API Documentation

This package provides a high-level interface to manage, generate certificates and run a SOCKS service in Twisted framework. The following modules are defined:

CertStore

class sockssl.certstore.CertStore(root_cert=None, root_key=None)

Manage Root Certificate Authority, and generate Dummy Certificate

__init__(root_cert=None, root_key=None)

Create a CertStore instance

Parameters

  • root_cert (OpenSSL.crypto.X509, optional) – rootCA certificate - x509 instance. Defaults to None.

  • root_key (OpenSSL.crypto.PKey, optional) – rootCA private key - PKey instance. Defaults to None.

dummy_ctx(sni)

Get SSL context of dummy ceritficate from SNI list. Use for passing to twisted StartTLS

Parameters

sni (List[str]) – List of domain name, ips

Returns

twisted.internet._sslverify.OpenSSLCertificateOptions

dump_root_cert(filename, format='PEM')

Dump rootCA certificate to file

Parameters

  • filename (str) – path to certificate file

  • format (str, optional) – format of certificate, support PEM/DER. Defaults to “PEM”.

dump_root_key(filename, format='PEM')

Dump rootCA private key to file

Parameters

  • filename (str) – path to private key file

  • format (str, optional) – format of private key, support PEM/DER. Defaults to “PEM”.

gen_root_ca(org, cn, exp=94608000, key_size=2048)

Generate rootCA certificate + privatekey and store in root_key, root_cert

Parameters

  • org (str) – Organization name

  • cn (str) – Common Name

  • exp (int, optional) – Expiration time in second. Defaults to 94608000 == 3 years

  • key_size (int, optional) – RSA key size (1024/2048/…). Defaults to 2048.

load_root_cert(filename, format='PEM')

Load rootCA certificate from file

Parameters

  • filename (str) – path to certificate file

  • format (str, optional) – format of certificate, support PEM/DER. Defaults to “PEM”.

load_root_key(filename, format='PEM')

Load rootCA private key from file

Parameters

  • filename (str) – path to private key file

  • format (str, optional) – format of private key, support PEM/DER. Defaults to “PEM”.

root_cert = None

OpenSSL.crypto.x509 (certificate) instance of rootCA

root_ctx()

Get SSL context of rootCA ceritficate. Use for passing to twisted StartTLS

Returns

twisted.internet._sslverify.OpenSSLCertificateOptions

root_key = None

OpenSSL.crypto.PKey (private key) instance of rootCA

sockssl.certstore.find_client_hello(packet)

Parse ClientHello Packet of TLS 1.2

Parameters

packet (bytes) – stream of packet

Returns

TlsClientHello

sockssl.certstore.is_sni(obj)

Check if an object is SNI instance

Parameters

obj (object) –

Returns

bool

Service

class sockssl.service.SockService(host=None, port=None, cert_store=None, protocol=None, users=None, data=None)

Service class to manage certstore and serve your socks protocol

__init__(host=None, port=None, cert_store=None, protocol=None, users=None, data=None)

Create a SockService instance

Parameters

  • host (Optional[str], optional) – Interface as ip or hostname. Defaults to None.

  • port (Optional[int], optional) – Port in integer. Defaults to None.

  • cert_store (Optional[CertStore], optional) – Instance of CertStore Class. Defaults to None.

  • protocol (Any, optional) – Class of protocol you want to serve. Defaults to None.

  • users (Any, optional) – Auth users data of protocol. List[str] for SOCKSv4, List[Tuple[str, str]] for SOCKSv5. Defaults to None.

  • data (Any, optional) – Global data for that protocol (like auth data), will pass to SockFactory. Defaults to None.

serve_forever()

Listen TCP and run reactor forever

set_cert_store(cert_store=None)
Set CertStore instance to intercept TLS traffic.

Set to None if you don’t want to do TLS mitm.

Parameters

cert_store (Optional[CertStore], optional) – Instance of CertStore Class. Defaults to None.

set_data(data=None)

Set global data share between connection

Parameters

data (Any, optional) – Global data for that protocol (like auth data), will pass to SockFactory. Defaults to None.

set_host_port(host, port)

Set listen interface and port for service

Parameters

  • host (str) – Interface as ip or hostname

  • port (int) – Port in integer

set_protocol(protocol, users=None)

Set protocol and users data for service to serve, usually SOCKv4 or SOCKSv5.

Parameters

  • protocol (Any) – Class of protocol you want to serve

  • users (Any, optional) – Auth users data of protocol. List[str] for SOCKSv4, List[Tuple[str, str]] for SOCKSv5. Defaults to None.

Factory

class sockssl.factory.SockFactory(protocol, users=None, cert_store=None, data=None)

Twisted framework Protocol Factory: store global context and produce protocol handler for each connection

__init__(protocol, users=None, cert_store=None, data=None)

Create a SockFactory instance

Parameters

  • protocol (Any) – Class of protocol. SOCKSv4, SOCKSv5, … or your class

  • users (Any, optional) – Auth users data of protocol. Defaults to None.

  • cert_store (Optional[CertStore], optional) – Instance of CertStore to do TLS mitm. Defaults to None.

  • data (Any, optional) – Global data variable share between connection. Defaults to None.

Protocols

class sockssl.protocol.SOCKSv4(logging=None, reactor=<twisted.internet.epollreactor.EPollReactor object>)

Implementation of SOCKSv4 protocol compatiables with ISOCKS interface

class sockssl.protocol.SOCKSv5(reactor=<twisted.internet.epollreactor.EPollReactor object>)

Implementation of SOCKSv5 protocol compatiables with ISOCKS interface

Interface

class sockssl.protocol.isocks.ISOCKS

Interface to interact with SOCKS protocol

addr_client: <InterfaceClass twisted.internet.interfaces.IAddress> = None

Client information

addr_server: <InterfaceClass twisted.internet.interfaces.IAddress> = None

Server information

factory: <InterfaceClass twisted.internet.interfaces.IProtocolFactory> = None

Factory instance of current protocol connection

on_connect()

Trigger when a client connected

on_disconnect()

Trigger when client disconnected

on_recv_client(data)

Process data sent from client to server

Parameters

data (bytes) – Data from client

Returns

bytes – Data will be sent to server

on_recv_server(data)

Process data sent back from server to client

Parameters

data (bytes) – Data got from server

Returns

bytes – Data will be sent back to client

on_socks_established()

Trigger when a SOCKS tunnel established

on_socks_failed()

Trigger when a SOCKS connection failed to establish