Anonymity on the Internet is not a new topic. And you probably installed a program like A4Proxy, SocksChain on your computer
and the like. Personally, I don’t like it when you need some kind of separate program to work with proxies. Firstly
it’s ugly when there are a lot of windows on the taskbar or tray icons, secondly, these programs require cracks, and they
I’m too lazy to look :) That’s why I wrote classes to support SOCKS5 servers, which I can now use
in some of your programs. And now I want to tell everyone how to do it.

Which servers and which protocols we can access through a proxy depends on
the type of this proxy, i.e. the protocol by which we access it. There are several types of proxies:
HTTP proxies, SOCKS4, SOCKS5, SSL CONNECT, etc. HTTP proxies are the most common, they are the easiest to find on the Internet, but they only work with HTTP, moreover
they can insert the client’s address into the request headers, that is, be
not anonymous. The SOCKS protocol is most notable in that it encapsulates not application protocols, but
transport layer, i.e. TCP/IP and UDP/IP. Since only these protocols are used to work on the Internet,
through SOCKS you can work with any servers, including the same SOCKS and,
thus, organize chains of SOCKS servers. For the same reason, ALL SOCKS servers are anonymous - impossible
at the TCP/IP and UDP/IP level, transmit additional information without disrupting the work of the higher one
protocol.

We will focus on the SOCKS5 protocol. Its description is in
. For SOCKS5 the standard port is 1080, but, however, this
No one pays much attention to the standard. Each SOCKS connection goes through an authentication stage, if required, then the client
sends a command. The command can be one of three:
CONNECT - outgoing TCP connection to the specified address. We will look at using this command
in more detail, since it is needed most often. BIND - open a port (the server selects a port and sends the address and port to the client) and accept a TCP connection.
The server may need to know who will be connecting. In this case, you need to pass on this information. UDP ASSOCIATE - open a UDP port (the server selects the port). Data intended for the end
host and data from it also travels via UDP. Data in SOCKS5 is transmitted in binary form, and not in text form, as in HTTP, SMTP, POP3, etc.

Protocol description

Having connected to the server, the client sends a packet indicating the protocol version and supported
authentication methods. This package has the following format:

BYTE Version;
BYTE nMethods;
BYTE methods

The version must be 5. Each methods element defines not only the authentication method, but also the method of data encryption,
if it is used. The server chooses one of these methods. You can specify any number of methods, but if the server does not require authentication, then no methods
other than 0x00 (use neither authentication nor encryption) will not be required. In response, the server sends a packet with the following content:

BYTE Version
BYTE method

where method is the method chosen by the server or 0xFF (none of the proposed methods are supported). If the method is 0x00, then you can immediately send the command.

The command packet has the following format:

BYTE Version; // 5
BYTE Cmd ; // 1 — CONNECT
BYTE Reserved; // 0

BYTE addr;
WORD port; // Bytes in network order, i.e. htons(Port);

If a domain name is used, the length byte comes first, and then the string without the terminating null.

The server sends a response:

BYTE Version; // 5
BYTE Rep; // 0 — Ok
BYTE Reserved; // 0
BYTE AType; // 1 - IPv4; 3 - domain name; 4 - IPv6
BYTE addr;
WORD port;

Here address and port are the address and port visible to the host. As a rule, the IP address is returned, not the domain
Name. This address may differ from the one at which we access the server, especially if the server
used for its intended purpose, i.e. to exit from the local area to the Internet. If Rep is not zero, i.e. an error, then close the connection,
otherwise we work with the host. We don't use encryption, so we simply send and receive data as with a normal connection. If one of the parties closes the connection to the socks server, it will immediately close the connection to the other
side. One socks connection encapsulates one TCP connection or attempt to establish one,
so if you use socks for anonymous port scanning, then this
the procedure may take half a day.

Coding

Since socks encapsulates TCP, it makes sense to make the socks connection class derive from
socket class, but MFC's CSocket is not suitable, because he has all the methods
not virtual. Let's write our own socket class and call it, say, CTSocket

#include

class CTSocket
{
public:





virtual void Close();
virtual unsigned long GetHost(); // Find out your address. This may also be needed.

private:
SOCKET sock;
};

Everyone can write the implementation of this class themselves (who doesn’t know how, RTFM MSDN), so I won’t write it
consider. Now let's write a socks connection class. It will support only the most necessary set
functions: only the CONNECT command is supported, authentication and SOCKS server are not supported
is specified only by IP address, not by domain name. More cannot fit in one article.

