SOCKS Wrapper, Compatibility Improvements, and PyLoris 3.2
Almost a year and a half ago, I wrote a program called PyLoris. Inspired by a proof of concept tool written by RSnake, PyLoris demonstrated the efficacy of connection exhaustion as a vehicle for a denial of service attack. While the initial release of the tool was buggy and featureless, I began to imagine new ways to augment the attack, improving its ability to work unimpeded. SOCKS support was one of the improvements. By coupling PyLoris with SOCKS, the attack signature could become obfuscated, split across many different machines in geographically disparate locations, making mitigation a nightmare.
The SOCKS library I worked with was SocksiPy. Originally created by Dan Haim and released under the BSD license, it was the perfect tool to help my demonstrate the real dangers of PyLoris. As my work with PyLoris continued--and its popularity grew--SocksiPy started having issues. After repeated attempts to contact Dan I gave up on having the module fixed for me, and implemented a number of sloppy fixes and hacks to get SocksiPy to work for me. Enter Mario Vilas.
Mario Vilas contacted me in May with regards to a bug I submitted on SocksiPy's bug tracker. Mario (the author of WinAppDbg) had created a branch of the SocksiPy module in order to correct many of the problems that users were reporting. With my permission, he incorporated my changes into his branch of the module, and if I had done my job right, the story would end there...
Unfortunately, I didn't do my job right, and the changes I implemented were the source of a number of issues which lead to the module becoming generally unusable. After receiving hate mail and numerous complaints on SourceForge.net, I set out to fix the errors I introduced, patch the original bugs in the code, make the module cross version compatible, and add wrapper functionality to make up for my bad karma.
The SocksiPy module is now completely compatible with all versions of Python >= 2.4, including Python 3 and up. This involved a lot of changes in the way the code represented constants. Originally, binary control data was stored as string constants inline. Sadly, Python 3 changed the default string type to UTF-8, and required that binary strings be declared/defined of type byte. Further, the byte type did not exist before Python 2.6, meaning any solution that would for all versions of Python couldn't use either byte strings or escaped hex strings. To make things even harder, the older versions of Python use strings for socket operations, while the newer versions used byte arrays. The work around for this was some clever usage of struct.pack(), chr(), ord(), and encode(). The diff for this modification alters one out of every two lines.
In addition to supporting all common versions of Python, SocksiPy can now wrap all common internet connected Python modules. With three simple lines of code, any standard Python module can now communicate through a SOCKS proxy. Yes, you can now route telnetlib over an SSH connection, tunnel ftplib through TOR, and pass urllib2 through Proximitron. To use this feature, you merely follow these three simple steps and your module will route connections over SOCKS:
- Load the SocksiPy module
- Set a default proxy for SocksiPy
- Wrap the desired module
With that out of the way, I would like to announce the release of PyLoris 3.2: now with a functional SOCKS library! As always, you can download it from the PyLoris project page on SourceForge.net.
Cheers,
Motoma
comments powered by Disqus