Merge pull request #6 from gnh1201/jsonrpc2

Stateful relay
2025-07-15 08:48:08 +00:00 · 2024-02-26 22:20:36 +09:00 · 2024-02-26 22:20:36 +09:00 · 97f4f42593
commit 97f4f42593
parent 71fa2a00cc a9c6479e11
3 changed files with 285 additions and 42 deletions
--- a/README.md
+++ b/README.md
@ -33,6 +33,7 @@ If you have an ***will be parasitize*** server that you want to proxy, you can i
 [settings]
 PORT=5555
 SERVER_URL=http://example.org
+SERVER_CONNECTION_TYPE=stateful
 CA_KEY=ca.key
 CA_CERT=ca.crt
 CERT_KEY=cert.key
--- a/index.php
+++ b/index.php
@ -1,11 +1,11 @@
 <?php
 // Caterpillar - The simple and parasitic web proxy with spam filter
-// Namhyeon Go <abuse@catswords.net>
+// Namhyeon Go (Catswords Research) <abuse@catswords.net>
 // https://github.com/gnh1201/caterpillar
 // Created at: 2022-10-06
-// Updated at: 2024-02-20
+// Updated at: 2024-02-26

-define("PHP_HTTPPROXY_VERSION", "0.1.4");
+define("PHP_HTTPPROXY_VERSION", "0.1.5");

 if (strpos($_SERVER['HTTP_USER_AGENT'], "php-httpproxy/") !== 0) {
    exit('<!DOCTYPE html><html><head><title>It works!</title><meta charset="utf-8"></head><body><h1>It works!</h1><p><a href="https://github.com/gnh1201/caterpillar">Download the client</a></p><hr><p>php-httpproxy/' . PHP_HTTPPROXY_VERSION . ' (Server; PHP ' . phpversion() . '; abuse@catswords.net)</p></body></html>');
@ -14,6 +14,34 @@ if (strpos($_SERVER['HTTP_USER_AGENT'], "php-httpproxy/") !== 0) {
 ini_set("default_socket_timeout", 1);  // must be. because of `feof()` works
 ini_set("max_execution_time", 0);

+function jsonrpc2_encode($method, $params, $id = '') {
+    $data = array(
+        "jsonrpc" => "2.0",
+        "method" => $method,
+        "params" => $params,
+        "id" => $id
+    );
+    return json_encode($data);
+}
+
+function jsonrpc2_result_encode($result, $id = '') {
+    $data = array(
+        "jsonrpc" => "2.0",
+        "result" => $result,
+        "id" => $id
+    );
+    return json_encode($data);
+}
+
+function jsonrpc2_error_encode($error, $id = '') {
+    $data = array(
+        "jsonrpc" => "2.0",
+        "error" => $error,
+        "id" => $id
+    );
+    return json_encode($data);
+}
+
 function parse_headers($str) { // Parses HTTP headers into an array
    // https://stackoverflow.com/questions/16934409/curl-as-proxy-deal-with-https-connect-method
    // https://stackoverflow.com/questions/12433958/how-to-parse-response-headers-in-php
@ -32,39 +60,150 @@ function parse_headers($str) { // Parses HTTP headers into an array
    return $headers;
 }

-$data = json_decode(file_get_contents('php://input'), true);
+function read_from_remote_server($remote_address, $remote_port, $scheme, $data = null, $conn = null, $buffer_size = 8192, $id = '') {
+    if (in_array($scheme, array("https", "ssl", "tls"))) {
+        $remote_address = "tls://" . $remote_address;
+    }

-$buffer_size = $data['chunksize'];
+    $sock = fsockopen($remote_address, $remote_port, $error_code, $error_message, 1);
+    if (!$sock) {
+        $error = array(
+            "status" => 502,
+            "code" => $error_code,
+            "message" => $error_message
+        );

