Ir al contenido
1337skills 1337skills - Hojas de Trucos

redsocks

Overview

Sección titulada «Overview»

redsocks is a transparent redirector of TCP traffic through SOCKS and HTTPS proxies. It allows transparent routing of network traffic through proxy servers without client-side proxy configuration. Essential for network security testing, traffic analysis, malware sandbox environments, and implementing organization-wide proxy enforcement. Works on Linux via iptables/netfilter for transparent TCP interception and redirection.

Installation

Sección titulada «Installation»

Debian/Ubuntu

Sección titulada «Debian/Ubuntu»
sudo apt-get update
sudo apt-get install redsocks

Kali Linux (Pre-installed)

Sección titulada «Kali Linux (Pre-installed)»
which redsocks
redsocks --version

From Source

Sección titulada «From Source»
git clone https://github.com/darkk/redsocks.git
cd redsocks
make
sudo make install

Verify Installation

Sección titulada «Verify Installation»
redsocks --version
which redsocks
redsocks -c /dev/null  # Test config parsing

Basic Architecture

Sección titulada «Basic Architecture»
Client Application
    |
    v
[iptables REDIRECT]
    |
    v
redsocks daemon (127.0.0.1:12345)
    |
    v
[Proxy Server] (SOCKS4/5 or HTTPS)
    |
    v
Internet / Target Service

Configuration File

Sección titulada «Configuration File»

Basic Config Structure

Sección titulada «Basic Config Structure»
base {
  logfile = "/var/log/redsocks.log";
  log_debug = on;
  log_info = on;
  daemon = on;
  redirector = iptables;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;      // Proxy server IP
  port = 1080;              // Proxy server port
  type = socks5;            // socks4, socks5, https
  login = "username";
  password = "password";
}

Default Config Locations

Sección titulada «Default Config Locations»
/etc/redsocks.conf
/usr/local/etc/redsocks.conf
~/.redsocks.conf

SOCKS Proxy Configuration

Sección titulada «SOCKS Proxy Configuration»

SOCKS5 Server

Sección titulada «SOCKS5 Server»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks5;
  autoproxy = 0;
}

SOCKS5 with Authentication

Sección titulada «SOCKS5 with Authentication»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks5;
  login = "alice";
  password = "secret_password";
}

SOCKS4 Legacy Proxy

Sección titulada «SOCKS4 Legacy Proxy»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks4;
}

HTTPS Proxy Configuration

Sección titulada «HTTPS Proxy Configuration»

HTTPS Proxy Server

Sección titulada «HTTPS Proxy Server»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 443;
  type = https;
  autoproxy = 0;
}

HTTPS with Client Certificate

Sección titulada «HTTPS with Client Certificate»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 443;
  type = https;
  cert = "/path/to/client-cert.pem";
  key = "/path/to/client-key.pem";
}

iptables Rules Setup

Sección titulada «iptables Rules Setup»

Basic TCP Redirect

Sección titulada «Basic TCP Redirect»
# Enable IP forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Redirect HTTP traffic
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect HTTPS traffic
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

Exclude Local Traffic

Sección titulada «Exclude Local Traffic»
# Don't redirect localhost
sudo iptables -t nat -A OUTPUT -d 127.0.0.1 -j RETURN
sudo iptables -t nat -A OUTPUT -d 192.168.1.0/24 -j RETURN

# Then redirect everything else
sudo iptables -t nat -A OUTPUT -p tcp \
  -j REDIRECT --to-port 12345

Specific Port Redirection

Sección titulada «Specific Port Redirection»
# Redirect only HTTP
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect only HTTPS
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

# Redirect custom port
sudo iptables -t nat -A OUTPUT -p tcp --dport 8080 \
  -j REDIRECT --to-port 12345

Persist Rules

Sección titulada «Persist Rules»
# Save iptables rules
sudo iptables-save > /etc/iptables/rules.v4

# Restore on boot
sudo apt-get install iptables-persistent
sudo iptables-restore < /etc/iptables/rules.v4

Starting redsocks

Sección titulada «Starting redsocks»