Class CSocksSocket: public CTSocket
{
public:
virtual BOOL CreateSocket();
virtual BOOL Connect(unsigned long ip, unsigned short port);
virtual BOOL Connect(LPCSTR name, unsigned short port);
virtual int Send(const char* str, int len);
virtual int Recv(char* buf, int max);
virtual BOOL Close();
virtual unsigned long GetHost();

CTSocket* pSocket;
unsigned long socks_ip;
unsigned short socks_port;

private:
char buffer; // This size is definitely enough
unsigned long l_ip; // Address returned by the function
GetHost()
};

// Implementation
BOOL CSocksSocket::CreateSocket()
{
if (!pSocket->CreateSocket()) return FALSE;
if (!pSocket->Connect(socks_ip, socks_port)) return FALSE;
buffer = 5; //Ver
buffer = 1; // 1 method
buffer = 0; // no authentication
pSocket->Send(buffer, 3);
int n = pSocket->Recv(buffer, 2);
if (n != 2) return FALSE;
method 0 not supported
return TRUE;
}

BOOL CSocksSocket::Connect(unsigned long ip, unsigned short port)
{
buffer = 5; //Ver
buffer = 1; // CONNECT
buffer = 0; //Reserved
buffer = 1; // IPv4
*((unsigned long*)(buffer + 4)) = ip;
*((unsigned short*)(buffer + 8)) = port;
pSocket->Send(buffer, 10);
int n = pSocket->Recv(buffer, 10);
if (n != 10) return FALSE;
if (buffer != 0) return FALSE; // Can't connect

return TRUE;
}

BOOL CSocksSocket::Connect(LPCSTR name, unsigned short port)
{
buffer = 5;
buffer = 1;
buffer = 0;
buffer = 3; // Domain name
int m = strlen(name);
buffer = m; // Length byte
memcpy(buffer+5, name, m); //Copying a string without a terminating null
*((unsigned short*)(buffer + 5 + m)) = port;
pSocket->Send(buffer, m + 7);
int n = pSocket->Recv(buffer, 10);
if (n != 10) return FALSE;
if (buffer != 0) return FALSE;
if (buffer != 1) return FALSE; //We will demand that they tell us the IP, and not something else.
l_ip = *((unsigned long*)(buffer + 4));
return TRUE;
}

int CSocksSocket::Send(const char* str, int len)
{
return pSocket->Send(str, len);
}

int CSocksSocket::Recv(char* buf, int max)
{
return pScoket->Recv(buf, max);
}

void CSocksSocket::Close()
{
pSocket->Close();
}

unsigned long CSocksSocket::GetHost()
{
return l_ip;
}

//Well, now the test program
void main()
{
WSADATA wsadata;
CTSocket tsock;
CSocksSocket ssock(&tsock);

WSAStartup(MAKEWORD(2,2), &wsadata);

ssock.socks_ip = inet_addr("10.10.10.10"); // Enter the desired address here
ssock.socks_port = 1080; //Enter the port here

if (!ssock.CreateSocket()) return; // Can't connect to socks
// or authentication required
if (!ssock.Connect("www.mail.ru", htons(80))) return; // www.mail.ru
// is inaccessible
LPSTR q = "HEAD / HTTP/1.1\xD\xAHost: www.mail.ru:80\xD\xAUser-Agent: xakep\xD\xA\xD\xA";
ssock.Send(q, strlen(q));

char buf;
int n = ssock.Recv(buf, 1000);
buf[n] = 0;
printf("%s", buf);

Today, there are several main technologies whose purpose is to hide the IP address. In this article you will have the opportunity to familiarize yourself with one of them, namely VPN.

First of all, to complete this process, you need to know not only your personal IP address, but also the server DNS address. In principle, there are no difficulties in obtaining this information; it is enough, for example, to visit the website www.whoer.net.

