Proxy server refusing connections

joyce092130 · 09-02-2012, 09:41 AM

hi all!

we are tasked to make a simple web proxy server in linux using C. its compiled and ran.
but when i tried using it on firefox on ubuntu the result is: "Proxy server refusing connections"

while on windows, the result is: "Connection has timed out."

pls help.

thanks

TB0ne · 09-02-2012, 10:24 AM

Quote:

Originally Posted by joyce092130

hi all!
we are tasked to make a simple web proxy server in linux using C. its compiled and ran.
but when i tried using it on firefox on ubuntu the result is: "Proxy server refusing connections"

while on windows, the result is: "Connection has timed out."
pls help.

Spell out your words. And what do you think we can help WITH? If you wrote this proxy server yourself, it's up to you to debug it. If you're using Squid, then you need to provide actual details...things like version/distro of Linux, version of squid, information from the squid logs, network topology, etc.

If this is a program you wrote, there's little we can help with. Debugging your programs is up to you, but we're happy to help if you post the exact bits of code you're having problems with.

joyce092130 · 09-03-2012, 08:42 AM

here is the code i used:

Code:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <arpa/inet.h>
#include <sys/timeb.h>
#include <unistd.h>
#include <signal.h>

long int thout = 0;
int setTime = 0;
int requestNum = 0;

void overRun_handler(int signo)
{
if(signo == SIGALRM)
{
  printf("\n<<--Response %d terminate by order-->>n",requestNum);
  printf(">>%ld bytes has been transmitted\n>>",thout);
  exit(1);
}
  else printf("Catch a wrong signal.\n");
} 

void proxyProcess(int,int,int);

int main(int argc,char **argv)
{
if(signal(SIGALRM,overRun_handler)==SIG_ERR)
{
  perror("Can't regist signal handler");
exit(1);
}
if(argc!=3)
{
  printf("Arguments are needed: %s <port number><connection time>\n",argv[0]);
  exit(0);
}
if(atoi(argv[1])<=0)
{
printf("Invalid port number.\n");
exit(0);
}
if(atoi(argv[2])<0)
{
printf("Invalid connection time.\nNo time set.\n");
}
else setTime = atoi(argv[2]);

struct sockaddr_in sin;
struct sockaddr_in cin;
short port = atoi(argv[1]);
int sd, csd, mode;
int len = sizeof(sin);
int fd =open("static.txt", O_WRONLY|O_CREAT|O_TRUNC);

if(fd < 0)
{
perror("Fail to initial static file.");
exit(1);
}
else
{
write(fd, "0",1);
close(fd);
}

if(port>8000) mode=1;
else mode =0;

memset(&sin,0, sizeof(sin));
memset(&cin,0, sizeof(cin));
sin.sin_family =AF_INET;
sin.sin_addr.s_addr =INADDR_ANY;
sin.sin_port =htons(port);

sd = socket(AF_INET,SOCK_STREAM,0);
if(sd<0)
{
perror("Fail to socket(sd)");
exit(1);
}
if((bind(sd, (struct sockaddr *)(&sin), sizeof(sin)))<0)
{
perror("Fail to bind");
exit(1);
}
if((bind(sd, (struct sockaddr *)(&sin), sizeof(sin)))<0)
{
perror("Fail to bind");
exit(1);
}
if ((listen(sd, 10))<0)
{
  perror("Fail to listen");
  exit(1);
}
while(1)
{
  csd = accept(sd, (struct sockaddr *)(&cin), &len);
  requestNum++;
  if ((fork() == 0) && (csd>0))
  {
  if((close(sd))<0)
  {
    perror("Fail to close (sd)");
  }
  printf("\n<--Begin of %d -->\n", requestNum);
  printf("--%d-->Client IP:%s\n--%d-->Port: %d\n", requestNum, 
  inet_ntoa(cin.sin_addr), requestNum, ntohs(cin.sin_port));
  proxyProcess(csd,requestNum, mode);
  if((close(csd))<0)
  {
    perror("Fail to close (csd)");
  }
    exit(0);
  }
  else if(csd < 0)
  {
    perror("Fail to accept");
    exit(0);
    }
    else close(csd);
    }
    close(sd);
    return 0;
    }

void proxyProcess(int csd, int requestNum, int mode)
{
struct sockaddr_in web;
char  * request, *begin, *end, *c, *ip;
char url1[512];
char url2[512];
char buf[2048];
int n, i, wsd;
int iport = 80;
int count = 0;
struct timeb time1, time2;

memset(buf, 0, sizeof(buf));
memset(url1, 0, sizeof(url1));
memset(url2, 0, sizeof(url2));

n = read (csd, buf, 2048);

if((strstr(buf,"Proxy-Authorization: Basic U2NodW1hY2hlcjpkYXZpZDg40TI5"))==0)
{
printf("There is no authorization\n");
char *msg = "HTTP/1.1 407 Proxy Authentication Required\r\nContent-Type:
text/html\r\nProxy-Authenticate: Basic realm=\n";
write(csd, msg, strlen(msg));
close(csd);
exit(0);
}

begin = strstr(buf, "Accept Encoding: ");
if(begin!=NULL)
{
end = strstr(begin, "\r\n");
end +=2;
request = calloc(sizeof(char), strlen(buf)-(end-begin));
memcpy(request, buf, begin-buf);  
strcat(request, end);
}

c = strstr(buf, "Host:\n ");
for (c+=5, i=0; *c!='\r'; c++, i++)
{
if(*c == ':')
{
  c++;
int j = 0;
char port[5];
memset(port, 0, sizeof(port));
for(j = 0; *c!= ' '; c++, j++)
{
  port[j] = *c;

  if(j>5)
  break;
}
iport = atoi(port);
break;
}
else
url1[i] = *c;
}

printf("--%d-->To:%s(port:%d)\n", requestNum, url1, iport);

