hurl icon indicating copy to clipboard operation
hurl copied to clipboard
verified publisher icon Orange-OpenSource

Proxy SOCKS support

Open linkdd opened this issue 1 year ago • 4 comments

Problem to solve

ssh -D8080 user@host

curl --socks5 localhost:8080 https://httpbin.org/anything

Proposal

~In the [Options] section, the proxy field should be a URL, such as:~

  • http://localhost:8012
  • socks5://localhost:8012
  • ...

~The scheme of the URL could then be used to determine the type of proxy (no scheme would default to HTTP for backward compatibility) we want to connect to.~

~Then, we should be able to connect to SOCKS proxy as demonstrated with cURL above.~

EDIT: Let's add instead a sock5 request option with the host and port of the SOCKS proxy to use.

Additional context and resources

We are using Hurl to implement the test suite of a Reverse Proxy service we provide in our infrastructure. Its configuration is pulled from Netbox. One feature is the Access Control Lists, which translates to the following NGINX configuration:

server {
  # ...

  location / {
    # ...

    deny 192.168.2.0/24;
    allow all;

    # ...
  }

  # ...
}

The test we want to execute is the following:

# Rejection when coming from 192.168.2.0/24
GET https://example.com

HTTP 403

# No rejection when coming from 127.0.0.1/8
GET https://example.com
[Options]
socks5: localhost:8012

HTTP 200

Tasks to complete

  • [x] ~Support URLs in proxy request option~
  • [ ] Add socks5 request option
  • [ ] Support Proxy SOCKS protocol

linkdd avatar Oct 16 '24 16:10 linkdd

Hi @linkdd

I think I prefer to have a dedicated socks5 option to match exactly the curl option name

GET https://example.com
[Options]
socks5: localhost:8012
HTTP 200

jcamiel avatar Oct 16 '24 16:10 jcamiel

Sounds good to me. But what would be the behavior when we define both proxy and socks5 fields then? Should it be an error?

linkdd avatar Oct 16 '24 16:10 linkdd

Yes we can check what is the behavior of curl in this case and try to match it.

jcamiel avatar Oct 16 '24 17:10 jcamiel

Ok, I updated the issue description accordingly.

It seems the curl crate you use already provides everything needed, the Easy2::proxy() function (docs) seems to accept URLs of the form socks5://host:port, which correspond to the CURLOPT_PROXY option.

linkdd avatar Oct 16 '24 17:10 linkdd

@linkdd Reviewing the code, I see that we have no restriction on urls passed to proxy option.

Could you try this syntax ?

# Rejection when coming from 192.168.2.0/24
GET https://example.com
HTTP 403

# No rejection when coming from 127.0.0.1/8
GET https://example.com
[Options]
proxy: socks5://localhost:8012
HTTP 200

jcamiel avatar Oct 26 '24 12:10 jcamiel

Indeed, it works 🙂

Another case of PEBKAC.

I'm closing the issue.

linkdd avatar Oct 26 '24 12:10 linkdd