it's been a 2 days i find "jSocks" library.
i tried so may to findout how i can code with this library.
i must say that documentation is very poor.
i don't want you to code for me, i just want a simple workflow.
here is my scenario:
1) i want to write 2 app, one for client and one for server.(it's simple client server proxy)
2) client app will listen to specific port on localhost (127.0.0.1) for incoming connection (for example browser request).
3) client app accept incoming connection from browser and create a socks socket between her and browser for send and recieve data.
4) client app create a socks socket between her and server app (server app hosted on web and listening to a port for incoming connection).
5) server app accept incoming connection and create a socks socket for Communicate.
6) server app recieve data ( may be browser request ), process it and connect to a remote web site(on internet).
7) server app recive data from web and send it to client app.
8) client app send the recived data to browser.
i create this app with java standard "Socket" & "ServerSocket" for http request without problem, now i want to write this program with socks socket for all request.
i tried every thing with jsocks without any success.
i need a workflow on how to work with jsocks for creating this app.
tnx.
#BGR
acording to your mentioned file (SOCKS.java) the simple line like below must work :
ServerAuthenticator auth = new ServerAuthenticatorNone();
ProxyServer pServer = new ProxyServer(auth);
pServer.setLog(System.out);
pServer.start(50352);
when i execute this, the log is : Starting SOCKS Proxy on:0.0.0.0:50352 (if i pass 127.0.0.1 as address to start() method, log is "Starting SOCKS Proxy on:127.0.0.1:50352 but the result is the same)
but when i redirect my browser request to this port nothing happens.
acually i'am not sure how the start(port) method works, because it's void.
when i use ServerSocket, accept() method it return me a Socket for communication.
but when i use start(port) nothing will return
I am not sure I full understand your request (a socks server is meant for proxying; it is constantly listening on a single port and forwards requests) but looking at this java file it seems reasonable easy to create a Socks proxy server using jsocks.
Once you proxy server is running, you create a java socket on your client using this constructor where you specify the location of your socks proxy server. You then connect to your remote server SocketAddress and
... that should be it.
You seem to have lot of redirections going on. Maybe you should chart a diagram of your flows and see where you need a Socks proxy server and why.
Related
I have server application which runs on local host and the client also runs on local host.
As of now I am using java.net.serversocket and any application which has the ip and port detail of server can listen to the port.
My requirement is to secure the ports or secure the communication between the server and client application such that only my application client (authorised) one can listen to the ports or connect to server application. The data sent to and from client and server also has to be secured.
Apologies if naming conventions are not correct. I have been searching for solution and couldn't get anything for this, all I got is how to connect and make application communicate using socket programming , but no where I got the answer as how to secure the communication.
What you need here is some sort of authentication method to authorise only your client to communicate with the server. If you are using an existing communication protocol then it might have a specification for authentication already. If you are using your own protocol then you'll have come up with your own design for authentication.
It could be as simple as the server issuing some sort of request for authentication to the client. The client would then have to provide a satisfactory response (eg a user/password) otherwise the server would close the connection.
I would recommend taking a look at how some other protocols (eg HTTP) handle authentication to get some insight and also understand potential pitfalls.
I am using embedded jetty and spring for java to java communication over http. My problem is that my server application must handle plain TCP messages also on the same port.
Is there a way to detect if a TCP message arrived which cannot be handled by the servlet?
Thanks for the answers I add some more details:
I cannot modify the client. The reason for this is that the old version of the client uses pure java tcp socket and it turned out that the new server must be backward compatible with the old client.
Have to use the same port
Old client messages are short serialized text over simple socket. 1: open connection, 2: send text, 3: close connection
My server looks something like this: http://kielczewski.eu/2013/11/using-embedded-jetty-spring-mvc/
I do not need to parse the message. It is enough to detect that a message was arrived which is not using http and get the source host name.
You might want to take a look at how to add a custom ConnectionFactory to the ServerConnector of your HTTP port.
This ConnectionFactory concept is how the PROXY Protocol is supported within Jetty currently.
In your case, you might have something like ...
MyTcpConnectionFactory tcpConnectionFactory = new MyTcpConnectionFactory();
ServerConnector http = new ServerConnector(server);
http.addFirstConnectionFactory(tcpConnectionFactory);
server.addConnector(http);
In your case, you would override the newConnection(Connector connector, EndPoint endPoint) method and implement the check for your TCP flow, or the HTTP flow.