-$relay_data = base64_decode($data['data']);
-$relay_headers = parse_headers($relay_data);
-$relay_port = intval($data['port']);
-$relay_scheme = $data['scheme'];
-$relay_hostname = $data['server'];
-
-if ($relay_scheme == "https") {
-    $relay_hostname = "tls://" . $relay_hostname;
-}
-
-switch ($relay_headers['@method'][0]) {
-    case "CONNECT":
-        echo sprintf("%s 200 Connection Established\r\n\r\n", $relay_headers['@method'][2]);
-        break;
-
-    default:
-        $fp = fsockopen($relay_hostname, $relay_port, $errno, $errstr, 1);
-
-        if (!$fp) {
-            echo "$errstr ($errno)<br />\n";
+        if ($conn == null) {
+            echo jsonrpc2_error_encode($error, $id);
        } else {
-            fwrite($fp, $relay_data);
+            $buf = sprintf("HTTP/1.1 502 Bad Gateway\r\n\r\n");
+            $buf .= jsonrpc2_error_encode($error, $id);
+            fwrite($conn, $buf);
+        }
+    } else {
+        if ($conn == null) {
+            // send data
+            fwrite($sock, $data);

+            // receive data
            $buf = null;
-            while (!feof($fp) && $buf !== false) {
-                $buf = fgets($fp, $buffer_size);
+            while (!feof($sock) && $buf !== false) {
+                $buf = fgets($sock, $buffer_size);
                echo $buf;
            }
+        } else {
+            // send data
+            $buf = null;
+            while (!feof($conn) && $buf !== false) {
+                $buf = fgets($conn, $buffer_size);
+                fwrite($sock, $buf);
+            }

-            fclose($fp);
+            // receive data
+            $buf = null;
+            while (!feof($sock) && $buf !== false) {
+                $buf = fgets($sock, $buffer_size);
+                fwrite($conn, $buf);
+            }
        }
+
+        fclose($sock);
+    }
+}
+
+// stateless mode
+function relay_request($params, $id = '') {
+    $buffer_size = $params['buffer_size'];
+    $request_data = base64_decode($params['request_data']);
+    $request_header = parse_headers($request_data);
+    $request_length = intval($params['request_length']);
+    $client_address = $params['client_address'];
+    $client_port = intval($params['client_port']);
+    $client_encoding = $params['client_encoding'];
+    $remote_address = $params['remote_address'];
+    $remote_port = intval($params['remote_port']);
+    $scheme = $params['scheme'];
+    $datetime = $params['datetime'];   // format: %Y-%m-%d %H:%M:%S.%f
+
+    if (in_array($scheme, array("https", "ssl", "tls"))) {
+        $remote_address = "tls://" . $remote_address;
+    }
+
+    switch ($request_header['@method'][0]) {
+        case "CONNECT":
+            $error = array(
+                "status" => 405,
+                "code" => -1,
+                "message" => "Method Not Allowed"
+            );
+            echo jsonrpc2_error_encode($error, $id);
+            break;
+
+        default:
+            read_from_remote_server($remote_address, $remote_port, $scheme, $request_data, null, $buffer_size, $id);
+    }
+}
+
+// stateful mode
+function relay_connect($params, $id = '') {
+    $buffer_size = $params['buffer_size'];
+    $client_address = $params['client_address'];
+    $client_port = intval($params['client_port']);
+    $client_encoding = $params['client_encoding'];
+    $remote_address = $params['remote_address'];
+    $remote_port = intval($params['remote_port']);
+    $scheme = $params['scheme'];
+    $datetime = $params['datetime'];   // format: %Y-%m-%d %H:%M:%S.%f
+
+    $conn = fsockopen($client_address, $client_port, $error_code, $error_message, 1);
+    if (!$conn) {
+        $error = array(
+            "status" => 502,
+            "code" => $error_code,
+            "message" => $error_message,
+            "_params" => $params
+        );
+        echo jsonrpc2_error_encode($error, $id);
+    } else {
+        $data = jsonrpc2_encode("relay_accept", array(
+            "success" => true
+        ), $id);
+        fwrite($conn, $data . "\r\n\r\n");
+
+        read_from_remote_server($remote_address, $remote_port, $scheme, null, $conn, $buffer_size, $id);
+        fclose($conn);
+    }
+}
+
+function get_client_address() {
+    $client_address = '';
+    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+        $client_address = $_SERVER['HTTP_CLIENT_IP'];
+    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        $client_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    } else {
+        $client_address = $_SERVER['REMOTE_ADDR'];
+    }
+    return array("client_address" => $client_address);
+}
+
+// parse context
+$context = json_decode(file_get_contents('php://input'), true);
+
+// check is it jsonrpc
+if ($context['jsonrpc'] == "2.0") {
+    $method = $context['method'];
+    switch ($method) {
+        case "relay_request":
+            relay_request($context['params'], $context['id']);    // stateless mode
+            break;
+
+        case "relay_connect":
+            relay_connect($context['params'], $context['id']);    // stateful mode
+            break;
+
+        case "get_client_address":
+            echo jsonrpc2_result_encode(get_client_address(), $context['id']);
+            break;
+    }
 }
--- a/server.py
+++ b/server.py
@ -2,7 +2,7 @@
 # Namyheon Go (Catswords Research) <gnh1201@gmail.com>
 # https://github.com/gnh1201/caterpillar
 # Created at: 2022-10-06
-# Updated at: 2024-12-24
+# Updated at: 2024-12-28

