The proxy performance could be dramatically increased if the implementation includes the Channels implemented with Golang

Improve the CLI experience, users should be able to do the same that the declarative configurations allow but using just the CLI

See main.go

• Implementation
• Documentation

It should be possible to fullproxy translate proxy protocols. This way clients that only support one specific protocol can make use of other running services.

• HTTP to SOCKS5
• SOCKS5 to HTTP

Currently Units tests are a mess and somehow not deterministic, at least they work in a Windows machine but when been executed by GitHub actions they always crash. Goals:

• Cleaner code
• Deterministic results
• Concurrent execution
• Remove any sleep action

The tool itself works perfectly but it will be great to ensure these tests also pass in google actions:

• TestSocks5BindAcceptFilter

Incoming

Each time a connection is received in the Bind/Master, before doing any kind of processing, the program should pass the Host and Port to a function to do some kind of validation; if the incoming client accomplish all the developer specified rules, the proxy protocol will proceeded the transaction, if not, it will close the connection immediately

PoC

func LocalhostOnlyFilter(host string, port int) bool {
        return host == "localhost" || host == "127.0.0.1"
}

Outgoing

Each time a connection the client request a proxy session between him and a target address, if the address a accomplish all the developer specified rules, the transaction will proceeded, other way, the connection will be closed inmediatly

PoC

func BlockFacebookFilter(host string, port int) bool {
        return host != "Facebook"
}

fullproxy should be able to forward traffic over a virtual network interface to a set of fullproxy running slaves.

Main ideas

Setup a wiregard or netgard running in master node and have the client resolve all the traffic comming from the VPN protocol though the slave or vice versa.

Main goals:

• Have the ability to send and receive any kind of traffic between machines connected from the slave side.
• Have the ability to listen to a specific port in the master side but traffic forwarded though slave.

Example

Setup

• Master running
• Slave connected to master
• Slave network is 192.168.50.1/24.
• Slave local IP is 192.168.50.101

Capabilities

• Master can listen at any port on 192.168.50.101 (Slave's IP)
• Any traffic at 192.168.50.1/24 is resolved though the VPN tunnel between the master and slave: Meaning if a ping is executed from the master side. traffic will be redirected by the tunnel.
• The same when opening connections.

Timeout

Right now the PortProxy bucle has a predefined timeout of 10 seconds
https://github.com/shoriwe/FullProxy/blob/982aa6d7968aec39f4576e9f13eb51e59fd0309d/pkg/Proxies/Basic/Protocol.go#L20
It will be useful if a developer can set his own timeout value

Tries

Right now the PortProxy bucle only tries to Read from the source connection 5 times
https://github.com/shoriwe/FullProxy/blob/982aa6d7968aec39f4576e9f13eb51e59fd0309d/pkg/Proxies/Basic/Protocol.go#L19
It will be useful if a developer can set his own tries value

It will be really useful to translate a protocol to another one, this means, that if you have an already setup (for example) HTTP proxy server, you can ask to FullProxy to receive Socks5 requests, to then translate them to the HTTP protocol and finally forward them to the HTTP server

Target translations

Local Port forward --> To --> SOCKS5/HTTP

Explanation

The Translator will bind in a wanted Address:Port and will forward it's traffic to a Target address accessible by the proxy

HTTP --> To --> SOCKS5

SOCKS5 --> To --> HTTP

Create a YAML structure easy enough to learn fast and simpler enough to prevent branching hell

See compose/ directory for the existing reference of the config

• Implementation
• Documentation

The HTTP proxy protocol is not implemented yet, but it will

A necessary feature will be to let the user to specify his own client and/or server certificates

The user and password authentication is failing

Update all the documentation

• Readme
• CLI
• Compose
• CONTRIBUTING
• CHANGELOG
• Circuits
• Continuous integration

• Listener Filter wrapper
• Dial Filter wrapper

The key generator for the RSA and the AES keys is not random at all, maybe by requesting randomness with current the time in UNIX format as seed can fix this

Add more Authentication Methods like:

Comparing received creds with the ones in a sqlite3 database

This way it will be easier to handle more than one user

Passing the received creds to a command as arguments

This feature will approach the exit codes of executables, if the executable returns 0 the program can consider that the authentication was successful, any other way, it failed. (Or something similar).