If its your flow, you handle the communications on that connection yourself and then throw an IOException when you are done indicating that you don't want jetty to process that connection as HTTP.
Otherwise you return that Connection object to Jetty to process as HTTP.
You are in for a wild ride here my friend. You need to realize that HTTP IS TCP ... its just the content being sent on the TCP socket that classifies it as HTTP or not. That being said, you can intercept the Connection with a filter ie
1) create a filter (google Java Application Server Filters and check the Jetty implementation) for ALL incoming connections
2) check for URI on the request, if it fails, then the request is not HTTP (might want to double check on the request testing logic here)
3) Redirect the request to the appropriate Servlet / Function based on serial socket / http request
On another note, why not use https (port 443) for http and port 80 for your socket requirments ?
I stand corrected. Filters wont work.
In that case, you will have to code a mini firewall. you have to scan all inputs for https headers and redirect accordingly. Can you at least provide some context on the plain TCP messages you want to receive? do you have any control over the sending code ? you do know you can upgrade a TCP/HTTP connection to a websocket (involves client and server) and it will work even better than plain TCP, same port connections, and comes built in Jetty so no custom boiler plates, just a websocket servlet
My node app is up and running (listening). It is in essence a bunch of rest api handlers.
I am sending http requests from my test java client using general java codes (Apache httprequest and httpclient to execute the simple http commands).
The thing is the java http client side instantly gets an IO exception after send the request to the app. Saying " org.apache.http.conn.HttpHostConnectException: Connection to http://xxxxxxx.herokuapp.com:38084 refused"
Is there any thing i missed so as to make http calls from a java client?
thanks.
You are never supposed to connect to any port other than 80 or 443 when connecting to foo.herokuapp.com. Granted, your app listens on some port (given by the PORT environment variable), but you still need to connect to port 80 (for http).
You are not connecting directly to your dyno(s), bur rather to a Heroku gateway. Heroku's gateway will do the routing (from the gateway to your application) and port forwarding for you.
I would recommend using curl to try to replicate the connection problem. If it works correctly with curl (or for that matter, in your browser), than you know you have a Java client issue.
I have a Client and a Server Application. Between the Client and the Server I have a Proxy.
When the Client opens the Socket with new Socket(ip,port) it is supposed to connect to the Proxy. It is doing that without any Problem.
Now I want the Proxy to connect to the Server, but the Server is supposed to think, that it is the Client which connects to him.
Any ideas on how I can do that?
Well, it depends on how you are connecting to the server. Is it just a plain socket? If so, it will be hard, at least via normal Socket API, at the end the Proxy is who is connecting to the server...
IF you are accepting http requests, then, depending on the proxy server, you will probably get a header X-Forwarded-For which will have the real IP Address that connected to the proxy.
I have something like a proxy server (written in java) running between my clients and the actual video server (made in c++). Everything the clients send goes through this proxy and is then redirected to the server.
It is working fine, but I have some issues and think it would be better if I could make this proxy server only to listen to the clients requests and then somehow tell the server that a request has been made from the client side, and that it is supposed to create a connection with the client directly.
Basically in the TCP level what I want to happen is something like this:
1- whenever a client sends a SYN to my proxy, the proxy just sends a message to the real server telling the ip and port of the client.
2- The server would then send the corresponding SYN-ACK to the specified client creating a direct connection between client and server.
The proxy would then be just relaying the initial requests (but not the later data transfer) to the actual server. I just don't know if that is possible.
Thank you very much
Nelson R. Perez
That's very much the way some games (and Fog Creek CoPilot) do it, but it requires support on both the server and the client. Basically the proxy has to say to the client and server "try communicating with the directly on this ip and this port" and if they can't get through (because one or both is behind a NAT or firewall), they fall back to going through the proxy.
I found this good description of "peer to peer tcp hole punching" at http://www.brynosaurus.com/pub/net/p2pnat/
Does the proxy and server lives on the same machine? If so, you can pass the connection to the server using Socket Transfer or File Descriptor Passing. You can find examples in C here,
http://www.wsinnovations.com/softeng/articles/uds.html
If they are on the different machines, there is no way to pass connection to the server. However, it's possible to proxy the IP packets to server using VIP (Virtual IP). This is below socket so you have to use Link layer interface, like DLPI.
You don't have control of TCP handshake in userland like that. This is what firewalls/routers do but it all happens in the kernel. Take a look at the firewalling software for your platform - you might not even have to code anything.