 import argparse
 import socket
@ -30,6 +30,7 @@ from decouple import config
 try:
    listening_port = config('PORT', cast=int)
    server_url = config('SERVER_URL')
+    server_connection_type = config('SERVER_CONNECTION_TYPE')
    cakey = config('CA_KEY')
    cacert = config('CA_CERT')
    certkey = config('CERT_KEY')
@ -56,6 +57,7 @@ parser.add_argument('--buffer_size', help="Number of samples to be used", defaul
 args = parser.parse_args()
 max_connection = args.max_conn
 buffer_size = args.buffer_size
+accepted_relay = {}

 # https://stackoverflow.com/questions/25475906/set-ulimit-c-from-outside-shell
 resource.setrlimit(
@ -92,6 +94,27 @@ def start():    #Main Program
            print("\n[*] Graceful Shutdown")
            sys.exit(1)

+def jsonrpc2_create_id(data):
+    return hashlib.sha1(json.dumps(data).encode(client_encoding)).hexdigest()
+
+def jsonrpc2_encode(method, params = None):
+    data = {
+        "jsonrpc": "2.0",
+        "method": method,
+        "params": params
+    }
+    id = jsonrpc2_create_id(data)
+    data['id'] = id
+    return (id, json.dumps(data))
+
+def jsonrpc2_result_encode(result, id = ''):
+    data = {
+        "jsonrpc": "2.0",
+        "result": result,
+        "id": id
+    }
+    return json.dumps(data)
+
 def parse_first_data(data):
    parsed_data = (b'', b'', b'', b'', b'')

@ -126,12 +149,23 @@ def parse_first_data(data):

        parsed_data = (webserver, port, scheme, method, url)
    except Exception as e:
-        conn.close()
-        print("[*] Exception on parsing the header of %s. Cause: %s" % (str(addr[0]), str(e)))
+        print("[*] Exception on parsing the header. Cause: %s" % (str(e)))

    return parsed_data

 def conn_string(conn, data, addr):
+    # check is it JSON-RPC 2.0 request
+    if data.find(b'{') == 0:
+        jsondata = json.loads(data.decode(client_encoding))
+        if jsondata['jsonrpc'] == "2.0" and jsondata['method'] == "relay_accept":
+            id = jsondata['id']
+            accepted_relay[id] = conn
+            while conn.fileno() > -1:
+                time.sleep(1)
+            del accepted_relay[id]
+            print ("[*] relay destroyed: %s" % (id))
+            return
+
    # parse first data (header)
    webserver, port, scheme, method, url = parse_first_data(data)

@ -422,25 +456,94 @@ def proxy_server(webserver, port, scheme, method, url, conn, addr, data):

            print("[*] Received %s chunks. (%s bytes per chunk)" % (str(i), str(buffer_size)))

