Skip to content

SAPikachu/guruguru

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

guruguru

Transparent IPv4 SOCKS5 proxy via IPv6 addressing

Prerequisites

A dedicated VM (or real box if you like) is needed to run guruguru. In this document we assume Ubuntu 16.04 is installed on the VM.

Recommended configuration

  1. Configure /etc/network/interfaces as follows:
iface ens18 inet6 static
    address fc00::1 # Or your IPv6 address, remember to adjust iptables rules if this is changed
    netmask 64
    up ip -6 rule add fwmark 1 lookup 100
    up ip -6 route add local fc00::/7 dev lo table 100
    up ip6tables -t mangle -A PREROUTING -m socket -j MARK --set-mark 1
    up ip6tables -t mangle -A PREROUTING -m socket -j ACCEPT
    up ip6tables -t mangle -A PREROUTING -p tcp -d fc00::/16 -j RETURN
    up ip6tables -t mangle -A PREROUTING -p tcp -d fc00::/7 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 44555 --on-ip ::1
    up ip6tables -I INPUT -p tcp -s fc00::/64 -d fc00::/7 -j ACCEPT
  1. Setup radvd to offer (fake) IPv6 connectivity to LAN. Example configuration:
interface ens18 {                                                                                   
        AdvSendAdvert on;                                                                           
                                                                                                    
        prefix ::/64 {                                                                              
                AdvAutonomous on;                                                                   
                AdvOnLink on;                                                                       
        };                                                                                          
        route ::/0 {                                                                                
        };                                                                                          
};

  1. Build guruguru with cargo build --release

  2. Run guruguru as root. It will drop root privileges after initialization.

To view log message, run it like: RUST_LOG=debug guruguru

Usage

guruguru encodes SOCKS5 server and target domain / address into IPv6 unique local addresses. It offers a simple DNS server to encode the address. You can use dig to query it to get the address:

$ dig AAAA google.com.s---t.my.socks.com.s---t.1080.s---t.grgr.rg @fc00::1 +short
fd3b:de76:17f4:b73:b9bc:6b9f:e800:8700

IPv4 addresses are also accepted:

$ dig AAAA 233.233.233.233.s---t.10.10.10.10.s---t.1080.s---t.grgr.rg @fc00::1 +short
fce9:e9e9:e900::a0a:a0a:438

SOCKS server can be omitted. guruguru will connect via server specified in command line (Please check guruguru -h for more information).

$ dig AAAA httpbin.org.s---t.grgr.rg @fc00::1 +short
fd45:2901:25df:c000::
$ curl -L --resolve 'httpbin.org:443:fd45:2901:25df:c000::' "https://httpbin.org/ip"
{"origin":"1.2.3.4"}

By default domain names are directly encoded into the IPv6 address, it is not possible to encode the address if domain is too long:

$ dig AAAA www.google.com.s---t.my.socks.com.s---t.1080.s---t.grgr.rg @fc00::1 +short
# Nothing returns

In this case, we can instruct guruguru to pre-resolve domains before encoding:

$ dig AAAA r---e.www.google.com.s---t.r---e.my.socks.com.s---t.1080.s---t.grgr.rg @fc00::1 +short
fc45:abe9:2500::a18:e205:438

About

Transparent SOCKS5 proxy via IPv6 addressing

Topics

dns rust ipv6 proxy socks5 tproxy

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages