Add SOCKS5 proxy support

Author: Dan Vittegleo

README.md

@@ -1,10 +1,10 @@
-<b>awslambdaproxy</b> is an [AWS Lambda](https://aws.amazon.com/lambda/) powered HTTP(s) web proxy. It provides a constantly rotating IP address for your web traffic from all regions where AWS Lambda is available. The goal is to obfuscate your web traffic and make it harder to track you as a user.
+<b>awslambdaproxy</b> is an [AWS Lambda](https://aws.amazon.com/lambda/) powered HTTP(s)/SOCKS web proxy. It provides a constantly rotating IP address for your web traffic from all regions where AWS Lambda is available. The goal is to obfuscate your web traffic and make it harder to track you as a user.
 
 ![](/images/overview.gif?raw=true)
 
 ## Features
-* HTTP & HTTPS support.
-* No special software required. Just configure your system to use an HTTP proxy.
+* HTTP(s) and SOCKS5 proxy support.
+* No special software required. Just configure your system to use an HTTP or SOCKS proxy.
 * Each AWS Lambda region provides 1 outgoing IP address that gets rotated roughly every 4 hours. That means if you use 10 AWS regions, you'll get 60 unique IPs per day.
 * Configurable IP rotation frequency between multiple regions. By default IP will rotate to new region every 3 minutes.
 * Personal proxy server not shared with anyone else.
@@ -14,7 +14,7 @@
 Current code status: <b>proof of concept</b>. This is the first Go application that I've ever written. It has no tests. Listening endpoints have no security yet. It may not work. It may blow up. Use at your own risk.
 
 ## How it works
-At a high level, awslambdaproxy proxies HTTP(s) traffic through AWS Lambda regional endpoints. To do this, awslambdaproxy is setup on a publicly accessible host (e.g. EC2 instance) and it handles creating Lambda resources that run a simple HTTP proxy ([elazarl/goproxy](https://github.com/elazarl/goproxy)). Since Lambda does not allow you to bind ports in your executing functions, the HTTP proxy is bound to a unix socket and a reverse tunnel is established from the Lambda function to port 8081 on the host running awslambdaproxy. Once a tunnel connection is established, all user web traffic is forwarded from port 8080 through this HTTP proxy. Lambda functions have a max execution time of 5 minutes, so there is a goroutine that continuously executes Lambda functions to ensure there is always a live tunnel in place. If multiple regions are specified, user HTTP traffic will be routed in a round robin fashion across these regions.
+At a high level, awslambdaproxy proxies HTTP(s) traffic through AWS Lambda regional endpoints. To do this, awslambdaproxy is setup on a publicly accessible host (e.g. EC2 instance) and it handles creating Lambda resources that run a simple HTTP ([elazarl/goproxy](https://github.com/elazarl/goproxy)) or SOCKS ([armon/go-socks5](https://github.com/armon/go-socks5)) proxy. Since Lambda does not allow you to bind ports in your executing functions, the proxy server is bound to a unix socket and a reverse tunnel is established from the Lambda function to port 8081 on the host running awslambdaproxy. Once a tunnel connection is established, all user web traffic is forwarded from port 8080 through this proxy. Lambda functions have a max execution time of 5 minutes, so there is a goroutine that continuously executes Lambda functions to ensure there is always a live tunnel in place. If multiple regions are specified, user traffic will be routed in a round robin fashion across these regions.
 
 ![](/images/how-it-works.png?raw=true)
 
@@ -55,10 +55,10 @@ The easiest way is to download a pre-built binary from the [GitHub Releases](htt
     ```sh
     export AWS_ACCESS_KEY_ID=XXXXXXXXXX
     export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
-    ./awslambdaproxy -regions us-west-2,us-west-1,us-east-1,us-east-2
+    ./awslambdaproxy -regions us-west-2,us-west-1,us-east-1,us-east-2 -proxy-type socks
     ```
 
-3. Configure your web browser (or OS) to use an HTTP and HTTPS proxy at the publicly accessible host running `awslambdaproxy` on port 8080.
+3. Configure your web browser (or OS) to use the HTTP/HTTPS or SOCKS5 proxy (depending on -proxy-type selection) on the publicly accessible host running `awslambdaproxy` on port 8080.
 
 ## FAQ
 1. <b>Should I use awslambdaproxy?</b> That's up to you. Use at your own risk.
@@ -69,9 +69,10 @@ The easiest way is to download a pre-built binary from the [GitHub Releases](htt
 6. <b>Why does my connection drop periodically?</b> AWS Lambda functions can currently only execute for a maximum of 5 minutes. In order to maintain an ongoing HTTP proxy a new function is executed and all new traffic is cut over to it. Any ongoing connections to previous Lambda function will hard stop after a timeout period.
 
