├── .github └── FUNDING.yml ├── plugin.yaml ├── README.md ├── LICENSE ├── .gitignore └── socksproxyserver.py /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [bc-security] 4 | -------------------------------------------------------------------------------- /plugin.yaml: -------------------------------------------------------------------------------- 1 | name: SocksProxyServer Plugin 2 | authors: 3 | - name: Anthony Rose 4 | handle: '@Cx01N' 5 | link: https://twitter.com/Cx01N_ 6 | - name: 7 | handle: '@mjokic' 8 | link: 9 | software: 10 | techniques: [] 11 | main: socksproxyserver.py 12 | auto_start: false 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SocksProxyServer-Plugin 2 | The Socks Proxy Plugin runs a Socks Proxy Server for [Invoke-SocksProxy](https://github.com/BC-SECURITY/Invoke-SocksProxy) 3 | that supports Socks 4 and 5 protocols. This plugin is entirely contained in [Empire](https://github.com/BC-SECURITY/Empire/) 4 | and runs in the background. 5 | 6 | 7 | 8 | ## Install 9 | Prerequisites: 10 | - Empire >= 6.0 11 | 12 | 1. Install from the Marketplace 13 | 14 | ![image](https://github.com/user-attachments/assets/0cc5ef26-4cac-4533-bebf-8f9ceb37220c) 15 | 16 | 17 | ## Usage 18 | ### Client 19 | 1. Once installed from the Marketplace go to the settings tab of the plugin 20 | ![image](https://github.com/user-attachments/assets/5235bfa4-6a20-4fe5-a42a-8cea4afa0633) 21 | 22 | 2. The ports default to 443 for listening for an external connection and 1080 for use by proxychains 23 | 24 | ## Future Features 25 | - Add multiple socks server support (similar to agents and listeners) 26 | - Add UDP and bind request support 27 | 28 | ## Contributions 29 | Updates made from @mjokic plugin [code](https://github.com/BC-SECURITY/Empire/pull/351) 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 BC Security 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | share/python-wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | MANIFEST 28 | 29 | # PyInstaller 30 | # Usually these files are written by a python script from a template 31 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 32 | *.manifest 33 | *.spec 34 | 35 | # Installer logs 36 | pip-log.txt 37 | pip-delete-this-directory.txt 38 | 39 | # Unit test / coverage reports 40 | htmlcov/ 41 | .tox/ 42 | .nox/ 43 | .coverage 44 | .coverage.* 45 | .cache 46 | nosetests.xml 47 | coverage.xml 48 | *.cover 49 | *.py,cover 50 | .hypothesis/ 51 | .pytest_cache/ 52 | cover/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | .pybuilder/ 76 | target/ 77 | 78 | # Jupyter Notebook 79 | .ipynb_checkpoints 80 | 81 | # IPython 82 | profile_default/ 83 | ipython_config.py 84 | 85 | # pyenv 86 | # For a library or package, you might want to ignore these files since the code is 87 | # intended to run in multiple environments; otherwise, check them in: 88 | # .python-version 89 | 90 | # pipenv 91 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 92 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 93 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 94 | # install all needed dependencies. 95 | #Pipfile.lock 96 | 97 | # poetry 98 | # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. 99 | # This is especially recommended for binary packages to ensure reproducibility, and is more 100 | # commonly ignored for libraries. 101 | # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control 102 | #poetry.lock 103 | 104 | # pdm 105 | # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. 106 | #pdm.lock 107 | # pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it 108 | # in version control. 109 | # https://pdm.fming.dev/#use-with-ide 110 | .pdm.toml 111 | 112 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm 113 | __pypackages__/ 114 | 115 | # Celery stuff 116 | celerybeat-schedule 117 | celerybeat.pid 118 | 119 | # SageMath parsed files 120 | *.sage.py 121 | 122 | # Environments 123 | .env 124 | .venv 125 | env/ 126 | venv/ 127 | ENV/ 128 | env.bak/ 129 | venv.bak/ 130 | 131 | # Spyder project settings 132 | .spyderproject 133 | .spyproject 134 | 135 | # Rope project settings 136 | .ropeproject 137 | 138 | # mkdocs documentation 139 | /site 140 | 141 | # mypy 142 | .mypy_cache/ 143 | .dmypy.json 144 | dmypy.json 145 | 146 | # Pyre type checker 147 | .pyre/ 148 | 149 | # pytype static type analyzer 150 | .pytype/ 151 | 152 | # Cython debug symbols 153 | cython_debug/ 154 | 155 | # PyCharm 156 | # JetBrains specific template is maintained in a separate JetBrains.gitignore that can 157 | # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore 158 | # and can be added to the global gitignore or merged into this file. For a more nuclear 159 | # option (not recommended) you can uncomment the following to ignore the entire idea folder. 