Add in an aux module to create a socks4 proxy server. If you add in a route via a meterpreter session to the framework routing table the proxy server will use that route where appropriate. (Also modified the servers opts hash to optionally take a 'Comm' param if you want to programmatically create a socks4 server which will always use a specific meterpreter session for all socket creation - by default this does not happen and it uses the rex socket switchboard as per normal rex socket creation).

git-svn-id: file:///home/svn/framework3/trunk@10337 4d416f70-5f16-0410-b530-b9f4589650da

lib/rex/proto/proxy/socks4a.rb

@@ -161,10 +161,9 @@ class Socks4a
 			#
 			# Relay data coming in from relay_sock to this socket.
 			#
-			def relay( relay_client, relay_sock, relay_type )
+			def relay( relay_client, relay_sock )
 				@relay_client = relay_client
 				@relay_sock   = relay_sock
-				@relay_type = relay_type
 				# start the relay thread (modified from Rex::IO::StreamAbstraction)
 				@relay_thread = ::Thread.new do
 					loop do
@@ -246,7 +245,12 @@ class Socks4a
 						# handle socks4a conenct requests
 						if( request.is_connect? )
 							# perform the connection request
-							@rsock = Rex::Socket::Tcp.create( 'PeerHost' => request.dest_ip, 'PeerPort' => request.dest_port )
+							params = { 
+								'PeerHost' => request.dest_ip,
+								'PeerPort' => request.dest_port,
+								'Comm'     => @server.opts['Comm']
+							}
+							@rsock = Rex::Socket::Tcp.create( params )
 							# and send back success to the client
 							response         = Packet.new
 							response.version = REPLY_VERSION
@@ -255,7 +259,12 @@ class Socks4a
 						# handle socks4a bind requests
 						elsif( request.is_bind? )
 							# create a server socket for this request
-							bsock = Rex::Socket::TcpServer.create( 'LocalHost' => '0.0.0.0', 'LocalPort' => 0 )
+							params = { 
+								'LocalHost' => '0.0.0.0',
+								'LocalPort' => 0,
+								'Comm'      => @server.opts['Comm']
+							}
+							bsock = Rex::Socket::TcpServer.create( params )
 							# send back the bind success to the client
 							response           = Packet.new
 							response.version   = REPLY_VERSION
@@ -303,8 +312,8 @@ class Socks4a
 					@lsock.extend( Relay )
 					@rsock.extend( Relay )
 					# start the socket relays...
-					@lsock.relay( self, @rsock, 'lsock' )
-					@rsock.relay( self, @lsock, 'rsock' )
+					@lsock.relay( self, @rsock )
+					@rsock.relay( self, @lsock )
 				rescue
 					wlog( "Client.start - #{$!}" )
 					self.stop
@@ -344,7 +353,7 @@ class Socks4a
 	# Create a new Socks4a server.
 	#
 	def initialize( opts={} )
-		@opts          = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080 }
+		@opts          = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080, 'Comm' => nil }
 		@opts          = @opts.merge( opts )
 		@server        = nil
 		@clients       = ::Array.new
@@ -371,10 +380,14 @@ class Socks4a
 				# start the servers main thread to pick up new clients
 				@server_thread = ::Thread.new do
 					while( @running ) do
-						# accept the client connection
-						sock = @server.accept
-						# and fire off a new client instance to handle it
-						Client.new( self, sock ).start
+						begin
+							# accept the client connection
+							sock = @server.accept
+							# and fire off a new client instance to handle it
+							Client.new( self, sock ).start
+						rescue
+							wlog( "Socks4a.start - server_thread - #{$!}" )
+						end
 					end
 				end
 			rescue
@@ -384,6 +397,13 @@ class Socks4a
 			return true
 	end
 	
+	#
+	# Block while the server is running.
+	#
+	def join
+		@server_thread.join
+	end
+	
 	#
 	# Stop the Socks4a server.
 	#
@@ -399,16 +419,8 @@ class Socks4a
 			end
 			# close the server socket
 			@server.close if @server
-			# wait for the server main thread to terminate gracefully
-			begin
-				::Timeout.timeout( 30 ) do
-					@server_thread.join if @server_thread.alive?
-				end
-			rescue ::Timeout::Error
-				wlog( "Socks4a.stop - #{$!}" )
-			end
 			# if the server thread did not terminate gracefully, kill it.
-			@server_thread.kill if @server_thread.alive?
+			@server_thread.kill if( @server_thread and @server_thread.alive? )
 		end
 		return !@running
 	end
@@ -421,6 +433,8 @@ class Socks4a
 		@clients.delete( client )
 	end
 	
+	attr_reader :opts
+	
 end
 
 end; end; end

modules/auxiliary/server/socks4a.rb

@@ -0,0 +1,77 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'thread'
+require 'msf/core'
+require 'rex/proto/proxy/socks4a'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Auxiliary::Report
+	
+	def initialize
+		super(
+			'Name'        => 'Socks4a Proxy Server',
+			'Version'     => '$Revision$',
+			'Description' => 'This module provides a socks4a proxy server.',
+			'Author'      => 'sf',
+			'License'     => MSF_LICENSE,
+			'Actions'     =>
+				[
+				 	[ 'Proxy' ]
+				],
+			'PassiveActions' =>
+				[
+					'Proxy'
+				],
+			'DefaultAction'  => 'Proxy'
+		)
+
+		register_options(
+			[
+				OptString.new( 'SRVHOST', [ true,  "The address to listen on", '0.0.0.0' ] ),
+				OptPort.new( 'SRVPORT', [ true,  "The port to listen on.", 1080 ] )
+			], self.class )
+	end
+	
+	def setup
+		super
+		@mutex = ::Mutex.new
+		@socks4a = nil
+	end
+	
+	def cleanup
+		@mutex.synchronize do
+			if( @socks4a )
+				print_status( "Stopping the socks4a proxy server" )
+				@socks4a.stop
+				@socks4a = nil
+			end
+		end
+		super
+	end
+	
+	def run
+		opts = {
+			'ServerHost' => datastore['SRVHOST'],
+			'ServerPort' => datastore['SRVPORT']
+		}
+		
+		@socks4a = Rex::Proto::Proxy::Socks4a.new( opts )
+		
+		print_status( "Starting the socks4a proxy server" )
+		
+		@socks4a.start
+		
+		@socks4a.join
+	end
+
+end