
Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
Dealing with SOCKS and HTTP proxies is a pain. EM-Socksify provides a simple ship to setup and negotiation a SOCKS / HTTP connection for any EventMachine protocol.
class Handler < EM::Connection
include EM::Socksify
def connection_completed
socksify('google.ca', 80) do
send_data "GET / HTTP/1.1\r\nConnection:close\r\nHost: google.ca\r\n\r\n"
end
end
def receive_data(data)
p data
end
end
EM.run do
EventMachine.connect SOCKS_HOST, SOCKS_PORT, Handler
end
What's happening here? First, we open a raw TCP connection to the SOCKS proxy. Once the TCP connection is established, EventMachine calls the connection_completed method in our handler, at which point we call the helper method (socksify) with the actual destination and host and port (address that we actually want to get to), and the module does the rest.
socksify temporarily intercepts your receive_data callbacks, negotiates the SOCKS connection (version, authentication, etc), and then once all of that is done, returns control back to your code.
For SOCKS proxies which require authentication, use:
socksify(destination_host, destination_port, username, password, version)
class Handler < EM::Connection
include EM::Connectify
def connection_completed
connectify('www.google.ca', 443) do
start_tls
send_data "GET / HTTP/1.1\r\nConnection:close\r\nHost: www.google.ca\r\n\r\n"
end
end
def receive_data(data)
p data
end
end
EM.run do
EventMachine.connect PROXY_HOST, PROXY_PORT, Handler
end
For CONNECT proxies which require authentication, use:
connectify(destination_host, destination_port, username, password)
(The MIT License)
FAQs
Unknown package
We found that em-socksify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.
Security News
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
Research
/Security News
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.