Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/yiyuezhuo/xisocks2
- Version published
- Created
Yet another toy proxy
Yet another toy proxy which provide authentication and removing verbose handshake procedure as much as possible, compared to previous version.
Protocol
This protocol is inspired by v2ray and trojan.
All socks5/https handshake will be treated successed to accelerate transport. When proxed app such as browser, client start a TLS connection to connect remote server outside GFW. When TLS connection have been established, a header with payload will be sent to server to specify TCP CONNECT destination and payload to reduce packet required to transport.
+----------------+--------------+--------------+-------------+---------------+
| len(TOKEN) | TOKEN | len(host) | host | Payload |
+-------------------------------+--------------+-----------------------------+
| 1 byte | 1-255 bytes | 1 byte | 1-255 bytes | * |
+----------------+--------------+--------------+-------------+---------------+
Fake website
When server take a wrong header format, it will forward the suspicious request to a local http server. So that you and GFW internet agent may find that a website is hosted in that url if just access it from browser.
My personal interest is to show a sad panda to GFW internet agent, or you may launch a jupyter notebook server, which provide powerfull screen-like terminor.
Build
$ go get github.com/gorilla/websocket
$ go get github.com/yiyuezhuo/xisocks2
Enter project root
$ make
Usage in PC
- Download respective version into your local computer(client) and VPS(server) from release page.
- In client, replace config-client.json item value corresponding to ProxyURL with your hostname such as "xisocks2.com", which have been "protected" by CDN such as cloudflare. Thus CCP internet cops can't find your real IP.
- See some TLS tutorials to get
server.crtandserver.keyand placing them into server root. - In client, run
client.exe(windows) or./client(linux) - In server, run
server.exe(windows) or./server(linux)
Usage in Android
In addtiontion to PC usage, the android version is just compiled using GOARCH=arm64 and GOOS=linux.
No UI is provided, you can use
termux
and
Postern
to help you use xisocks2 just like usage for other console-oriented applications such as v2ray-core. Note Data Sniffer in Rule in Posternshould be enable.
FAQs
Unknown package
Package last updated on 06 Mar 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024