 # Powered by
-* [Goproxy](https://github.com/elazarl/goproxy) - An HTTP proxy written in Go.
-* [Yamux](https://github.com/hashicorp/yamux) - Golang connection multiplexing library.
-* [Goad](https://github.com/goadapp/goad) - Code was borrowed from this project to handle AWS Lambda zip creation and function upload.
+* [goproxy](https://github.com/elazarl/goproxy) - An HTTP proxy server written in Go.
+* [go-socks5](https://github.com/armon/go-socks5) - A SOCKS5 proxy written in Go.
+* [yamux](https://github.com/hashicorp/yamux) - Golang connection multiplexing library.
+* [goad](https://github.com/goadapp/goad) - Code was borrowed from this project to handle AWS Lambda zip creation and function upload.
 
 # Future work
 * Add security to proxy and tunnel connections

cmd/awslambdaproxy/awslambdaproxy.go

@@ -16,6 +16,7 @@ const (
 func main() {
 	regionsPtr := flag.String("regions", "us-west-2", "Regions to run proxy (e.g. us-west-2) (can be comma separated list)")
 	frequencyPtr := flag.Int( "frequency", 180, "Frequency in seconds to execute Lambda function. If multiple regions are specified, this will cause traffic to rotate round robin at the interval specified here")
+	proxyTypePtr := flag.String("proxy-type", "http", "Proxy type to setup: 'http' or 'socks'")
 	proxyPortPtr := flag.String("proxy-port", "8080", "Port to listen for proxy connections")
 	tunnelPortPtr := flag.String("tunnel-port", "8081", "Port to listen for reverse connection from Lambda")
 	flag.Parse()
@@ -32,6 +33,10 @@ func main() {
 		flag.PrintDefaults()
 		os.Exit(1)
 	}
+	if *proxyTypePtr != "http" && *proxyTypePtr != "socks" {
+		flag.PrintDefaults()
+		os.Exit(1)
+	}
 
 	// handle frequency
 	if *frequencyPtr > 255 {
@@ -53,6 +58,6 @@ func main() {
 	}
 
 	regions := strings.Split(*regionsPtr, ",")
-	awslambdaproxy.ServerInit(*proxyPortPtr, *tunnelPortPtr, regions, frequencySeconds)
+	awslambdaproxy.ServerInit(*proxyPortPtr, *tunnelPortPtr, regions, frequencySeconds, *proxyTypePtr)
 }
 

data/lambda/main.py

@@ -8,8 +8,10 @@
 def handler(event, context):
     logger.info("Event: {}".format(event))
     logger.info("Context: {}".format(context))
+    address = event['ConnectBackAddress']
+    proxy_type = event['ProxyType']
 
-    command = "./awslambdaproxy-lambda -address {}".format(event)
+    command = "./awslambdaproxy-lambda -address {} -proxy-type {}".format(address, proxy_type)
     logger.info("Running: {}".format(command))
     try:
         proc = Popen(command, shell=True, stdout=PIPE, stderr=PIPE)

glide.lock

@@ -13,3 +13,4 @@ import:
 - package: github.com/hashicorp/yamux
 - package: github.com/pkg/errors
   version: ^0.8.0
+- package: github.com/armon/go-socks5

glide.yaml

@@ -7,7 +7,7 @@ import (
 	"runtime"
 )
 
-func ServerInit(proxyPort string, tunnelPort string, regions []string, lambdaExecutionFrequency time.Duration) {
+func ServerInit(proxyPort string, tunnelPort string, regions []string, lambdaExecutionFrequency time.Duration, proxyType string) {
 	lambdaExecutionTimeout := int64(lambdaExecutionFrequency.Seconds()) + int64(10)
 
 	log.Println("Setting up Lambda infrastructure")
@@ -25,7 +25,7 @@ func ServerInit(proxyPort string, tunnelPort string, regions []string, lambdaExe
 	}
 
 	log.Println("Starting LambdaExecutionManager")
-	lambdaExecutionManager, err := newLambdaExecutionManager(tunnelPort, regions, lambdaExecutionFrequency)
+	lambdaExecutionManager, err := newLambdaExecutionManager(tunnelPort, regions, lambdaExecutionFrequency, proxyType)
 	if err != nil {
 		log.Println("Failed to setup LambdaExecutionManager", err.Error())
 		os.Exit(1)

init.go

@@ -10,9 +10,9 @@ const (
 	proxyUnixSocket = "/tmp/lambda-proxy.socket"
 )
 
-func LambdaInit(tunnelHost string) {
+func LambdaInit(tunnelHost string, proxyType string) {
 	log.Println("Starting LambdaProxyServer")
-	lambdaProxyServer := startLambdaProxyServer()
+	lambdaProxyServer := startLambdaProxyServer(proxyType)
 
 	log.Println("Establishing tunnel connection to", tunnelHost)
 	lambdaTunnelConnection := setupLambdaTunnelConnection(tunnelHost)
@@ -24,6 +24,7 @@ func LambdaInit(tunnelHost string) {
 
 func main() {
 	addressPtr := flag.String("address", "localhost:8081", "IP and port of server to connect to")
+	proxyTypePtr := flag.String("proxy-type", "http", "Proxy type to setup: 'http' or 'socks'")
 
 	flag.Parse()
 
