Join Log in
Score:2
CAMOBAP avatar Server

Prove that software works via SOCKS

za flag
CAMOBAP

Intro

I have ruby software that utilizes a network during its execution.

Recently I got feedback from a user who works behind a firewall and use SOCKS, this software doesn't work for him

So I need to simulate this situation to check which part of my software doesn't respect HTTP_PROXY environment variables

What I have tried

I tried to simulate this firewall with iptables (inside docker):


apt-get update -y
apt-get install iptables

export SOCKS5_PROXY_HOST=xxx.xxx.xxx.xxx[1]
export SOCKS5_PROXY_PORT=ppp

iptables -A INPUT -s $SOCKS5_PROXY_HOST -j ACCEPT
iptables -A OUTPUT -d $SOCKS5_PROXY_HOST -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

env HTTP_PROXY=$SOCKS5_PROXY_HOST:$SOCKS5_PROXY_PORT ruby my_script.rb

Problem

For some reason, this approach doesn't work and I getting:

  • Proxy CONNECT aborted or
  • Failed to connect to xxx.xxx.xxx.xxx port pppp: Connection timed out

Notes:

  • [1] I've used IP address (not domain name) for SOCKS proxy
  • [2] I've used different random public SOCKS proxies before applying iptable rules they all were reachable
  • [3] Ruby Open-URI API respect HTTP_PROXY environment variables https://ruby-doc.org/stdlib-2.6.3/libdoc/open-uri/rdoc/OpenURI.html, but maybe some third-party code doesn't.

Questions

  1. Is that an acceptable approach: trying to "simulate" firewall with iptables?
  2. What this problem may appear is it something SOCKS specific, or misconfiguration in my iptables?
  3. Maybe there is a better approach to achieve the same goal: test software to be working through SOCKS proxy only, without 'direct' connections?
49
1 + 4
Michael Hampton avatar
cz flag
Michael Hampton
It sounds like you have not written support for SOCKS into your program. This is not something we can help with.
0
Reply
CAMOBAP avatar
za flag
CAMOBAP
@MichaelHampton thanks for the reply. Actually, Ruby respect `HTTP[S]_PROXY` environment variables https://ruby-doc.org/stdlib-2.6.3/libdoc/open-uri/rdoc/OpenURI.html. And the ruby script definitely tries to connect to SOCKS proxy because in the error message I see the IP of the proxy. I have an assumption that maybe `iptables`'s rules too restrictive
1
Reply
Michael Hampton avatar
cz flag
Michael Hampton
HTTP(S) proxies are completely different to SOCKS proxies. The protocol is completely different so they cannot be interchanged. It requires special support in your program to connect via SOCKS, e.g. via [SOCKSSocket class](https://ruby-doc.org/stdlib-2.6.3/libdoc/socket/rdoc/SOCKSSocket.html).
2
Reply
CAMOBAP avatar
za flag
CAMOBAP
@MichaelHampton thanks for the answer, I didn't know that. if you will write an answer I will approve it. Thanks
0
Reply
Score:1
CAMOBAP avatar Server
za flag
CAMOBAP

Thanks a lot @michael-hampton for comments.

Short answers to my own questions:

  1. This approach works perfectly
  2. Issue on ruby side HTTP_PROXY accepts only HTTP[S] proxies (it doesn't handle SOCKS proxy as curl does)
  3. Probably iptable the simplest one

More details related to programming:

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.