Even if you want to change your IP address data, it is not enough to use a VPN or Socks, since today there are a lot of technologies with which you can easily identify it. So, let's return to our topic and study the VPN method in more detail.

VPN (Virtual Private Network, virtual private network)

First of all, it is worth noting that an external VPN connection is practically no different from a regular connection to a particular local network. In this case, applications will not feel any difference in any way, and therefore will use it as an “entrance” to the Internet.

The main thing is that they will not need any settings. If one of them accesses a remote direct service, a special so-called GRE package will be created on the computer. It, in turn, will be sent in encrypted form to the VPN server.

The action of the VPN server is that when it receives the packet, it will decrypt it, disassemble it and perform the necessary action on its behalf. After receiving a response from a resource of the remote type, it will place it directly into the GRE package. After this, it will encrypt and send it to the client.

It must be remembered that to increase the degree of security, systematic encryption of the data that is transmitted is necessary. It is important that by using MPPE (Microsoft Point-to-Point Encryption) PPTP traffic can be encrypted.

It represents a Microsoft protocol. It is important that the first versions were not only impractical, but also systematically subject to hacking, but even today they are not famous for their particular effectiveness. The thing is that modern versions of Microsoft simply do not analyze any penalties.

OpenVPN is a free technological implementation of VPN, which is organized taking into account the generally accepted Internet protocol stack TCP/IP. Thus, you can be fully confident that the connection will be made with those providers that do not actually support the required PPTP.

In particular, OpenVPN operates if you do not have a personal IP address. This feature is distinctive, for example, from PPTP, which necessarily requires two network sessions at once.

How to set up secure access to Internet?

Organizing secure access to the Internet is a pressing problem not only for large companies and corporations, but also for ordinary users. Everyone’s habitual access to the network through a wired Internet provider or mobile operator does not allow us to talk about any protection of your data from attackers who have been actively stealing confidential user data in recent years. In addition, providers often introduce regional restrictions on user access to certain web resources and services, blocking access by IP addresses.

You can bypass blocking and achieve a fairly high level of security and anonymity using a bunch of RDP + socks proxy. It is quite easy to organize such a connection for accessing the network, and we will describe in detail how to do this in this guide.

WhatsuchRDP (Remote Desktop Protocol) ?
Features and Benefits of RDP

RDP – an abbreviation for the English phrase “ Remote Desktop Protocol ", that is, "Remote Desktop Protocol". This protocol was originally created by the company Microsoft to provide remote user access to servers and computers running the operating system Windows. Essentially RDP allows the user to remotely control a computer running the OS Windows connected to a local network or the Internet, from another computer on which the client program is installed RDP.

Thanks to RDP the user can access the Internet not directly from his computer, but through a remote computer on the network, which allows you to completely hide the fact of using tunneling, that is, for the final website you are working with, you will look as if you were working directly from your computer without using tunneling. Thus, you use a secure communication channel, which, together with the use of a proxy server, socks allows you to achieve maximum security and anonymity.

Getting Free RDP
Instructions - how to get free RDP

On the Internet you can find a lot of free or low-cost services that provide access to dedicated servers with OS Windows , on which you can configure the link RDP+ socks -proxy for organizing anonymous and secure access to web resources. Here are some links to similar services.

VPS.ua

· Rusonyx

Inferno Solutions

· 1Gb.ru

Siteko.net

If any of these resources does not work, or you want a more powerful server for solving high-performance tasks, you can find budget services that, for a small fee, will provide you with constant access to a server with the capacity you are interested in.

After registration you will have access to the server with the OS Windows . The easiest way is to rent a server with this operating system, since the server version Windows is not much different from the regular version, and you can easily install familiar software applications and configure the system to suit all your necessary needs.

Setting up and connecting to RDP (Remote Desktop)

After registration, the user gains access to his personal remote control account Windows -server. Among other information, the service provider indicates IP -server address for connecting to it from a remote device (PC, smartphone, tablet, etc.). To connect to the server you must enter this IP -address in the address bar RDP - client built into the OS Windows on the user's local computer. For this:

1. Open the Remote Desktop Connection terminal client built into Windows . To do this, go to START->All Programs -> Accessories -> Remote Desktop Connection, or open the menu START -> Run and enter the commandmstsc and click "OK"

2. In the window that opens, enter IP -address of the rented Windows -server specified by the service provider. Click the Show Options button.

