_code, dstport, dsthost = struct.unpack('!BBHI', packet)
+ version, resp_code, dstport, dsthost = compat_struct_unpack('!BBHI', self.recvall(8))
- # check valid response
- if nbyte != 0x00:
- self.close()
- raise ProxyError(0, "Invalid response from server. Expected {0:02x} got {1:02x}".format(0, nbyte))
+ self._check_response_version(SOCKS4_REPLY_VERSION, version)
- # access granted
- if resp_code != 0x5a:
+ if resp_code != Socks4Error.ERR_SUCCESS:
self.close()
raise Socks4Error(resp_code)
- def _setup_socks5(self, address):
- destaddr, port = address
+ return (dsthost, dstport)
- try:
- ipaddr = socket.inet_aton(destaddr)
- except socket.error:
- if self._proxy.remote_dns:
- ipaddr = None
- else:
- ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))
+ def _setup_socks4a(self, address):
+ self._setup_socks4(address, is_4a=True)
- auth_methods = 1
- if self._proxy.username and self._proxy.password:
- # two auth methods available
- auth_methods = 2
- packet = struct.pack('!BBB', 0x5, auth_methods, 0x00) # no auth
+ def _socks5_auth(self):
+ packet = compat_struct_pack('!B', SOCKS5_VERSION)
+
+ auth_methods = [Socks5Auth.AUTH_NONE]
if self._proxy.username and self._proxy.password:
- packet += struct.pack('!B', 0x02) # user/pass auth
+ auth_methods.append(Socks5Auth.AUTH_USER_PASS)
+
+ packet += compat_struct_pack('!B', len(auth_methods))
+ packet += compat_struct_pack('!{0}B'.format(len(auth_methods)), *auth_methods)
self.sendall(packet)
- packet = self.recvall(2)
- version, method = struct.unpack('!BB', packet)
+ version, method = self._recv_bytes(2)
- # check valid response
- if version != 0x05:
- self.close()
- raise ProxyError(0, "Invalid response from server. Expected {0:02x} got {1:02x}".format(5, version))
+ self._check_response_version(SOCKS5_VERSION, version)
- # no auth methods
- if method == 0xFF:
+ if method == Socks5Auth.AUTH_NO_ACCEPTABLE:
self.close()
raise Socks5Error(method)
- # user/pass auth
- if method == 0x01:
- username = self._proxy.username
- if hasattr(username, 'encode'):
- username = username.encode()
- password = self._proxy.password
- if hasattr(password, 'encode'):
- password = password.encode()
- packet = struct.pack('!BB', 1, len(username)) + username
- packet += struct.pack('!B', len(password)) + password
+ if method == Socks5Auth.AUTH_USER_PASS:
+ username = self._proxy.username.encode('utf-8')
+ password = self._proxy.password.encode('utf-8')
+ packet = compat_struct_pack('!B', SOCKS5_USER_AUTH_VERSION)
+ packet += self._len_and_data(username) + self._len_and_data(password)
self.sendall(packet)
- packet = self.recvall(2)
- version, status = struct.unpack('!BB', packet)
+ version, status = self._recv_bytes(2)
- if version != 0x01:
- self.close()
- raise ProxyError(0, "Invalid response from server. Expected {0:02x} got {1:02x}".format(1, version))
+ self._check_response_version(SOCKS5_USER_AUTH_VERSION, version)
- if status != 0x00:
+ if status != SOCKS5_USER_AUTH_SUCCESS:
self.close()
- raise Socks5Error(1)
- elif method == 0x00: # no auth
- pass
+ raise Socks5Error(Socks5Error.ERR_GENERAL_FAILURE)
+
+ def _setup_socks5(self, address):
+ destaddr, port = address
+ ipaddr = self._resolve_address(destaddr, None, use_remote_dns=True)
- packet = struct.pack('!BBB', 5, 1, 0)
+ self._socks5_auth()
+
+ reserved = 0
+ packet = compat_struct_pack('!BBB', SOCKS5_VERSION, Socks5Command.CMD_CONNECT, reserved)
if ipaddr is None:
- if hasattr(destaddr, 'encode'):
- destaddr = destaddr.encode()
- packet += struct.pack('!BB', 3, len(destaddr)) + destaddr
+ destaddr = destaddr.encode('utf-8')
+ packet += compat_struct_pack('!B', Socks5AddressType.ATYP_DOMAINNAME)
+ packet += self._len_and_data(destaddr)
else:
- packet += struct.pack('!B', 1) + ipaddr
- packet += struct.pack('!H', port)
+ packet += compat_struct_pack('!B', Socks5AddressType.ATYP_IPV4) + ipaddr
+ packet += compat_struct_pack('!H', port)
self.sendall(packet)
- packet = self.recvall(4)
- version, status, _, atype = struct.unpack('!BBBB', packet)
+ version, status, reserved, atype = self._recv_bytes(4)
- if version != 0x05:
- self.close()
- raise ProxyError(0, "Invalid response from server. Expected {0:02x} got {1:02x}".format(5, version))
+ self._check_response_version(SOCKS5_VERSION, version)
- if status != 0x00:
+ if status != Socks5Error.ERR_SUCCESS:
self.close()
raise Socks5Error(status)
- if atype == 0x01:
+ if atype == Socks5AddressType.ATYP_IPV4:
destaddr = self.recvall(4)
- elif atype == 0x03:
- alen = struct.unpack('!B', self.recv(1))[0]
+ elif atype == Socks5AddressType.ATYP_DOMAINNAME:
+ alen = compat_ord(self.recv(1))
destaddr = self.recvall(alen)
- elif atype == 0x04:
+ elif atype == Socks5AddressType.ATYP_IPV6:
destaddr = self.recvall(16)
- destport = struct.unpack('!H', self.recvall(2))[0]
+ destport = compat_struct_unpack('!H', self.recvall(2))[0]
+
+ return (destaddr, destport)
def _make_proxy(self, connect_func, address):
- if self._proxy.type == ProxyType.SOCKS4:
- result = connect_func(self, (self._proxy.host, self._proxy_port))
- if result != 0 and result is not None:
- return result
- self._setup_socks4(address)
- elif self._proxy.type == ProxyType.SOCKS4A:
- result = connect_func(self, (self._proxy.host, self._proxy_port))
- if result != 0 and result is not None:
- return result
- self._setup_socks4(address, is_4a=True)
- elif self._proxy.type == ProxyType.SOCKS5:
- result = connect_func(self, (self._proxy.host, self._proxy_port))
- if result != 0 and result is not None:
- return result
- self._setup_socks5(address)
- else:
+ if not self._proxy:
return connect_func(self, address)
+ result = connect_func(self, (self._proxy.host, self._proxy.port))
+ if result != 0 and result is not None:
+ return result
+ setup_funcs = {
+ ProxyType.SOCKS4: self._setup_socks4,
+ ProxyType.SOCKS4A: self._setup_socks4a,
+ ProxyType.SOCKS5: self._setup_socks5,
+ }
+ setup_funcs[self._proxy.type](address)
+ return result
+
def connect(self, address):
- self._make_proxy(_orig_socket.connect, address)
+ self._make_proxy(socket.socket.connect, address)
def connect_ex(self, address):
- return self._make_proxy(_orig_socket.connect_ex, address)
+ return self._make_proxy(socket.socket.connect_ex, address)