Building a proxy chain using graftcp
Using chains of proxy servers allows you to bypass various restrictions when accessing network resources. For proxying, SOCKS or HTTP proxies are usually used. The SOCKS session layer network protocol allows packets to be sent from a client to a server through a proxy server transparently (unbeknownst to them) and thus use services behind firewalls.
Clients behind a firewall that need to access external servers can be connected to a SOCKS proxy server. This proxy server allows the client to connect to external resources. SOCKS can also be used in the opposite way, by managing the rights of external clients when connecting to internal servers behind a firewall.
Unlike HTTP proxy servers, SOCKS transfers all the data from the client without adding anything of its own, that is, from the point of view of the end server, the data it receives from the SOCKS proxy is identical to the data that the client would transfer directly, without proxying. SOCKS is more universal; it does not depend on specific application-level protocols and operates at the level of TCP connections. But the HTTP proxy caches data and can more carefully filter the content of the transmitted data.
Thus, we can use both SOCKS and HTTP proxies to bypass network restrictions.
Duty disclaimer: The information presented in this article is for informational purposes only. The author does not bear any responsibility for the use of these materials for illegal purposes.
graftcp utility
There are many different tools available for traffic redirection and proxying. The graftcp utility can redirect a TCP connection established by a client program (browser, application, script, shell, etc.) to a SOCKS5 or HTTP proxy.
Unlike other similar utilities, such as tsocks or proxychains, graftcp does not interact with the LD_PRELOAD environment variable, which allows your library to be loaded before the others are loaded. However, this trick only works for dynamically linked programs, and for example, applications built with Go cannot be connected using proxychains-ng. The graftcp utility does not have these drawbacks and can monitor or change the connection of any specific program using the ptrace system call, so it can be used in conjunction with any client application.
Principle of operation
So, our main goal is to redirect the application's TCP connection to another destination address, which the application itself does not know about, that is, transparently to the client.
We can do this by launching a new process and monitoring its launch using the ptrace and execve system calls. While the application is running, it will make connect system calls, each of which will be intercepted and the destination address argument will be extracted from it and passed to graftcp-local via pipe.
Next, graftcp-local will change the destination address argument in the connect parameter to the desired address and restart the stopped system call. Upon successful completion of the system call, the application will believe that it has successfully connected to the original destination address, but in fact it is connected to the address substituted by graftcp-local.
Next, graftcp-local establishes a connection to SOCKS5 based on the application's source destination address information, then forwards requests from the application to the SOCKS5 proxy.
It may seem easier to change the destination address information directly in the data buffer. However, this may actually lead to a buffer overflow during modification. And furthermore, since the execve system call detaches and unmounts all shared memory, we also cannot add additional data to the monitored application's write buffer using shared memory, so we send the source destination address via pipe.
Having more or less understood how the graftcp-local utility works, let’s look at its installation and configuration for use.
Installation
First of all, we need Go installed. If you do not have it installed yet, follow these steps:
sudo apt update
sudo apt install golang-go
Next, you can proceed to installing the proxy tool itself:
git clone https://github.com/hmgle/graftcp.git
cd graftcp
make
Once the installation is complete, you will be able to use the local/graftcp-local and ./graftcp tools. If desired, they can also be added to the system boot:
sudo make install
# Install systemed unit
sudo make install_systemd
# Activate systemd service
sudo make enable_systemd
In case of installation problems, you can also install from ready-made binaries that can be downloaded from the project repository https://github.com/hmgle/graftcp/releases.
Settings
Our main tools will be the graftcp, graftcp-local and mgraftcp utilities. They look for configuration files specified as an argument with the –config option. Also, we can specify $(path to the executable file)/graftcp-local.conf or /etc/graftcp-local/graftcp-local.conf. Examples of configuration files can be found in the directory where the utility is installed.
Let's assume you are using a SOCKS5 proxy with the default IP address: “localhost:1080”. First run graftcp-local:
local/graftcp-local
Next, install the Go package
./graftcp go get -v golang.org/x/net/proxy
Next, open a browser via graftcp and all requests from that browser will be redirected to the SOCKS5 proxy:
./graftcp chromium-browser
You can also use Bash to connect via proxy:
% ./graftcp bash
$ wget https://www.google.com
Conclusion
In this short article, we showed how, using the graftcp utility and simple manipulations, you can build a chain of proxies to bypass firewalls.
You can get more practical information security skills as part of practical online courses from industry experts.
![Evolution of Logging and Enrichment Needs [Оголяемся технологически. MaxPatrol SIEM]](https://prog.world/wp-content/uploads/2024/07/14fcbc01c0e4a720bdcc58a6ade6a685-768x433.png)
