一、Socks5协议简介
socks5是基于传输层的协议,客户端和服务器经过两次握手协商之后服务端为客户端建立一条到目标服务器的通道,在传输层转发TCP/UDP流量。
关于socks5协议规范,到处都可以找到,我再重复一遍也没啥意思,因此不再赘述,可以参见rfc1928(英文),或者查阅维基百科SOCKS5 - 维基百科(中文)。
二、代码实现
基于socks5进行了一个代理服务器的简单实现,认证方式没有做,客户端和服务器只是简单的进行两次握手即开始转发数据。
package cc11001100.proxyServerDev.socks5;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
/**
* socks5代理服务器简单实现
*
* <a>https://www.ietf.org/rfc/rfc1928.txt</a>
* <p>
* <p>
* 使用socks5代理的坑,域名在本地解析还是在代理服务器端解析,有些比如google.com就必须在代理服务器端解析
* <a>https://blog.emacsos.com/use-socks5-proxy-in-curl.html</a>
*
* @author CC11001100
*/
public class Socks5ProxyServer {
// 服务监听在哪个端口上
private static final Integer SERVICE_LISTENER_PORT = 10086;
// 能够允许的最大客户端数量
private static final Integer MAX_CLIENT_NUM = 100;
// 用于统计客户端的数量
private static AtomicInteger clientNumCount = new AtomicInteger();
// socks协议的版本,固定为5
private static final byte VERSION = 0X05;
// RSV,必须为0
private static final byte RSV = 0X00;
private static String SERVER_IP_ADDRESS;
static {
try {
SERVER_IP_ADDRESS = InetAddress.getLocalHost().getHostAddress();
} catch (UnknownHostException e) {
e.printStackTrace();
}
}
public static class ClientHandler implements Runnable {
private Socket clientSocket;
private String clientIp;
private int clientPort;
public ClientHandler(Socket clientSocket) {
this.clientSocket = clientSocket;
this.clientIp = clientSocket.getInetAddress().getHostAddress();
this.clientPort = clientSocket.getPort();
}
@Override
public void run() {
try {
// 协商认证方法
negotiationCertificationMethod();
// 开始处理客户端的命令
handleClientCommand();
} catch (Exception e) {
handleLog("exception, " + e.getMessage());
} finally {
close(clientSocket);
handleLog("client dead, current client count=%s", clientNumCount.decrementAndGet());
}
}
// 协商与客户端的认证方法
private void negotiationCertificationMethod() throws IOException {
InputStream is = clientSocket.getInputStream();
OutputStream os = clientSocket.getOutputStream();
byte[] buff = new byte[255];
// 接收客户端的支持的方法
is.read(buff, 0, 2);
int version = buff[0];
int methodNum = buff[1];
if (version != VERSION) {
throw new RuntimeException("version must 0X05");
} else if (methodNum < 1) {
throw new RuntimeException("method num must gt 0");
}
is.read(buff, 0, methodNum);
List<METHOD> clientSupportMethodList = METHOD.convertToMethod(Arrays.copyOfRange(buff, 0, methodNum));
handleLog("version=%s, methodNum=%s, clientSupportMethodList=%s", version, methodNum, clientSupportMethodList);
// 向客户端发送回应,这里不进行认证
buff[0] = VERSION;
buff[1] = METHOD.NO_AUTHENTICATION_REQUIRED.rangeStart;
os.write(buff, 0, 2);
os.flush();
}
// 认证通过,开始处理客户端发送过来的指令
private void handleClientCommand() throws IOException {
InputStream is = clientSocket.getInputStream();
OutputStream os = clientSocket.getOutputStream