-        else:
+        # stateful mode
+        elif server_connection_type == "stateful":

            proxy_data = {
                'headers': {
-                    "User-Agent": "php-httpproxy/0.1.4 (Client; Python " + python_version() + "; abuse@catswords.net)",
+                    "User-Agent": "php-httpproxy/0.1.5 (Client; Python " + python_version() + "; abuse@catswords.net)",
                },
                'data': {
-                    "data": base64.b64encode(data).decode(client_encoding),
-                    "client": str(addr[0]),
-                    "server": webserver.decode(client_encoding),
-                    "port": str(port),
+                    "buffer_size": str(buffer_size),
+                    "client_address": str(addr[0]),
+                    "client_port": str(listening_port),
+                    "client_encoding": client_encoding,
+                    "remote_address": webserver.decode(client_encoding),
+                    "remote_port": str(port),
                    "scheme": scheme.decode(client_encoding),
-                    "url": url.decode(client_encoding),
-                    "length": str(len(data)),
-                    "chunksize": str(buffer_size),
                    "datetime": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f")
                }
            }
-            raw_data = json.dumps(proxy_data['data'])
+
+            # get client address
+            try:
+                _, query_data = jsonrpc2_encode('get_client_address')
+                query = requests.post(server_url, headers=proxy_data['headers'], data=query_data, timeout=1)
+                if query.status_code == 200:
+                    result = query.json()['result']
+                    proxy_data['data']['client_address'] = result['client_address']
+                print ("[*] Resolved IP: %s" % (result['client_address']))
+            except requests.exceptions.ReadTimeout as e:
+                pass
+
+            # build a tunnel
+            try:
+                id, raw_data = jsonrpc2_encode('relay_connect', proxy_data['data'])
+                relay = requests.post(server_url, headers=proxy_data['headers'], data=raw_data, stream=True, timeout=1)
+                for chunk in relay.iter_content(chunk_size=buffer_size):
+                    print (chunk)
+            except requests.exceptions.ReadTimeout as e:
+                pass
+
+            # wait for the relay
+            print ("[*] waiting for the relay... %s" % (id))
+            while not id in accepted_relay:
+                time.sleep(1)
+            sock = accepted_relay[id]
+            print ("[*] connected the relay. %s" % (id))
+            sendall(sock, conn, data)
+
+            # get response
+            i = 0
+            buffered = b''
+            while True:
+                chunk = sock.recv(buffer_size)
+                if not chunk:
+                    break
+                buffered += chunk
+                if proxy_check_filtered(buffered, webserver, port, scheme, method, url):
+                    sock_close(sock, is_ssl)
+                    add_filtered_host(webserver.decode(client_encoding), '127.0.0.1')
+                    raise Exception("Filtered response")
+                conn.send(chunk)
+                if len(buffered) > buffer_size*2:
+                    buffered = buffered[-buffer_size*2:]
+                i += 1
+
+            sock_close(sock, is_ssl)
+
+            print("[*] Received %s chunks. (%s bytes per chunk)" % (str(i), str(buffer_size)))
+
+        else:
+            # stateless mode
+            proxy_data = {
+                'headers': {
+                    "User-Agent": "php-httpproxy/0.1.5 (Client; Python " + python_version() + "; abuse@catswords.net)",
+                },
+                'data': {
+                    "buffer_size": str(buffer_size),
+                    "request_data": base64.b64encode(data).decode(client_encoding),
+                    "request_length": str(len(data)),
+                    "client_address": str(addr[0]),
+                    "client_port": str(listening_port),
+                    "client_encoding": client_encoding,
+                    "remote_address": webserver.decode(client_encoding),
+                    "remote_port": str(port),
+                    "scheme": scheme.decode(client_encoding),
+                    "datetime": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f")
+                }
+            }
+            _, raw_data = jsonrpc2_encode(proxy_data['data'])

            print("[*] Sending %s bytes..." % (str(len(raw_data))))