• Video using fullproxy compose

It is crashing because PKCS7UnPadding is sometimes processing a nil byte slice

Based on github.com/golang-standards/project-layout it may be good to prevent future crashed by adopting the vendor/ folder convention.

Use Go's crypto/tls instead of the custom encryption implemented, this way the tool will be using a reliable library and well tested protocol instead of the custom one that I implemented

Add continious integration pipelines

Pending:

• Documentation
• Coverage and Release pipe
• Test
• Versioning

Build

• Build binary
• Run tests
• Versioning
• Release GitHub

Coverage

• Run tests
• Publish to codecov

Implement a SSH style local and remote port forwarding feature

I don't understand using the document, can I write it simpler?

By default FullProxy is only using the vanilla Block.decrypt/Block.encrypt wich handles the encryption/decryption with the "insecure" AES mode ECB this explain why it should not be used, based on that, it is recommended to use CBC which apparently is more secure than ECB, this other reference can explain it.

Support Plasma v1.0.0 scripting language

• Add the scripting language binding
• Update documentation of the new bindings

Stop using custom implementation of protocols. New packages to be used are:

Socks5

• https://github.com/things-go/go-socks5

HTTP

• https://github.com/google/martian
• https://github.com/elazarl/goproxy

By the moment the SOCKS5 server supports only the CONNECT command, the BIND and UDP ASSOCIATE are still pending to implement

• Implement BIND command
• Implement UDP ASSOCIATE command

This is happening because sometimes the password negotiation fails and the aes Cipher handler end with nil value

Rewrite Raw sockets proxy using a external library

It should be easy to config:

• Support

Change the naming of:

• interface-master to master
• interface-mode to slave

As this will improve the understanding how it works

Rewrite SOCKS5 proxy using a external library

It should be easy to config:

• Support
• Custom auth methods

By the moment the only way to create a database file compatible with FullProxy is by first creating the file with touch and them doing FullProxy database create over that file.

I think this behavior can be corrected by removing this lines (from internal/database/Create.go)

https://github.com/shoriwe/FullProxy/blob/309976365c11f00eecfa9e7913b07db8a22b0f1d/internal/Database/Create.go#L11-L20

Rewrite the reverse connection based server protocol

Using:

• gob
• yamux

It will be useful to encrypt traffic between the master and slave

Protocol:

1. Share the AES keys with a previously set RSA tunnel
2. Encrypt all traffic with AES

Rewrite port forward proxy using a external library

It should be easy to config:

• Support

Rewrite HTTP proxy using a external library

It should be easy to config:

• Support

By the moment the Port Forward implementation only have Local port forwarding so the slave only can share a port that is accessible to it with the master. It is necessary to also implement the Remote port forwarding that SSH provides so the master can share a port that is accessible to him with the slave

By the moment the Port forward feature is a bit buggy with complex TCP protocols

• Support

Socks5 is working in a unpredictable way, for some reason it doesn't forward the traffic randomly

This mean that a new list of tests will be needed.

Also, the HTTP protocol is completely useless by now, for some reason it is killing all the connections before they are completed, need to check if the external package GoProxy was update in a way that it breaks FullProxy functionality

(Package) Custom log function

It is important to let other developers set their own logging function to handle events of the proxy

Missing logs

It is necessary to log this important functionalities of FullProxy

General

• Bind Successfully/Failed
• Connection with client died
• Connection with target died
• Could not connect to target address

Slave

• Connection to master Successfully/Failed
• Connection with master Closed

Master

• Connection received from Slave
• Connection with slave Closed

Socks5/HTTP

• Authentication Success/Failed (If user want, show the creds)

Create the ability for users to create a circuit connection between multiple proxies (probably with multi protocol support).

For example the user wants to pivot traffic between its local Tor installation, two middle proxies and a public Tor proxy SOCKS5.

Lets assume the middle proxies are one in HTTP and the other one in SOCK5.

The circuit will be:

Localhost SOCKS5 Tor -> Proxy 1 -> Proxy 2 -> Public tor SOCKS5

With this the user will be able to access the public as it was running locally on his machine or in the IP:PORT he prefers

Pending:

• Documentation
• Socks5
• Forward
• SSH

All the binaries in the Release section are not statically compiled, this can be a problem since all the users can not have the necessary library dependencies

Next time, the compilation will be done with this command:

CGO_ENABLED=1 go build -trimpath --ldflags '-extldflags "-static" -s -w'

It is also important to update the README.md manual installation steps