Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 2
SOCKSIO
Client-side sans-I/O SOCKS proxy implementation. Supports SOCKS4, SOCKS4A, and SOCKS5.
socksio is a sans-I/O library similar to
h11 or
h2, this means the library itself
does not handle the actual sending of the bytes through the network, it only
deals with the implementation details of the SOCKS protocols so you can use
it in any I/O library you want.
Current status: stable
Features not yet implemented:
- SOCKS5 GSS-API authentication.
- SOCKS5 UDP associate requests.
Usage
TL;DR check the examples directory.
Being sans-I/O means that in order to test socksio you need an I/O library.
And the most basic I/O is, of course, the standard library's socket module.
You'll need to know ahead of time the type of SOCKS proxy you want to connect to. Assuming we have a SOCKS4 proxy running in our machine on port 8080, we will first create a connection to it:
import socket
sock = socket.create_connection(("localhost", 8080))
socksio exposes modules for SOCKS4, SOCKS4A and SOCKS5, each of them includes
a Connection class:
from socksio import socks4
# The SOCKS4 protocol requires a `user_id` to be supplied.
conn = socks4.SOCKS4Connection(user_id=b"socksio")
Since socksio is a sans-I/O library, we will use the socket to send and
receive data to our SOCKS4 proxy. The raw data, however, will be created and
parsed by our SOCKS4Connection.
We need to tell our connection we want to make a request to the proxy. We do that by first creating a request object.
In SOCKS4 we only need to send a command along with an IP address and port.
socksio exposes the different types of commands as enumerables and a
convenience from_address class method in the request classes to create a
valid request object:
# SOCKS4 does not allow domain names, below is an IP for google.com
request = socks4.SOCKS4Request.from_address(
socks4.SOCKS4Command.CONNECT, ("216.58.204.78", 80))
from_address methods are available on all request classes in socksio, they
accept addresses as tuples of (address, port) as well as string address:port.
Now we ask the connection to send our request:
conn.send(request)
The SOCKS4Connection will then compose the necessary bytes in the proper
format for us to send to our proxy:
data = conn.data_to_send()
sock.sendall(data)
If all goes well the proxy will have sent reply, we just need to read from the
socket and pass the data to the SOCKS4Connection:
data = sock.recv(1024)
event = conn.receive_data(data)
The connection will parse the data and return an event from it, in this case, a
SOCKS4Reply that includes attributes for the fields in the SOCKS reply:
if event.reply_code != socks4.SOCKS4ReplyCode.REQUEST_GRANTED:
raise Exception(
"Server could not connect to remote host: {}".format(event.reply_code)
)
If all went well the connection has been established correctly and we can start sending our request directly to the proxy:
sock.sendall(b"GET / HTTP/1.1\r\nhost: google.com\r\n\r\n")
data = receive_data(sock)
print(data)
# b'HTTP/1.1 301 Moved Permanently\r\nLocation: http://www.google.com/...`
The same methodology is used for all protocols, check out the examples directory for more information.
Development
Install the test requirements with pip install -r test-requirements.txt.
Install the project in pseudo-editable mode with flit install -s.
Tests can be ran directly invoking pytest.
This project uses nox to automate
testing and linting tasks. nox is installed as part of the test requirements.
Invoking nox will run all sessions, but you may also run only some them, for
example nox -s lint will only run the linting session.
In order to test against a live proxy server a Docker setup is provided based
on the Dante SOCKS server.
A container will start danted listening on port 1080. The docker-compose.yml
will start the container and map the ports appropriately. To start the container
in the background:
docker-compose -f docker/docker-compose.yml up -d
To stop it:
docker-compose -f docker/docker-compose.yml down
Alternatively, remove the -d flag to run the containers in the foreground.
Reference documents
Each implementation follows the documents as listed below:
- SOCKS4: https://www.openssh.com/txt/socks4.protocol
- SOCKS4A: https://www.openssh.com/txt/socks4a.protocol
- SOCKS5: https://www.ietf.org/rfc/rfc1928.txt
- SOCKS5 username/password authentication: https://www.ietf.org/rfc/rfc1929.txt
- SOCKS5 GSS-API authentication: https://www.ietf.org/rfc/rfc1961.txt
License
MIT
FAQs
Sans-I/O implementation of SOCKS4, SOCKS4A, and SOCKS5.
We found that socksio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025