Using SocksiPy with SSL

Question

Using SocksiPy with SSL

I am trying to use SocksIPy with the ssl module (from stdlib) to grab the remote site certificate, but SocksIPy will not play with ssl.

The code below will connect to check.torproject.org and tell you that we are not using Tor (which means that SocksIPy is not working) (bad).

Not sure if SocksIPy is the best solution for this, but I couldn't find another way to proxy a raw socket (or get pycurl / urllib2 to use SOCKS proxies and provide SSL certificates!).

To clarify, my problem is that the socket is not proxied. I would like to get an ssl certificate with a proxy of my choice, which is not happening.

It seems that I can either have a proxy or SSL, but not both. Help!

import socks import ssl s = socks.socksocket() s.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050) ss = ssl.wrap_socket(s) ss.connect(('check.torproject.org', 443)) ss.write("""GET / HTTP/1.0\r Host: check.torproject.org\r\n\r\n""") # print ss.getpeercert() print ss.read(), ss.read(), ss.read() ss.close()

+6

python ssl

user1599231 Apr 21 '13 at 22:32

source share

2 answers

Shawn · Answer 1 · 2013-10-27 05:44

I tested this code while tcpdump was running, so it should work.

 import socks import ssl s = socks.socksocket() s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1",port=9050) s.connect(('83.94.121.246', 443)) ss = ssl.wrap_socket(s) print ss.send("hello") ss.close()

I have not looked at ssl.py, but I think you need to call connect on the socks object, not on the ssl object.

Jason S · Answer 2 · 2014-08-07 23:20

Put ssl.wrap_socket below connect . Otherwise, it does not work properly.

Use validation and CA certificate . Obtaining a certificate from the server requires creating an SSL object with verification enabled and providing a CA certificate file. If you cannot find it on your system, you can download the one that was provided by the Mozilla-based CURL project as a local file: http://curl.haxx.se/docs/caextract.html

Note. The SocksIPy project has not been updated for quite some time and does not support Python 3.

Fixed source code version:

 import socks import ssl s = socks.socksocket() s.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", port=9050) s.connect(('check.torproject.org', 443)) ss = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs="cacert.pem") print "Peer cert: ", ss.getpeercert() ss.write("""GET / HTTP/1.0\r\nHost: check.torproject.org\r\n\r\n""") content = [] while True: data = ss.read() if not data: break content.append(data) ss.close() content = "".join(content) assert "This browser is configured to use Tor" in content

Using SocksiPy with SSL

More articles: