I had a play around with tsocks today and I had fun.

For a little context, I work in an environment where I don't have root access on the host that I work from but now and then I hit little road blocks where it's ideal to have root access. This system runs debian, but in theory you can use any distro for this using source or packages.

As a result I thought it would be a nice experiment to install the tsocks package as a low privilege user. Part of the reason for this is that at work in the corporate world often you will need to have programs communicate through a SOCKS proxy so by default the computers are using dante-client, however this only reads the /etc/dante.conf file, which is no good as a low privilege user when that proxy falls over.

user space installation

What we're going to do first is get the package source. This is something that apt-get helps with. --print-uris tells us the location that apt-get would retrieve from. If you're not familiar with apt-get then it might be best to get the program source code and prefix the install location with --prefix=~/bin/tsocks --exec-prefix=~/bin/tsocks.

$ apt-get --print-uris install tsocks
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed
  tsocks
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 276kB of archives.
After this operation, 676kB of additional disk space will be used.
'http://gb.archive.ubuntu.com/ubuntu/pool/universe/t/tsocks/tsocks_1.8beta5-9.1_i386.deb' 
  tsocks_1.8beta5-9.1_i386.deb 276046 SHA256:e8cb1edd2daaa6c35c0903714aebfe117ddeace965d28d145fb08159b42236ce

If you just need the URL of the various files and dependencies then the following should provide you with that:

$ apt-get --print-uris --yes install tsocks | grep ^\' | cut -d\' -f2
http://gb.archive.ubuntu.com/ubuntu/pool/universe/t/tsocks/tsocks_1.8beta5-9.1_i386.deb

We need to download that somewhere we can write to, lets just work in ~/tmp/debian for now.

$ wget http://gb.archive.ubuntu.com/ubuntu/pool/universe/t/tsocks/tsocks_1.8beta5-9.1_i386.deb
...
$ dpkg --root -i -X tsocks_1.8beta5-9.1_i386.deb ~/tmp/debian
./
./etc/
./etc/tsocks.conf
./usr/
./usr/bin/
./usr/bin/tsocks
./usr/bin/validateconf
./usr/bin/inspectsocks
./usr/bin/saveme
./usr/lib/
./usr/lib/libtsocks.so.1.8
...
./usr/lib/libtsocks.so.1
./usr/lib/libtsocks.so

(--root tells dpkg that we're not installing in /, -i says we're going to install the package, and -X instructs dpkg to extract in ~/tmp/debian.

Now we have it installed in a local place, we can set about creating out local configuration file. For now, we're going to try with a known working configuration which makes use of ssh and it's socks server.

We need to setup the SSH configuration now.

$ /usr/bin/ssh -D 1085 -o TCPKeepAlive=yes -o ServerAliveInterval=60 192.168.0.1

-D signifies that we want to create a socks server on port 1085. We would like TCP Keep-Alives, at intervals of 60 seconds. 192.168.0.1 is the host we're connecting to.

Leave that running in the background and we can get on with the rest of the configuration in ~/.tsocks.conf.

server = 127.0.0.1
server_port = 1085
server_type = 5
local = 127.0.0.0/255.255.255.0

Now, lets setup the command line.

~/tmp/debian$ LD_PRELOAD=usr/lib/libtsocks.so TSOCKS_CONF_FILE=~/.tsocks.conf GET -uUsSe http://whatismyipaddress.com/

The LD_PRELOAD overlays existing library and system calls. When a program calls open/write/read for example, the functions exported by the LD_PRELOAD library will be used instead.

So using this we can encapsulate any program so all network calls go via the socks library. For example, to run apt-get we'd just do:

~/tmp/debian$ LD_PRELOAD=usr/lib/libtsocks.so TSOCKS_CONF_FILE=~/.tsocks.conf apt-get update

One thing that tsocks offers that dante-client doesn't is the ability to specify which configuration file to read, this we can simply do through an environment variable. This has a lot of use when you might want to use one SOCKS proxy to do one job, or service one program while another program can use an entirely different proxy server.

So, that's a basic overview of the config, you can now make use of some proxies. It's important that you get the configuration working with an endpoint that you can verify and know is working, such as the ssh socks tunnel.

What you can also do is use this for home VPN tunnels, just SSH to your work address and use tsocks to relay those connections.

what next

It might be worth taking a look at the proxys page and locate some socks servers in the wild to create connections from. This is incredibly useful when you want to test your ISP services from remote locations or even for GoeIP purposes.

easy .tsocks.conf

If you're using the proxys above then you might find it easy to create your .tsocks.conf file from the simple generate script that I've knocked together. It's perl based so if you don't have perl available you better get it installed!

It's simple enough to use, just give it a --connect <host>:<port> argument and output to the conf file as defined above.