3. In the “User” field, enter the username for administering the rented server specified by the service provider, and go to the “Local Resources” tab.

4. In the “Local Resources” tab, click on the “Details” button.

5. Select the local computer devices and resources that you will use during the remote session. We recommend checking the box next to “Disks” so that the local hard drive is available when working on a remote server. Click the "OK" button and the "Connect" button.

6. In the window that opens, enter the password to access the remote server and click “OK”

7. The remote desktop of the remote server will open on your desktop. Now you can manage a remote server in the same way as a local computer.

Getting a proxy from the SOCKS Admin control panel

The next step is to gain access to the SOCKS proxy service on the website. To do this, follow a few simple steps:

1. Go to pageand login to your account

2. Enter your account login and password to access the service. This will open the Account Administrator Panel. This panel displays a proxy search button socks 4/5 on various parameters ( Proxy Search ), button to display a list of all currently available proxies ( List Proxies ) and a button to display information about your account ( Account Settings).

3. Click the proxy search button ( Proxy Search ) and select any country whose proxy servers you want to use, then click the button Go.

4. The screen displays search results with detailed information about available proxy servers: country, state, city, network, operating time, time of last check of server availability and speed.

5. Click on the name of any server that suits you, after which a window with additional information will open. To view IP -proxy and port addresses click click here to view.

6. After a few seconds, information about IP -address and port of the proxy server. Copy or write down this data - you will need it for later setting up browsers on a remote server. In the given example IP -address: 83.85.214.142, Port: 58933.

Setting up socks 5 proxy on remote desktop (RDP) in FireFox browser

1. Connect to the remote server following the instructions at the beginning of this guide.

2. Download and install the browser Firefox on a remote server.

3. After installation is complete, launch your browser Firefox , open the settings panel and go to the Settings menu (“ Options").

4. Open the “Advanced” tab (“ Advanced "), "Network" tab (" Network ") and click the "Configure" button (" Settings")

5. In the window that opens, select the following options:

· Manually setting up a proxy service ( Manual proxy configuration)

· SOCKS v 5. Enter the IP address of the SOCKS proxy which we received onhttps://5socks. net(in our example 83.85.214.142)

· Enter the port number of the received proxy (in our example 58933)

· Activate SOCKS 5, as well as “Remote DNS” (all DNS requests will be executed on the Sox server side)

· Click OK.

6. Firefox setup is complete.

7. http://www.ipleak.com

From the screenshot we see that the network address of your computer corresponds to Dutch IP address 83.85.214.142.

Setting up socks 5 proxy on remote desktop (RDP) in Internet Explorer

1. Launch a browser on the remote desktop Internet Explorer , go to menu"Tools" and select "Internet Options".

2. Open the “Connections” tab and click on the “LAN Settings...” button. In the window that opens, activate the item "Use a proxy server for your LAN" and click the "Advanced" button.

3. In the window that opens, in the field “ Socks » SOCKS proxy IP address which we received onhttps://5socks. net(in our example 83.85.214.142), and in the field “ Port "enter the port number of the received proxy (in our example 58933)

ATTENTION! Please indicate IP -address and port only in line SOCKS . The remaining fields must be left blank

3. Click “OK” in all windows opened during the setup process.

4. Setting up Internet Explorer completed.

4. Make sure that you are using a proxy server. To do this, open Internet Explorer on your remote desktop, follow the link http://www.ipleak.com and check your current IP address.

From the screenshot we see that the visible network address of your computer corresponds to Dutch IP address 83.85.214.142.

With vpnki you can access your home network via proxy server. More precisely, we use two proxy servers:

• for HTTP connections - http proxy
• for any connections via TCP protocol - SOCKS5 proxy

Using an http proxy, you can have access from the Internet to web interface your home device (server, DVR, video camera, etc.), and with the help of a SOCKS5 proxy you can have access to home devices using protocols such as ssh And VNC(as well as for many others that use the TCP protocol).

