8 hours of C coding projects: Cyber Security
Table of Contents
Introduction
In this tutorial, we will create a command-line tool called "Toralizer" that acts as a proxy client for the Tor network. By using this tool, you can tunnel any Linux application through the Tor network, enhancing your privacy while online. This guide will walk you through the process of building the tool from scratch, focusing on implementing a SOCKS version 4 client and hooking into the connect function used by various applications.
Chapter 1: Building the SOCKS Client
Step 1: Set Up Your Environment
- Start by logging into your server and preparing to write your code. You can use any text editor, such as VS Code.
- Create a new directory for your project (e.g.,
mkdir talize). - Inside this directory, create two files:
talize.cfor your main program andtalize.hfor your header file.
Step 2: Write the Header File
- In
talize.h, define the necessary functions and structures:#ifndef TALIZE_H #define TALIZE_H #include <stdlib.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <arpa/inet.h> typedef struct { unsigned char vn; unsigned char cd; unsigned short port; unsigned int ip; char user_id[8]; } proxy_request; int connect_to_proxy(const char* host, int port); // Other function declarations... #endif
Step 3: Implement the Main Program
- In
talize.c, start implementing the main function:#include "talize.h" int main(int argc, char *argv[]) { if (argc < 3) { fprintf(stderr, "Usage: %s <IP> <Port>\n", argv[0]); return -1; } const char* host = argv[1]; int port = atoi(argv[2]); // Connect to the proxy and handle errors... return 0; }
Step 4: Connect to the Proxy
- Write the function to connect to the SOCKS proxy:
int connect_to_proxy(const char* host, int port) { int sock = socket(AF_INET, SOCK_STREAM, 0); struct sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = inet_addr(host); return connect(sock, (struct sockaddr*)&addr, sizeof(addr)); }
Step 5: Build and Test
- Create a Makefile to compile your program:
CC=gcc CFLAGS=-o talize talize.c all: talize clean: rm -f talize - Compile your program using
makeand test it with a known SOCKS proxy.
Chapter 2: Hooking the Connect Function
Step 1: Prepare for Hooking
- Modify your
talize.cto prepare for replacing theconnectfunction. - Include the necessary headers for dynamic linking:
#include <dlfcn.h>
Step 2: Create the Hook
- Define a function pointer for the original
connectfunction:typedef int (*orig_connect_type)(int, const struct sockaddr *, socklen_t); orig_connect_type orig_connect;
Step 3: Implement the Hook
- Write the hook function that will intercept calls to
connect:int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { // Your logic to redirect traffic through the Tor network return orig_connect(sockfd, addr, addrlen); }
Step 4: Compile as a Shared Library
- Modify your Makefile to compile
talizeas a shared library. - Use the
-fPICflag when compiling to ensure position-independent code.
Step 5: Set Up the Environment
- Create a Bash script to set the
LD_PRELOADenvironment variable, allowing your library to be used globally:#!/bin/bash export LD_PRELOAD=/path/to/talize.so "$@"
Conclusion
In this tutorial, we have created a tool that allows you to tunnel network requests through the Tor network by intercepting the connect function. We implemented a SOCKS client, set up a dynamic library, and established a method to handle incoming connections. The final step involves testing your tool with various applications to ensure it properly routes traffic through the Tor network. Moving forward, you can enhance this tool by implementing features such as DNS resolution over Tor or adding more sophisticated error handling.