定制 clue/socks 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

clue/socks

Composer 安装命令:

composer require clue/socks

包简介

Async SOCKS proxy client and server (SOCKS4, SOCKS4a and SOCKS5)

README 文档

README

This repository is currently in the process of being split up into a simple blocking client implementation and an async non-blocking client and server implementation. See issue #2 for details.

  • If you're already using this library in legacy v0.4, consider upgrading to clue/socks-react. Upgrading should take no longer than 10 minutes, see the CHANGELOG.md for details.

  • If you're looking for an async non-blocking client and server implementation, head over to clue/socks-react.

  • If you're looking for the simple blocking client implementation, your best bet is to wait for issue #2 to be completed. Feel like contributing? :)

The following description applies to legacy v0.4, which has already been migrated to clue/socks-react.

clue/socks - SOCKS client and server Build Status

Async SOCKS client library to connect to SOCKS4, SOCKS4a and SOCKS5 proxy servers, as well as a SOCKS server implementation, capable of handling multiple concurrent connections in a non-blocking fashion.

Description

The SOCKS protocol family can be used to easily tunnel TCP connections independent of the actual application level protocol, such as HTTP, SMTP, IMAP, Telnet, etc.

Quickstart examples

Once installed, initialize a connection to a remote SOCKS proxy server:

<?php
include_once __DIR__.'/vendor/autoload.php';

$loop = React\EventLoop\Factory::create();

// use google's dns servers
$dnsResolverFactory = new React\Dns\Resolver\Factory();
$dns = $dnsResolverFactory->createCached('8.8.8.8', $loop);

// create SOCKS client which communicates with SOCKS server 127.0.0.1:9050
$factory = new Socks\Factory($loop, $dns);
$client = $factory->createClient('127.0.0.1', 9050);

// now work with your $client, see below

$loop->run();

Tunnelled TCP connections

The Socks/Client uses a Promise-based interface which makes working with asynchronous functions a breeze. Let's open up a TCP Stream connection and write some data:

$tcp = $client->createConnector();

$tcp->create('www.google.com',80)->then(function (React\Stream\Stream $stream) {
    echo 'connected to www.google.com:80';
    $stream->write("GET / HTTP/1.0\r\n\r\n");
    // ...
});

HTTP requests

Or if all you want to do is HTTP requests, Socks/Client provides an even simpler HTTP client interface:

$httpclient = $client->createHttpClient();

$request = $httpclient->request('GET', 'https://www.google.com/', array('user-agent'=>'Custom/1.0'));
$request->on('response', function (React\HttpClient\Response $response) {
    var_dump('Headers received:', $response->getHeaders());
    
    // dump whole response body
    $response->on('data', function ($data) {
        echo $data;
    });
});
$request->end();

Yes, this works for both plain HTTP and SSL encrypted HTTPS requests.

SSL/TLS encrypted

If you want to connect to arbitrary SSL/TLS servers, there sure too is an easy to use API available:

$ssl = $client->createSecureConnector();

// now create an SSL encrypted connection (notice the $ssl instead of $tcp)
$ssl->create('www.google.com',443)->then(function (React\Stream\Stream $stream) {
    // proceed with just the plain text data and everything is encrypted/decrypted automatically
    echo 'connected to SSL encrypted www.google.com';
    $stream->write("GET / HTTP/1.0\r\n\r\n");
    // ...
});

SOCKS Protocol versions & differences

While SOCKS4 already had (a somewhat limited) support for SOCKS BIND requests and SOCKS5 added generic UDP support (SOCKS UDPASSOCIATE), this library focuses on the most commonly used core feature of SOCKS CONNECT. In this mode, a SOCKS server acts as a generic proxy allowing higher level application protocols to work through it.

SOCKS4 SOCKS4a SOCKS5
Protocol specification SOCKS4.protocol SOCKS4A.protocol RFC 1928
Tunnel outgoing TCP connections
Remote DNS resolving
IPv6 addresses
Username/Password authentication ✓ (as per RFC 1929)
Handshake # roundtrips 1 1 2 (3 with authentication)
Handshake traffic
+ remote DNS
17 bytes
17 bytes
+ hostname + 1
variable (+ auth + IPv6)
+ hostname - 3

Note, this is not a full SOCKS5 implementation due to missing GSSAPI authentication (but it's unlikely you're going to miss it anyway).

Explicitly setting protocol version

This library supports the SOCKS4, SOCKS4a and SOCKS5 protocol versions. Usually, there's no need to worry about which protocol version is being used. Depending on which features you use (e.g. remote DNS resolving and authentication), the Socks/Client automatically uses the best protocol available. In general this library automatically switches to higher protocol versions when needed, but tries to keep things simple otherwise and sticks to lower protocol versions when possible. The Socks/Server supports all protocol versions by default.