160 | .idea/ -------------------------------------------------------------------------------- /socksproxyserver.py: -------------------------------------------------------------------------------- 1 | import _thread 2 | import queue 3 | import socket 4 | import ssl 5 | from typing import override 6 | 7 | from empire.server.core.config import config_manager 8 | from empire.server.core.plugins import BasePlugin 9 | 10 | 11 | class Plugin(BasePlugin): 12 | @override 13 | def on_load(self, db): 14 | self.execution_enabled = False 15 | self.settings_options = { 16 | "handlerport": { 17 | "Description": "Port number.", 18 | "Required": True, 19 | "Value": 443, 20 | }, 21 | "proxyport": { 22 | "Description": "Port number.", 23 | "Required": True, 24 | "Value": 1080, 25 | }, 26 | "certificate": { 27 | "Description": "Certificate directory [Default: Empire self-signed cert].", 28 | "Required": False, 29 | "Value": "", 30 | "Type": "file", 31 | }, 32 | "privatekey": { 33 | "Description": "Private key directory [Default: Empire private key]", 34 | "Required": False, 35 | "Value": "", 36 | "Type": "file", 37 | }, 38 | } 39 | 40 | # load default empire certs 41 | self.cert_path = str(config_manager.DATA_DIR / "cert") 42 | self.certificate = f"{self.cert_path}/empire-chain.pem" 43 | self.private_key = f"{self.cert_path}/empire-priv.key" 44 | self.handler_port = self.settings_options["handlerport"]["Value"] 45 | self.proxy_port = self.settings_options["proxyport"]["Value"] 46 | 47 | @override 48 | def on_start(self, db): 49 | settings = self.current_settings(db) 50 | self.handler_port = settings["handlerport"] 51 | self.proxy_port = settings["proxyport"] 52 | if settings["certificate"]: 53 | self.certificate = settings["certificate"] 54 | if settings["privatekey"]: 55 | self.private_key = settings["privatekey"] 56 | 57 | _thread.start_new_thread( 58 | self.server, 59 | ( 60 | self.handler_port, 61 | self.proxy_port, 62 | self.certificate, 63 | self.private_key, 64 | ), 65 | ) 66 | 67 | def on_stop(self, db): 68 | """ 69 | if the plugin spawns a process provide a shutdown method for when Empire exits else leave it as pass 70 | """ 71 | socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect( 72 | ("127.0.0.1", int(self.handler_port)) 73 | ) 74 | socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect( 75 | ("127.0.0.1", int(self.proxy_port)) 76 | ) 77 | 78 | def handler_server(self, q, handler_port, certificate, private_key): 79 | context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) 80 | context.minimum_version = ssl.TLSVersion.TLSv1 81 | context.set_ciphers("DEFAULT@SECLEVEL=0") 82 | context.load_cert_chain(certificate, private_key) 83 | try: 84 | dock_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 85 | dock_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 86 | dock_socket.bind(("", int(handler_port))) 87 | dock_socket.listen(5) 88 | self.send_socketio_message("[+] Socks proxy server started") 89 | 90 | while self.enabled: 91 | try: 92 | clear_socket, address = dock_socket.accept() 93 | client_socket = context.wrap_socket(clear_socket, server_side=True) 94 | try: 95 | data = b"" 96 | while data.count(b"\n") < 3: 97 | data_recv = client_socket.recv() 98 | data += data_recv 99 | client_socket.send( 100 | b"HTTP/1.1 200 OK\nContent-Length: 999999\nContent-Type: text/plain\nConnection: Keep-Alive\nKeep-Alive: timeout=20, max=10000\n\n" 101 | ) 102 | q.get(False) 103 | except Exception: 104 | pass 105 | q.put(client_socket) 106 | except Exception: 107 | pass 108 | except Exception as e: 109 | self.send_socketio_message("[!] " + e.strerror) 110 | finally: 111 | dock_socket.close() 112 | 113 | def get_active_connection(self, q): 114 | try: 115 | client_socket = q.get(block=True, timeout=10) 116 | except Exception: 117 | return None 118 | try: 119 | client_socket.send(b"HELLO") 120 | except Exception: 121 | return self.get_active_connection(q) 122 | return client_socket 123 | 124 | def server(self, handler_port, proxy_port, certificate, private_key): 125 | q = queue.Queue() 126 | _thread.start_new_thread( 127 | self.handler_server, (q, handler_port, certificate, private_key) 128 | ) 129 | try: 130 | dock_socket2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 131 | dock_socket2.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 132 | dock_socket2.bind(("127.0.0.1", int(proxy_port))) 133 | dock_socket2.listen(5) 134 | self.send_socketio_message("[*] Socks server listening on: " + str(proxy_port)) 135 | 136 | while self.enabled: 137 | try: 138 | client_socket2, address = dock_socket2.accept() 139 | client_socket = self.get_active_connection(q) 140 | if client_socket is None: 141 | client_socket2.close() 142 | _thread.start_new_thread( 143 | self.forward, (client_socket, client_socket2) 144 | ) 145 | _thread.start_new_thread( 146 | self.forward, (client_socket2, client_socket) 147 | ) 148 | except Exception as e: 149 | self.send_socketio_message(f"[!] Exception: {e}") 150 | except Exception as e: 151 | self.send_socketio_message(f"[!] Exception: {e}") 152 | finally: 153 | dock_socket2.close() 154 | self.send_socketio_message("[!] Socks proxy server stopped") 155 | 156 | def forward(self, source, destination): 157 | try: 158 | string = " " 159 | while string: 160 | string = source.recv(1024) 161 | if string: 162 | destination.sendall(string) 163 | else: 164 | source.shutdown(socket.SHUT_RD) 165 | destination.shutdown(socket.SHUT_WR) 166 | except Exception: 167 | try: 168 | source.shutdown(socket.SHUT_RD) 169 | destination.shutdown(socket.SHUT_WR) 170 | except Exception: 171 | pass 172 | pass 173 | --------------------------------------------------------------------------------