Forward Wireguard traffic to SOCKS server about wireproxy HOT 9 OPEN

Okay I think what I understand what you mean. So basically what you are asking for is a program that would expose itself as a wireguard peer, and any traffic it received would be forwarded via a specified socks5 server?

I think implementing such a thing wouldn't be hard. I can give it a try.

from wireproxy.

Hello,

Just to be sure, do you mean something like hosting a SOCKS5 server on wireguard's network, and the outbound traffic of the SOCKS5 proxy would be outside wireguard?

This would require some slight patching to or changing the socks5 library which I am currently using. In fact while testing suggestions in #15 I think I've accidentally implemented something like what you are describing. I'll look into it and try to implement it.

from wireproxy.

Tun2socks looks like it should do all I actually need, thanks for finding it! I'll test that out, and let you know how it goes.

from wireproxy.

Perhaps explaining the use case will clarify.

As a security person, quite often we can achieve a socks tunnel into a target network, whether via reGeorg or PivotNacci, or even ssh. Once that is done, sometimes we want to use a Windows-based tool to interact with eg the target domain, but actually coercing the tool to use the socks proxy can be quite difficult in some cases.

As an alternative, one could route the windows traffic over a vpn, such as wireguard, then use Linux transparent proxying and redsocks on the vpn endpoint to achieve the same end result. This has been prototyped using a docker container, but even then, it's more complicated and heavyweight than strictly necessary.

The proposed alternative would be to integrate the wireguard endpoint and the socks client into one app, such that any traffic reaching the wireguard endpoint, and destined for a non-local target would be routed via the socks client, to a specified socks server.

from wireproxy.

Yes, exactly that. Happy to test for you when needed.

from wireproxy.

So here is an status update: this is going to be harder than I had originally thought. gvisor's netstack is too abstracted for me to accomplish listening TCP traffic on all addresses easily. There is hope though: this library seems to allow me to implement your suggestion with ease.

From how things are looking right now, I will probably implement your suggestion in a separate project, since I doubt the final code will share anything with wireproxy's code (besides config parsing).

Edit: this project seems to mostly accomplish what you want, except the wireguard part. I will investigate into this project and see if I can adapt some of it into wireproxy.

from wireproxy.

Hi Rogan,
Kindly let us know if Tun2socks works and steps to follow.

Thanks

from wireproxy.

Did not end up trying it. HTTPS://GitHub.com/Sensepost/wiresocks did what I wanted it to do.

from wireproxy.

@pufferffish Does wireproxy support "reverse" SOCKS proxy and/or remote port forwarding?

For example a wireguard "client", peer 10.8.1.2, connects to the wireguard "server", peer 10.8.1.1. After that "server" can use 10.8.1.2:1080 as a SOCKS proxy to access whatever is reachable through 10.8.1.2.

from wireproxy.