If want to explicitly set the protocol version, use the supported values 4, 4a or 5:

// valid protocol versions:
$client->setProtocolVersion('4a');
$server->setProtocolVersion(5);

In order to reset the protocol version to its default (i.e. automatic detection), use null as protocol version.

$client->setProtocolVersion(null);
$server->setProtocolVersion(null);

Remote vs. local DNS resolving

By default, the Socks/Client uses local DNS resolving to resolve target hostnames into IP addresses and only transmits the resulting target IP to the socks server.

Resolving locally usually results in better performance as for each outgoing request both resolving the hostname and initializing the connection to the SOCKS server can be done simultanously. So by the time the SOCKS connection is established (requires a TCP handshake for each connection), the target hostname will likely already be resolved ( usually either already cached or requires a simple DNS query via UDP).

You may want to switch to remote DNS resolving if your local Socks/Client either can not resolve target hostnames because it has no direct access to the internet or if it should not resolve target hostnames because its outgoing DNS traffic might be intercepted (in particular when using the Tor network).

Local DNS resolving is available in all SOCKS protocol versions. Remote DNS resolving is only available for SOCKS4a and SOCKS5 (i.e. it is NOT available for SOCKS4).

Valid values are boolean true(default) or false.

$client->setResolveLocal(false);

Username / Password authentication

This library supports username/password authentication for SOCKS5 servers as defined in RFC 1929.

On the client side, simply set your username and password to use for authentication (see below). For each further connection the client will merely send a flag to the server indicating authentication information is available. Only if the server requests authentication during the initial handshake, the actual authentication credentials will be transmitted to the server.

Note that the password is transmitted in cleartext to the SOCKS proxy server, so this methods should not be used on a network where you have to worry about eavesdropping. Authentication is only supported by protocol version 5 (SOCKS5), so setting authentication on the Socks/Client enforces communication with protocol version 5 and complains if you have explicitly set anything else.

$client->setAuth('username', 'password');

Setting authentication on the Socks/Server enforces each further connected client to use protocol version 5. If a client tries to use any other protocol version, does not send along authentication details or if authentication details can not be verified, the connection will be rejected.

Because your authentication mechanism might take some time to actually check the provided authentication credentials (like querying a remote database or webservice), the server side uses a Promise based interface. While this might seem complex at first, it actually provides a very simple way to handle simultanous connections in a non-blocking fashion and increases overall performance.

$server->setAuth(function ($username, $password) {
    // either return a boolean success value right away or use promises for delayed authentication
});

Or if you only accept static authentication details, you can use the simple array-based authentication method as a shortcut:

$server->setAuthArray(array(
    'tom' => 'password',
    'admin' => 'root'
));

If you do not want to use authentication anymore:

$client->unsetAuth();
$server->unsetAuth();

Usage

Using SSH as a SOCKS server

If you already have an SSH server set up, you can easily use it as a SOCKS tunnel end point. On your client, simply start your SSH client and use the -D [port] option to start a local SOCKS server (quoting the man page: a local "dynamic" application-level port forwarding) by issuing:

$ ssh -D 9050 ssh-server

$client = $factory->createClient('127.0.0.1', 9050);

Using the Tor (anonymity network) to tunnel SOCKS connections

The Tor anonymity network client software is designed to encrypt your traffic and route it over a network of several nodes to conceal its origin. It presents a SOCKS4 and SOCKS5 interface on TCP port 9050 by default which allows you to tunnel any traffic through the anonymity network. In most scenarios you probably don't want your client to resolve the target hostnames, because you would leak DNS information to anybody observing your local traffic. Also, Tor provides hidden services through an .onion pseudo top-level domain which have to be resolved by Tor.

$client = $factory->createClient('127.0.0.1', 9050);
$client->setResolveLocal(false);

Install

The recommended way to install this library is through composer. New to composer?

{
    "require": {
        "clue/Socks": "0.4.*"
    }
}

License

MIT, see license.txt

clue/socks 适用场景与选型建议

clue/socks 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.08k 次下载、GitHub Stars 达 61, 最近一次更新时间为 2012 年 12 月 22 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「async」 「react」 「socks client」 「socks server」 「tcp tunnel」 「socks protocol」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 clue/socks 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 clue/socks 我们能提供哪些服务?
定制开发 / 二次开发

基于 clue/socks 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.08k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 61
  • 点击次数: 21
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 61
  • Watchers: 14
  • Forks: 11
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2012-12-22