FILE * fp = fopen("list.txt", "r");
while(feof(fp) == 0)
{
fgets(url2, 512, fp);
url2[strlen(url2)-1] = '\0';

if(strcmp(url2, url1) == 0)
{
printf("\n<--!Websites in blacklist!-->\n");
memset(url1, 0, sizeof(url1));
i = open("html.html", O_RDONLY);
while(1)
{
  n = read(i, url1, 512);
write(csd, url1, 512);
memset(url1, 0, sizeof(url1));

if(n!=512)
break;
}
close(i);
printf("\n<--End of Process %d-->\n", requestNum);
break;
exit(0);
}
else
memset(url2, 0, sizeof(url2));
}
fclose(fp);

struct hostent * host;
host = gethostbyname(url1);
ip = inet_ntoa(*((struct in_addr *)host -> h_addr));
printf("--%d-->To:%s\n", requestNum, ip);
web.sin_family = AF_INET;
web.sin_port = htons(iport);
web.sin_addr.s_addr = inet_addr(ip);
if((wsd = socket(PF_INET, SOCK_STREAM, 0))<0)
{
perror("Fail to connect (wsd)");
exit(1);
}
printf("\n<--Request %d-->\n%s\n", requestNum, request);
write(wsd, request, strlen(request));
free(request);
memset(buf, 0, sizeof(buf));
count = 0;
ftime(&time1);
while((n = read(wsd, buf, 2048))>0)
{
char * response = calloc(sizeof(char), n);

if(count == 0)
{
ftime(&time2);
printf("<<Response time of request %d --<%lmds\n",
requestNum,(time2.time-time1.time)*1000+(time2.millitm-time1.millitm));
if(setTime != 0)
alarm(setTime);
count ++;
}
if(strstr(buf, "<html>") !=0)
printf("A website has been opened\n");

fp = fopen("static.txt","r");
fscanf(fp, "%ld", &thout);
fclose(fp);
thout +=n;
fp = fopen("static.txt", "w");
fprintf(fp, "%ld", thout);
fclose(fp);

if(mode == 1)
{
if((begin = strstr(buf, "<titlt>"))|| (begin=
    strstr(buf, "<title>")))
{
  char warn[] = "Proxy:";
  begin +=7;
  if((c = strstr(buf, "Content-Length"))!=0)
  {
    char * str = strstr(c, "\r\n");
    str +=2;
    memcpy(response, buf, c-buf);
    strncat(response, str, begin - str);
  }
  else
  memcpy(response, buf, begin-buf);
  
    strncat(response, warn, strlen(warn));
    strncat(response, begin, strlen(begin));
    write(csd, response, strlen(response));
  }
  else
  write(csd, buf, n);
}
  else write(csd, buf, n);

if((c = strstr(buf, "\r\n\r\n"))&&(count == 1))
{
count++;
printf("\n<--Response %d-->\n", requestNum);
for(i=0; i<=c-buf; i++)
  printf("%c", buf[1]);
  printf("\n");
}
memset(buf, 0, sizeof(buf));
}
printf(">>%ld Bytes have been transmitted.\n", thout);
printf("\n<--End of Process %d-->\n", requestNum);
}

help needed, pls.
thank u

TB0ne · 09-03-2012, 10:48 AM

Quote:

Originally Posted by joyce092130

here is the code i used:

help needed, pls.
thank u

Again, you need to SPELL OUT YOUR WORDS. And didn't you post this same thing before in another thread???

https://www.linuxquestions.org/quest...ux-4175424079/

As was told to you in that thread, a proxy server has THOUSANDS of lines of code...open up the source files for Squid as an example. And as you were asked, you need to tell us WHAT ERRORS you're getting. Do you have ANY debugging statements in your code? Have you enabled them to see what's going on? Any logging you can check?

KernelJay · 09-29-2012, 09:01 AM

FYI - proxyProcess() appears to have a heap-based buffer overflow in your strcat. Remember that strcat() relies on null-terminated strings and that you are using it to copy user-controlled data into a finite sized buffer. I haven't reviewed the entire code to be sure it is exploitable (i.e you may have bounds checking I didn't notice) but in any case, it wouldn't hurt to make it strncat(request, end, strlen(buf)-(end-begin)).

If you would like a better understanding of why this is bad, I encourage you to check out my blog:
VERT Vuln School: Stack Buffer Overflows 101

Part 1: Introducing the Bug
Part 2: Explaining the Stack
Part 3: Exploiting the Bug