rework to support remote R:socks syntax

Author: aus

client/client.go

@@ -4,17 +4,14 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
-	"log"
 	"net/http"
 	"net/url"
-	"os"
 	"regexp"
 	"strings"
 	"time"
 
-	socks5 "github.com/armon/go-socks5"
+	"github.com/armon/go-socks5"
 	"github.com/gorilla/websocket"
 	"github.com/jpillora/backoff"
 	"github.com/jpillora/chisel/share"
@@ -33,7 +30,6 @@ type Config struct {
 	HTTPProxy        string
 	Remotes          []string
 	HostHeader       string
-	Socks5           bool
 }
 
 //Client represents a client instance
@@ -74,11 +70,15 @@ func NewClient(config *Config) (*Client, error) {
 	//swap to websockets scheme
 	u.Scheme = strings.Replace(u.Scheme, "http", "ws", 1)
 	shared := &chshare.Config{}
+	createSocksServer := false
 	for _, s := range config.Remotes {
 		r, err := chshare.DecodeRemote(s)
 		if err != nil {
 			return nil, fmt.Errorf("Failed to decode remote '%s': %s", s, err)
 		}
+		if r.Socks && r.Reverse {
+			createSocksServer = true
+		}
 		shared.Remotes = append(shared.Remotes, r)
 	}
 	config.shared = shared
@@ -108,18 +108,12 @@ func NewClient(config *Config) (*Client, error) {
 		Timeout:         30 * time.Second,
 	}
 
-	if config.Socks5 {
+	if createSocksServer {
 		socksConfig := &socks5.Config{}
-		if client.Debug {
-			socksConfig.Logger = log.New(os.Stdout, "[client socks]", log.Ldate|log.Ltime)
-		} else {
-			socksConfig.Logger = log.New(ioutil.Discard, "", 0)
-		}
 		client.socksServer, err = socks5.New(socksConfig)
 		if err != nil {
 			return nil, err
 		}
-		client.Infof("client-side SOCKS5 server enabled")
 	}
 
 	return client, nil
@@ -161,10 +155,6 @@ func (c *Client) Start(ctx context.Context) error {
 			}
 		}
 	}
-	// start socks server
-	if c.socksServer != nil {
-		go c.socksServer.ListenAndServe("tcp", "127.0.0.1:1081")
-	}
 	c.Infof("Connecting to %s%s\n", c.server, via)
 	//optional keepalive loop
 	if c.config.KeepAlive > 0 {
@@ -296,13 +286,19 @@ func (c *Client) Close() error {
 func (c *Client) connectStreams(chans <-chan ssh.NewChannel) {
 	for ch := range chans {
 		remote := string(ch.ExtraData())
+		socks := remote == "socks"
 		stream, reqs, err := ch.Accept()
 		if err != nil {
 			c.Debugf("Failed to accept stream: %s", err)
 			continue
 		}
 		go ssh.DiscardRequests(reqs)
 		l := c.Logger.Fork("conn#%d", c.connStats.New())
-		go chshare.HandleTCPStream(l, &c.connStats, stream, remote)
+		if socks {
+			go chshare.HandleSocksStream(l, c.socksServer, &c.connStats, stream)
+		} else {
+			go chshare.HandleTCPStream(l, &c.connStats, stream, remote)
+		}
+
 	}
 }

main.go

@@ -124,7 +124,7 @@ var serverHelp = `
     chisel receives a normal HTTP request. Useful for hiding chisel in
     plain sight.
 
-    --socks5, Allow clients to access the server-outbound SOCKS5 proxy. See
+    --socks5, Allow clients to access the internal SOCKS5 proxy. See
     chisel client --help for more information.
 