Basic Startup

Sección titulada «Basic Startup»
# Start daemon
sudo redsocks -c /etc/redsocks.conf

# Start in foreground (debugging)
sudo redsocks -c /etc/redsocks.conf -f

Systemd Service

Sección titulada «Systemd Service»
# Start service
sudo systemctl start redsocks

# Enable on boot
sudo systemctl enable redsocks

# Check status
sudo systemctl status redsocks

# View logs
sudo journalctl -u redsocks -f

Manual Service Creation

Sección titulada «Manual Service Creation»
# Create systemd unit
sudo cat > /etc/systemd/system/redsocks.service << EOF
[Unit]
Description=Transparent TCP-to-proxy redirector
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/redsocks -c /etc/redsocks.conf
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable redsocks
sudo systemctl start redsocks

Testing redsocks

Sección titulada «Testing redsocks»

Verify Connection

Sección titulada «Verify Connection»
# Test HTTP access through redsocks
curl -v http://example.com

# Check if traffic is being redirected
curl -v http://192.0.2.1  # Any external IP

Monitor Traffic

Sección titulada «Monitor Traffic»
# Monitor local listening port
sudo netstat -tulpn | grep redsocks
sudo ss -tulpn | grep 12345

# Check iptables rules
sudo iptables -t nat -L -n -v

# Monitor in real-time
sudo watch 'iptables -t nat -L -n -v'

DNS Testing

Sección titulada «DNS Testing»
# Note: redsocks doesn't handle DNS by default
# Configure separate DNS redirect or use Tor

# Test DNS resolution
nslookup example.com
dig example.com

Advanced Configuration

Sección titulada «Advanced Configuration»

Multiple Proxy Servers

Sección titulada «Multiple Proxy Servers»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy1.example.com;
  port = 1080;
  type = socks5;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12346;
  ip = proxy2.example.com;
  port = 1080;
  type = socks5;
}

// Route different ports to different proxies

Load Balancing

Sección titulada «Load Balancing»
# Use multiple redsocks instances
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -m random --random-percent 50 \
  -j REDIRECT --to-port 12345

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12346

Conditional Redirection

Sección titulada «Conditional Redirection»
# Redirect only specific source IPs
sudo iptables -t nat -A OUTPUT -s 192.168.1.100 \
  -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect only specific destinations
sudo iptables -t nat -A OUTPUT -d 8.8.8.8 \
  -p tcp --dport 53 \
  -j REDIRECT --to-port 12345

Integration with Tor

Sección titulada «Integration with Tor»

Tor + redsocks

Sección titulada «Tor + redsocks»
# Install Tor
sudo apt-get install tor

# Start Tor (provides SOCKS5 on 127.0.0.1:9050)
sudo systemctl start tor

# Configure redsocks to use Tor
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 9050;
  type = socks5;
}

# Setup iptables as normal
sudo iptables -t nat -A OUTPUT -p tcp \
  -j REDIRECT --to-port 12345

Verify Tor Usage

Sección titulada «Verify Tor Usage»
# Check IP (should be Tor exit node)
curl https://api.ip.sb/ip
curl https://ifconfig.me

# Verify through TOR browser
wget -q -O - https://check.torproject.org | grep -oE "IP: [0-9.]+" || echo "Not using Tor"

Proxy Chaining

Sección titulada «Proxy Chaining»

Chain Multiple Proxies

Sección titulada «Chain Multiple Proxies»
# Client → redsocks1 → SOCKS proxy → redsocks2 → HTTPS proxy → Internet

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 12346;  // Chain to second redsocks
  type = socks5;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12346;
  ip = proxy.example.com;
  port = 443;
  type = https;
}

Troubleshooting

Sección titulada «Troubleshooting»

redsocks Not Starting

Sección titulada «redsocks Not Starting»
# Check config syntax
redsocks -c /etc/redsocks.conf
redsocks -f -c /etc/redsocks.conf  # Foreground for errors

# Check permissions
sudo ls -la /etc/redsocks.conf
sudo chown root:root /etc/redsocks.conf

# Check port availability
sudo netstat -tulpn | grep 12345

iptables Rules Not Working

Sección titulada «iptables Rules Not Working»
# Verify rules are loaded
sudo iptables -t nat -L -n -v