Access through a proxy server is provided if:

• tunnel connected to the VPN system from your device via any of the protocols (PPTP, L2TP, L2TP/IPsec, OpenVPN)
• presence of a tick(about using proxy) on your personal vpnki page
• configured client software (browser, ssh or VNC client)

The login/password you use, which you will enter when connecting through a proxy, must NOT be connected via VPN. Proxy connections without authorization will not be accepted.

Before use, check whether your client software can use a proxy server with authorization.

Brief instructions on using HTTP and SOCKS5 proxy connections

1. If you check the box on the personal page of the vpnki system, you will be allocated two TCP ports:

• one for http proxy
• the second one is for SOCKS5 proxy

Write them down and use them when configuring your client software

2. Browser settings (in general, suitable for any browser)

2.1. Go to your browser settings and select an item similar to "Network Settings"

2.2. Go to Internet connection settings

2.3. Specify http proxy as - msk.site and the port given to you on your personal page for http connections (in this example 54505)

2.4. Type the address of the web interface on your home network into your browser

If you look at the rules for using a proxy in your browser, you will notice that according to the settings made, the connections are now to all nodes Internet networks will be installed through the specified proxy. However, our proxy server does not provide Possibility of Internet access. Unfortunately, browser manufacturers provide a limited ability to specify exceptions to the proxy rule (“Do not use a proxy for...”) and, alas, this rule does not allow you to describe the situation “Accessing your home network through a proxy, access to all servers Internet - no proxy"

Thus, with the previously configured browser settings, you will have access to your home network, but will not be able to access any site on the Internet.

In such a situation, there are two options:

• Use two browsers (one with proxy settings to access your home network, the second without proxy settings to access all Internet resources), but this is not very convenient
• Use an additional browser plugin in which the rules for using proxies are written more flexibly. Such a plugin can be a plugin AutoProxy for Firefox

2.6. AutoProxy plugin for Firefox. In it you need: A) specify proxy server - msk.... b) Create a group of rules and the rules themselves, specifying only those addresses to which connections should be made through a proxy server. All other connections will be made without using a proxy. An example of the rules is shown in the figure below. In this case, in the vpnki rules group there are three rules (home network addresses) for which a proxy connection will be used. Specifying addresses in rules begins with the symbol ||

3. VNC client settings

3.2. Set up VNC Viewer: specify in the Proxy settings - msk.site and the port issued to you for SOCKS5 connections on your personal vpnki page

3.3. Create a connection to your device and launch it

ADDITIONALLY ON THE TOPIC

• You can read a little more detail about IP addresses on our website.

• About accessing the Internet via VPN and the central office, you can

• You can read about remote access to a computer on our website

• You can read about VPNs and protocols

To speed up work with some programs and parsers that I use, proxies are required; at first I rented them, but then I decided to install my SOKS5 proxy servers on existing servers with websites.

All servers are running Ubuntu Server 14.04, maybe 12.04 somewhere, but the description should also be suitable for all other Debian-based systems.

There are 2 ways known to me to organize the operation of a SOKS5 server:

1. SOCKS over SSH. This method is convenient in its simplicity but inconvenient if used frequently, or used from different machines;
2. Installing a SOCKS server. Using this method will take a little more time for the initial setup, but then using a proxy will be faster and more convenient.

SOCKS over SSH

In order to install SOCKS5 via SSH, you only need access to the SSH server.

Enter in the terminal or SSH client (PuTTY for Windows)

Ssh -D 1080 user@server

If it asks for a password, you need to enter the password from the SSH server.

-D- indicates the port on which the SOKS5 server will be accessible

That's it, after that you can connect to the SOKS5 server at localhost:1080 or 127.0.0.1:1080

This method is convenient because you do not need to install or configure anything additional. But before each connection or after the ssh connection is broken, for example due to Internet problems, you will have to re-enter this command.

Installing a SOCKS server

Installing an older version of Dante Server

sudo apt-get update sudo apt-get install dante-server

Sudo nano /etc/danted.conf

Bringing him to this form

Logoutput: syslog /var/log/danted.log internal: eth0 port = 1085 external: eth0 method: username user.privileged: root user.notprivileged: nobody client pass ( from: 0.0.0.0/0 to: 0.0.0.0/0 log: error ) pass ( from: 0.0.0.0/0 to: 0.0.0.0/0 command: connect log: error method: username )