@@ -32,7 +33,12 @@ func main() {
 		os.Exit(1)
 	}
 
-	LambdaInit(*addressPtr)
+	if *proxyTypePtr != "http" && *proxyTypePtr != "socks" {
+		flag.PrintDefaults()
+		os.Exit(1)
+	}
+
+	LambdaInit(*addressPtr, *proxyTypePtr)
 
 }
 

lambda/lambda.go

@@ -3,20 +3,22 @@ package main
 import (
 	"os"
 	"net"
-	"net/http"
 	"log"
+	"net/http"
 	"time"
 
+	"github.com/armon/go-socks5"
 	"github.com/elazarl/goproxy"
 )
 
 type LambdaProxyServer struct {
 	unixSocket string
+	proxyType string
 	listener net.Listener
 }
 
-func (l *LambdaProxyServer) run() {
-	log.Println("Starting proxy server on socket", l.unixSocket)
+func (l *LambdaProxyServer) runHttp() {
+	log.Println("Starting HTTP proxy server on socket", l.unixSocket)
 	proxy := goproxy.NewProxyHttpServer()
 	proxy.Verbose = true
 	for {
@@ -37,6 +39,31 @@ func (l *LambdaProxyServer) run() {
 	}
 }
 
+func (l *LambdaProxyServer) runSocks() {
+	log.Println("Starting Socks proxy server on socket", l.unixSocket)
+	conf := &socks5.Config{}
+	server, err := socks5.New(conf)
+	if err != nil {
+		panic(err)
+	}
+	for {
+		os.Remove(l.unixSocket)
+		socketAddress, err := net.ResolveUnixAddr("unix", l.unixSocket)
+		if err != nil {
+			log.Println("Failed to resolve unix socket " + l.unixSocket)
+			os.Exit(1)
+		}
+		unixListener, err := net.ListenUnix("unix", socketAddress)
+		if err != nil {
+			log.Println("Created listener on unix socket " + l.unixSocket)
+			os.Exit(1)
+		}
+		l.listener = unixListener
+		os.Chmod(l.unixSocket, 0777)
+		log.Fatal(server.Serve(unixListener))
+	}
+}
+
 func (l *LambdaProxyServer) isReady() bool {
 	if l.listener != nil {
 		return true
@@ -45,11 +72,16 @@ func (l *LambdaProxyServer) isReady() bool {
 	}
 }
 
-func startLambdaProxyServer() *LambdaProxyServer {
+func startLambdaProxyServer(proxyType string) *LambdaProxyServer {
 	ret := &LambdaProxyServer{
 		unixSocket: proxyUnixSocket,
+		proxyType: proxyType,
+	}
+	if ret.proxyType == "http" {
+		go ret.runHttp()
+	} else {
+		go ret.runSocks()
 	}
-	go ret.run()
 	for {
 		if ret.isReady() == true {
 			break

lambda/lambdaproxyserver.go

@@ -16,6 +16,12 @@ type LambdaExecutionManager struct {
 	regions []string
 	frequency time.Duration
 	publicIp string
+	proxyType string
+}
+
+type LambdaPayload struct {
+	ConnectBackAddress string
+	ProxyType string
 }
 
 func (l *LambdaExecutionManager) run() {
@@ -33,7 +39,11 @@ func (l *LambdaExecutionManager) executeFunction(region int) error {
 	log.Println("Executing Lambda function in region", l.regions[region])
 	sess := session.New(&aws.Config{})
 	svc := lambda.New(sess, &aws.Config{Region: aws.String(l.regions[region])})
-	payload, _ := json.Marshal(l.publicIp + ":" + l.port)
+	lambdaPayload := LambdaPayload{
+		ConnectBackAddress: l.publicIp + ":" + l.port,
+		ProxyType: l.proxyType,
+	}
+	payload, _ := json.Marshal(lambdaPayload)
 	params := &lambda.InvokeInput{
 		FunctionName:   aws.String(lambdaFunctionName),
 		InvocationType: aws.String(lambda.InvocationTypeEvent),
@@ -46,7 +56,7 @@ func (l *LambdaExecutionManager) executeFunction(region int) error {
 	return nil
 }
 
-func newLambdaExecutionManager(port string, regions []string, frequency time.Duration) (*LambdaExecutionManager, error) {
+func newLambdaExecutionManager(port string, regions []string, frequency time.Duration, proxyType string) (*LambdaExecutionManager, error) {
 	publicIp, err := getPublicIp()
 	if err != nil {
 		return nil, errors.Wrap(err, "Error getting public IP address")
@@ -56,6 +66,7 @@ func newLambdaExecutionManager(port string, regions []string, frequency time.Dur
 		regions: regions,
 		frequency: frequency,
 		publicIp: publicIp,
+		proxyType: proxyType,
 	}
 	go executionManager.run()
 	return executionManager, nil

lambdaexecution.go

@@ -2,7 +2,7 @@ package awslambdaproxy
 
 import "strings"
 
-const Version = "0.0.1"
+const Version = "0.0.2"
 func LambdaVersion() string {
 	return "v" + strings.Replace(Version, ".", "-", -1)
 }