# Check IP forwarding
cat /proc/sys/net/ipv4/ip_forward

# Enable forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Flush old rules
sudo iptables -t nat -F OUTPUT

No Proxy Connection

Sección titulada «No Proxy Connection»
# Verify proxy is reachable
ping 192.168.1.100
nc -zv 192.168.1.100 1080

# Check firewall
sudo ufw status
sudo ufw allow 1080/tcp

# Monitor redsocks
tail -f /var/log/redsocks.log

DNS Resolution Issues

Sección titulada «DNS Resolution Issues»
# redsocks doesn't handle DNS - use separate solution
# Option 1: Use dnsmasq
sudo apt-get install dnsmasq
# Configure in /etc/dnsmasq.conf

# Option 2: Manual DNS redirect
sudo iptables -t nat -A OUTPUT -p udp --dport 53 \
  -j DNAT --to-destination 8.8.8.8:53

# Option 3: Use /etc/resolv.conf
sudo echo "nameserver 8.8.8.8" > /etc/resolv.conf

Performance Optimization

Sección titulada «Performance Optimization»

Connection Buffering

Sección titulada «Connection Buffering»
base {
  bufsize = 262144;  // 256KB buffer
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 1080;
  type = socks5;
  on_proxy_fail = "reconnect";
}

Timeout Configuration

Sección titulada «Timeout Configuration»
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 1080;
  type = socks5;
  timeout = 30;
}

Security Considerations

Sección titulada «Security Considerations»

Firewall Rules

Sección titulada «Firewall Rules»
# Only allow redsocks on loopback
sudo iptables -A INPUT -p tcp --dport 12345 \
  -i lo -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 12345 \
  -j DROP

Credential Protection

Sección titulada «Credential Protection»
# Restrict config file permissions
sudo chmod 600 /etc/redsocks.conf
sudo chown root:root /etc/redsocks.conf

# Don't log passwords
base {
  log_debug = off;  // Disable debug logging
  logfile = "/var/log/redsocks.log";
}

Real-World Scenarios

Sección titulada «Real-World Scenarios»

Corporate Proxy Enforcement

Sección titulada «Corporate Proxy Enforcement»
# Configure redsocks for corporate proxy
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = corporate-proxy.example.com;
  port = 3128;
  type = http;
  login = "domain\\username";
  password = "password";
}
EOF

# Setup iptables
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

Malware Sandbox Environment

Sección titulada «Malware Sandbox Environment»
# Redirect all outbound traffic to analysis proxy
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.100.50;
  port = 8080;
  type = http;
}
EOF

# Redirect all TCP traffic
sudo iptables -t nat -A OUTPUT -p tcp \
  -d ! 192.168.100.0/24 \
  -j REDIRECT --to-port 12345

Transparent Tor

Sección titulada «Transparent Tor»
# Route all traffic through Tor
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 9050;
  type = socks5;
}
EOF

# Setup iptables for transparent routing
sudo iptables -t nat -A OUTPUT -p tcp \
  -d ! 127.0.0.1 \
  -j REDIRECT --to-port 12345

Cleanup

Sección titulada «Cleanup»

Remove Configuration

Sección titulada «Remove Configuration»
# Stop service
sudo systemctl stop redsocks
sudo systemctl disable redsocks

# Clear iptables rules
sudo iptables -t nat -F OUTPUT
sudo iptables -t nat -F PREROUTING

# Save changes
sudo iptables-save > /etc/iptables/rules.v4

# Remove installation
sudo apt-get remove redsocks

Monitoring

Sección titulada «Monitoring»

Traffic Analysis

Sección titulada «Traffic Analysis»
# Monitor through tcpdump
sudo tcpdump -i eth0 'tcp port 12345' -A

# Count connections
sudo iptables -t nat -L OUTPUT -n -v

# Monitor logs
tail -f /var/log/redsocks.log | grep -i error

Additional Resources

Sección titulada «Additional Resources»