在通过Socks5代理中进行异步TCP扫描时出现了误报。

huangapple go评论85阅读模式
英文:

False positives during asynchronous TCP scanning through the Socks5 Proxy relay

问题

我正在学习golang,并希望使用SOCKS5代理作为中继进行大规模扫描,构建一个TCP端口扫描器。

尽管在每次目标扫描时都会检查所有的S5代理,但有时会出现一些误报,我找不到原因。

准备代理拨号器:

func create_socks5_tcp_dialer(socks5_addr string) proxy.Dialer {
    //socks5_dialer_tcp, err := proxy.SOCKS5("tcp", socks5_addr, nil, proxy.Direct)
    socks5_dialer_tcp, err := proxy.SOCKS5("tcp", socks5_addr, nil, &net.Dialer{Timeout: 5 * time.Second, KeepAlive: 5 * time.Second})
    if err != nil {
        fmt.Println("连接代理时出错:", err)
    }
    return socks5_dialer_tcp
}

验证socks5地址:

func socks5_validator(socks5_addr, vps_opened, vps_closed string) (bool, string) {
    /*  检查SOCKS5代理是否有效。
        1. 使用代理连接到我控制的服务器上的开放端口。
        2. 使用代理连接到我控制的服务器上的关闭端口。
           - 如果两个检查都为真,则认为SOCKS5代理有效。
           - 如果其中一个检查为假,则认为SOCKS5代理无效。
        3. 返回true/false和s5_addr。
    */
    // 创建SOCKS5拨号器
    socks5_dialer_tcp := create_socks5_tcp_dialer(socks5_addr)
    // 使用SOCKS5代理连接到vps上的开放端口
    conn_1, err := socks5_dialer_tcp.Dial("tcp", vps_opened)
    // 如果成功且没有生成任何错误,则通过检查1
    if err == nil {
        //fmt.Println("检查1:通过")
        conn_1.Close()
        // 如果生成了错误,则检查未通过,不进行检查2
    } else {
        //fmt.Println("检查1:未通过")
        return false, socks5_addr
    }
    // 使用SOCKS5代理连接到vps上的关闭端口
    conn_2, err := socks5_dialer_tcp.Dial("tcp", vps_closed)
    // 如果不成功且生成了错误,则通过检查2
    if err != nil {
        //fmt.Println("检查2:通过")
        // 如果两个检查都通过,则返回false
        return true, socks5_addr
        // 如果没有生成错误,则检查2未通过
    } else {
        //fmt.Println("检查2:未通过")
        conn_2.Close()
        return false, socks5_addr
    }
}

端口扫描:

s5_dialer_tcp := create_socks5_tcp_dialer(socks5_addr)
// 使用s5扫描目标
conn, err := s5_dialer_tcp.Dial("tcp", target)
if err != nil {
    // 开放
} else {
    // 关闭
}

我的问题是:
我是否正确地通过SOCKS5代理扫描TCP服务,并且是否正确验证了该代理?

完整代码链接:
https://github.com/Karmaz95/crimson_prober

英文:

I am learning golang and wanted to build a TCP port scanner with SOCKS5 proxies as a relay for mass scanning.

Although all of the S5 proxies are being checked for every target scan, sometimes there are some False positives - and I cannot find the reason why.

Preparing proxyDialer:

func create_socks5_tcp_dialer(socks5_addr string) proxy.Dialer {
	//socks5_dialer_tcp, err := proxy.SOCKS5("tcp", socks5_addr, nil, proxy.Direct)
	socks5_dialer_tcp, err := proxy.SOCKS5("tcp", socks5_addr, nil, &net.Dialer{Timeout: 5 * time.Second, KeepAlive: 5 * time.Second})
	if err != nil {
		fmt.Println("Error connecting to proxy:", err)
	}
	return socks5_dialer_tcp
}

Validating socks5 address:

func socks5_validator(socks5_addr, vps_opened, vps_closed string) (bool, string) {
	/* 	Check if SOCKS5 proxy is valid.
	   	1. Connect to the open port on the server under my control using proxy.
	   	2. Connect to the closed port on the server under my control using proxy.
	   		- If both checks are true then, SOCKS5 proxy is considered as valid.
	   		- If one of the check is false, SOCKS5 proxy is considered as invalid.
	   	3. Returns true/false and s5_addr.
	*/
	// Create SOCKS5 dialer
	socks5_dialer_tcp := create_socks5_tcp_dialer(socks5_addr)
	// Make connection using SOCKS5 proxy to the opened port on the vps.
	conn_1, err := socks5_dialer_tcp.Dial("tcp", vps_opened)
	// If it was successful and not generate any error then check1 is passed.
	if err == nil {
		//fmt.Println("CHECK 1: PASSED")
		conn_1.Close()
		// If error was generated then check is not passed and do not make check2.
	} else {
		//fmt.Println("CHECK 1: NOT PASSED")
		return false, socks5_addr
	}
	// Make connection using SOCKS5 proxy to the closed port on the vps.
	conn_2, err := socks5_dialer_tcp.Dial("tcp", vps_closed)
	// If it was unsuccessful and error was generated then check2 is passed.
	if err != nil {
		//fmt.Println("CHECK 2: PASSED")
		// If both checks were passed then return false.
		return true, socks5_addr
		// If error was not generated then check2 is not passed.
	} else {
		//fmt.Println("CHECK 2: NOT PASSED")
		conn_2.Close()
		return false, socks5_addr
	}
}

Port scanning

s5_dialer_tcp := create_socks5_tcp_dialer(socks5_addr)
			// Scan target using s5
			conn, err := s5_dialer_tcp.Dial("tcp", target)
			if err != nil {
                //open
            } else {
                //closed
            }

My question is:
Do I correctly scan TCP services through the SOCKS5 proxy and do I validate this proxy properly?

Link to the full code:
https://github.com/Karmaz95/crimson_prober

答案1

得分: 3

我不认为这些是真正的误报。相反,你对这些代理的工作方式有错误的假设:你假设如果在特定的时间,对特定服务器上的特定端口进行了一次连接成功和一次连接失败的检查,那么这个代理就可以可靠地用来检查许多任意的端口、任意的服务器和任意的时间。

这个假设可能是无效的,特别是考虑到你似乎使用的是你无法控制的代理。

这些代理的常见行为是提供有限的访问权限,即常见的端口如HTTP和HTTPS可以正常工作,而其他端口将被阻止。代理还可能采用速率限制,所以在一段时间后它们将简单地拒绝通过代理的访问。而某些列表中提供的免费代理经常在一段时间后停止工作。

英文:

I don't think that these are actual false positives. Instead you are having the wrong assumptions of how these proxies will work: You assume that if the single check for a specific port open (connect success) and a specific port closed (connect failure) on a specific server at a specific time succeeds, then the proxy can be used to reliably check many arbitrary ports on arbitrary servers at arbitrary times.

This assumption is likely not valid, especially given that you seem to use proxies which are outside of your control.

A common behavior of such proxies is that they provide only restricted access, i.e. common ports like HTTP and HTTPS will work while other ports will be blocked. Proxies might also employ rate limiting, so they will simply deny access through the proxy after a while. And free proxies available in some lists often cease to work after a while.

huangapple
  • 本文由 发表于 2022年1月31日 07:43:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/70919958.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定