Skip to content

Commit 6057e27

Browse files
intikaintika
committed
Reject UDP requests to non-local addresses on connect()
1 parent 96d51f2 commit 6057e27

2 files changed

Lines changed: 55 additions & 2 deletions

File tree

README

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ ProxyBound v5.0
33

44
ProxyBound is a UNIX program, that hooks network-related libc functions
55
in dynamically linked programs via a preloaded DLL and redirects the
6-
connections through SOCKS4a/5 or HTTP proxies. This is based on
7-
proxychains-ng by rofl0r & proxychains by haad
6+
connections through SOCKS4a/5 or HTTP proxies. This is based on
7+
proxychains-ng by rofl0r, proxychains by haad and torsocks by dgoulet
88

99
How it works:
1010
=============

src/libproxybound.c

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,34 @@
4545
#define SOCKFAMILY(x) (satosin(x)->sin_family)
4646
#define MAX_CHAIN 512
4747

48+
49+
50+
51+
52+
53+
54+
55+
#include <stdio.h>
56+
#include <stdlib.h>
57+
#include <unistd.h>
58+
#include <dlfcn.h>
59+
#include <sys/types.h>
60+
#include <sys/socket.h>
61+
#include <string.h>
62+
#include <strings.h>
63+
#include <sys/types.h>
64+
#include <netinet/in.h>
65+
#include <arpa/inet.h>
66+
#include <sys/poll.h>
67+
#include <sys/time.h>
68+
#include <pwd.h>
69+
#include <errno.h>
70+
#include <fcntl.h>
71+
#include <stdarg.h>
72+
#include <resolv.h>
73+
74+
75+
4876
connect_t true_connect;
4977
gethostbyname_t true_gethostbyname;
5078
getaddrinfo_t true_getaddrinfo;
@@ -383,6 +411,18 @@ int connect(int sock, const struct sockaddr *addr, socklen_t len) {
383411
}
384412
}
385413
}
414+
415+
//Rejecting non local udp
416+
if (socktype == SOCK_DGRAM){
417+
if (proxybound_allow_leak) {
418+
PDEBUG("allowing unproxified udp connect()\n");
419+
return true_connect(sock, addr, len);
420+
} else {
421+
PDEBUG("blocking unproxified udp connect()\n");
422+
//exit(0);
423+
return -1;
424+
}
425+
}
386426

387427
flags = fcntl(sock, F_GETFL, 0);
388428
if(flags & O_NONBLOCK)
@@ -401,6 +441,19 @@ int connect(int sock, const struct sockaddr *addr, socklen_t len) {
401441
return ret;
402442
}
403443

444+
//TODO: DNS LEAK: OTHER RESOLVER FUNCTION
445+
//realresinit = dlsym(lib, "res_init");
446+
//realresquery = dlsym(lib, "res_query");
447+
//realressend = dlsym(lib, "res_send");
448+
//realresquerydomain = dlsym(lib, "res_querydomain");
449+
//realressearch = dlsym(lib, "res_search");
450+
//realgethostbyaddr = dlsym(lib, "gethostbyaddr"); //Needs rewrite
451+
//realgetipnodebyname = dlsym(lib, "getipnodebyname");
452+
453+
//UDP & DNS LEAK
454+
//realsendto = dlsym(lib, "sendto");
455+
//realsendmsg = dlsym(lib, "sendmsg");
456+
404457
static struct gethostbyname_data ghbndata;
405458

406459
struct hostent *gethostbyname(const char *name) {

0 commit comments

Comments
 (0)