Skip to main content

TLS encrypted socks5 proxy

Project description

Moses

Moses 是一个使用加密连接的 Socks5 代理,原理与 ShadowSocks 一致, 不过加密方法换成了 TLS, 支持服务端、客户端双向验证,更安全,不过连接 速度也更慢。

安裝

❯ pip install moses

或者使用最新代码:

❯ git clone https://github.com/l04m33/moses.git
❯ pip install ./moses

使用方法

❯ moses -h
usage: moses [-h] (-c | -s) [-b <ADDRESS>:<PORT>] [-n] [-l LOCAL_CERT]
             [-r REMOTE_CERT] [-e CIPHERS] [--backlog BACKLOG]
             [--loglevel {critical,fatal,error,warning,info,debug}]
             [--block-size BLOCK_SIZE] [-k KEEPALIVE] [-p <ADDRESS>:<PORT>]
             [-f <ADDRESS>:<PORT>]

optional arguments:
  -h, --help            show this help message and exit

Common Options:
  -c, --client          Client mode
  -s, --server          Server mode
  -b <ADDRESS>:<PORT>, --bind <ADDRESS>:<PORT>
                        IP & port to bind (default: :1080)
  -n, --no-tls          Do not use TLS encryption
  -l LOCAL_CERT, --local-cert LOCAL_CERT
                        Local SSL certificates (default: ./local.pem)
  -r REMOTE_CERT, --remote-cert REMOTE_CERT
                        Remote SSL certificates (default: ./remote.pem)
  -e CIPHERS, --ciphers CIPHERS
                        Ciphers to use for encryption. Run `openssl ciphers`
                        to see available ciphers
  --backlog BACKLOG     Backlog for the listening socket (default: 128)
  --loglevel {critical,fatal,error,warning,info,debug}
                        Log level (default: info)
  --block-size BLOCK_SIZE
                        Block size for data streaming, in bytes (default:
                        2048)
  -k KEEPALIVE, --keepalive KEEPALIVE
                        TCP keepalive parameters, in the form of
                        <keepalive_time>,<keepalive_probes>,<keepalive_intvl>.
                        See `man 7 tcp` for details (default: keepalive
                        disabled)

Client Options:
  -p <ADDRESS>:<PORT>, --peer <ADDRESS>:<PORT>
                        Peer (server) address

Server Options:
  -f <ADDRESS>:<PORT>, --forward <ADDRESS>:<PORT>
                        Simply forward all connections to the given address

Socks5 代理

启动服务器:

❯ moses -s -b some.server.addr.ess:32000 \
        -l server_key.pem -r client_cert.pem

启动客户端:

❯ moses -c -b 127.0.0.1:1080 -p some.server.addr.ess:32000 \
        -l client_key.pem -r server_cert.pem

转发 HTTP 代理

Moses 本身没有实现 HTTP 代理,不过你可以用 Moses 将 HTTP 代理请求转 发到其他 HTTP 代理程序(例如 Privoxy )上。假设你的服务器在 8118 端 口上配置了一个 Privoxy 实例,这样启动 Moses 服务器即可:

❯ moses -s -b some.server.addr.ess:32000 \
        -f 127.0.0.1:8118 \
        -l server_key.pem -r client_cert.pem

Linux 下的全局透明代理

staff 是一个透明代理脚本,通过与 moses 配合可以自动转发 所有 DNS 请求和 TCP 连接, poor man’s VPN :)

使用方法(假设 Moses 客户端运行在 127.0.0.1:1080 上):

❯ staff -p 127.0.0.1:1080

然后用 iptables 添加这三条规则(当然 eth0 要替换成你自己的网络接口):

❯ iptables -t nat -I OUTPUT -o eth0 -p udp --dport 53  -j DNAT --to 127.0.0.1:32000
❯ iptables -t nat -I OUTPUT -o eth0 -p tcp --dport 80  -j DNAT --to 127.0.0.1:32000
❯ iptables -t nat -I OUTPUT -o eth0 -p tcp --dport 443 -j DNAT --to 127.0.0.1:32000

这样所有 DNS 请求和目标端口是 80、443 的 TCP 连接都会走 Moses 代理。

你也可以更进一步,用 geoip 规则忽略某墙国的 IP (需要安装 xtables-addons ):

❯ iptables -t nat -I OUTPUT -o eth0 -p tcp -m geoip ! --dst-cc CN -j DNAT --to 127.0.0.1:32000

要查看其他选项的用法,执行 staff -h .

License

MIT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

moses-0.10.0.tar.gz (17.8 kB view details)

Uploaded Source

File details

Details for the file moses-0.10.0.tar.gz.

File metadata

  • Download URL: moses-0.10.0.tar.gz
  • Upload date:
  • Size: 17.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for moses-0.10.0.tar.gz
Algorithm Hash digest
SHA256 e3a1068099d9bb9768e71380f452e18c4f523b7c95208ba1e8f123d3af6dfce7
MD5 d88628aa5e9349686d86f3e41986e97a
BLAKE2b-256 840d783ac17bd7ce07a1cd5f1ec4c4c3c1d6feee1b09a743933c4bed94e7c68b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page