     --reverse, Allow clients to specify reverse port forwarding remotes
@@ -266,12 +266,6 @@ var clientHelp = `
 
     --hostname, Optionally set the 'Host' header (defaults to the host
     found in the server url).
-
-    --socks5, Start a client-outbound SOCKS5 server on 127.0.0.1:1081.
-    Combine this option with a reverse port forward remote to expose the
-    client network to the chisel server. For example, the following
-    remote R:127.0.0.1:5000:127.0.0.1:1081 would allow the sever to
-    access the client network via socks5://127.0.0.1:5000.
 ` + commonHelp
 
 func client(args []string) {
@@ -286,7 +280,6 @@ func client(args []string) {
 	proxy := flags.String("proxy", "", "")
 	pid := flags.Bool("pid", false, "")
 	hostname := flags.String("hostname", "", "")
-	socks5 := flags.Bool("socks5", false, "")
 	verbose := flags.Bool("v", false, "")
 	flags.Usage = func() {
 		fmt.Print(clientHelp)
@@ -311,7 +304,6 @@ func client(args []string) {
 		Server:           args[0],
 		Remotes:          args[1:],
 		HostHeader:       *hostname,
-		Socks5:           *socks5,
 	})
 	if err != nil {
 		log.Fatal(err)

server/handler.go

@@ -2,7 +2,6 @@ package chserver
 
 import (
 	"context"
-	"io"
 	"net/http"
 	"strings"
 	"sync/atomic"
@@ -179,22 +178,9 @@ func (s *Server) handleSSHChannels(clientLog *chshare.Logger, chans <-chan ssh.N
 		//handle stream type
 		connID := s.connStats.New()
 		if socks {
-			go s.handleSocksStream(clientLog.Fork("socksconn#%d", connID), stream)
+			go chshare.HandleSocksStream(clientLog.Fork("socksconn#%d", connID), s.socksServer, &s.connStats, stream)
 		} else {
 			go chshare.HandleTCPStream(clientLog.Fork("conn#%d", connID), &s.connStats, stream, remote)
 		}
 	}
 }
-
-func (s *Server) handleSocksStream(l *chshare.Logger, src io.ReadWriteCloser) {
-	conn := chshare.NewRWCConn(src)
-	s.connStats.Open()
-	l.Debugf("%s Opening", s.connStats)
-	err := s.socksServer.ServeConn(conn)
-	s.connStats.Close()
-	if err != nil && !strings.HasSuffix(err.Error(), "EOF") {
-		l.Debugf("%s: Closed (error: %s)", s.connStats, err)
-	} else {
-		l.Debugf("%s: Closed", s.connStats)
-	}
-}

share/remote.go

@@ -43,11 +43,6 @@ func DecodeRemote(s string) (*Remote, error) {
 		p := parts[i]
 		//last part "socks"?
 		if i == len(parts)-1 && p == "socks" {
-			if reverse {
-				// TODO allow reverse+socks by having client
-				// automatically start local SOCKS5 server
-				return nil, errors.New("'socks' incompatible with reverse port forwarding")
-			}
 			r.Socks = true
 			continue
 		}

share/ssh.go

@@ -12,6 +12,7 @@ import (
 	"net"
 	"strings"
 
+	"github.com/armon/go-socks5"
 	"github.com/jpillora/sizestr"
 	"golang.org/x/crypto/ssh"
 )
@@ -56,3 +57,17 @@ func HandleTCPStream(l *Logger, connStats *ConnStats, src io.ReadWriteCloser, re
 	connStats.Close()
 	l.Debugf("%s: Close (sent %s received %s)", connStats, sizestr.ToString(s), sizestr.ToString(r))
 }
+
+func HandleSocksStream(l *Logger, server *socks5.Server, connStats *ConnStats, src io.ReadWriteCloser) {
+	conn := NewRWCConn(src)
+	connStats.Open()
+	l.Debugf("%s Opening", connStats)
+	err := server.ServeConn(conn)
+	connStats.Close()
+
+	if err != nil && !strings.HasSuffix(err.Error(), "EOF") {
+		l.Debugf("%s: Closed (error: %s)", connStats, err)
+	} else {
+		l.Debugf("%s: Closed", connStats)
+	}
+}