Skip to content

Gordafarid is a simple encypted proxy protocol (server/client)

License

Notifications You must be signed in to change notification settings

Iam54r1n4/Gordafarid

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Gordafarid

Gordafarid is a simple encrypted proxy server/client implementation in Go. Designed primarily for educational purposes, this project demonstrates how to build a basic proxy system with encryption, leveraging AEAD ciphers for secure communication.

Key Points

  • Educational: Designed as a learning tool to demonstrate proxy server/client implementation with encryption in Go.

  • Gordafarid Protocol: Implemented a proxy protocol named Gordafarid, inspired by SOCKS5, for secure client-server communication.

  • Secure Communication: All data exchanged between client and server is encrypted. The Initial Greeting is encrypted using AES/GCM, and the rest is encrypted using an AEAD cipher.

  • AEAD algorithm support: Supports ChaCha20-Poly1305/AES-256-GCM/AES-192-GCM/AES-128-GCM cryptographic algorithms for secure application data communication(After the Initial Greeting).

  • Reply attacks: Implements a mechanism to prevent replay attacks by checking for nonce reusage in encrypted communications.

  • User management: Supports multiple users with different credentials, allowing for fine-grained access control.

  • Authentication: Implements SOCKS5 username/password authentication on the client-side for local applications.

  • Flexible Configuration: Easily customizable through TOML configuration files, allowing for versatile deployment scenarios.

  • Code Documentation: the code is well-documented, so you can easily understand the code.

  • UDP support is not yet implemented. Contributions to add this feature are welcome.
  • Technically speaking, the Gordafarid protocol doesn't disguise itself from DPI, so its traffic detection is not difficult.

Technical Overview

  • Protocol Specification

    • Please read GORDAFARID_SPECIFICATION.md
    • Also, the code has been written in a way that you can easily understand the concepts, there are lots of comments to help you understand the code.
  • Traffic Flow

    • Overview:

      • Local Application ⇄ Client Proxy ⇄ (Encrypted Data) ⇄ Server Proxy ⇄ Target Server.
    • Client-Side Flow:

      • Local Application initiates SOCKS5 request to Client proxy.
      • Client performs SOCKS5 handshake and authentication using the SOCKS5 authentication mechanism if socks5Credentials is not empty.
      • Client extracts target address from SOCKS5 handshake.
      • Client establishes connection to the Proxy Server using Gordafarid protocol.
      • Client sends encrypted Gordafarid Initial Greeting to Proxy Server using the AES/GCM algorithm and the pre-shared key specified in the initPassword field of the config file.

        NOTICE: After this stage, all communication is encrypted using an AEAD cipher specified in the config file, with its key being the account password.

      • Cilent receives Greeting Response from the server and decrypts it.
      • Client encrypts and sends Request to Proxy Server.
      • Client receives and decrypts Reply from Proxy Server.
      • Client begins relaying encrypted data between the Local Application and the Proxy Server.
    • Server-Side Flow:

      • Proxy Server receives Gordafarid Initial Greeting from Client Proxy and decrypts it using AES/GCM algorithm and pre-shared key and specified in the initPassword field of the config file.

        NOTICE: After this stage, all communication is encrypted using an AEAD cipher specified in the config file, with its key being the account password.

      • Proxy Server sends encrypted Gordafarid Greeting Response to Client Proxy.
      • Proxy Server receives and decrypts Request from Client Proxy .
      • Proxy Server sends encrypted Reply to Client proxy.
      • Proxy Server establishes connection to Target Server that was indicated in the handshake process.
      • Proxy Server begins relaying encrypted data between Client Proxy and Target Server.
  • Codebase Overview

Installation

  • Install from release page:
    • Download the appropriate executable
    • Running the Server
      • Set the configuration file for the server

        The best practice is to put the configuration file in the same directory as the executable, or use the -config flag to specify the path to the configuration file.

      • Run the server
    • Running the Client
      • Set the configuration file for the client

        The best practice is to put the configuration file in the same directory as the executable, or use the -config flag to specify the path to the configuration file.

      • Run the client
  • Building from source:
    • Clone the repository
      git clone https://github.com/Iam54r1n4/Gordafarid
    • Building the Server
      • Navigate to the server directory
        cd Gordafarid/cmd/server/
      • Set the configuration file for the server
        vi config.toml
      • Build the server
        go build -o gordafarid-server -v .
      • Run the server
        ./gordafarid-server -config config.toml
    • Building the Client
      • Navigate to the client directory
        cd Gordafarid/cmd/client/
      • Set the configuration file for the client
        vi config.toml
      • Build the client
        go build -o gordafarid-client -v .
      • Run the client
        ./gordafarid-client -config config.toml

Dependencies

  • Go 1.22.2
  • golang.org/x/crypto v0.27.0
  • golang.org/x/sys v0.25.0
  • github.com/BurntSushi/toml v1.4.0

License

  • This project is licensed under the GNU License. See the LICENSE file for details.

Acknowledgements

  • Special thanks to @ReturnFI for their valuable assistance.

Disclaimer

  • This project should not be used in production environments without significant security enhancements and thorough testing.
  • I wrote this project in less than two weeks, so it's not perfect.