I wanted to share an update on the progress of the project. So far, the ability to detect the IP address and port that socket system calls are sending data to has been successfully implemented. Additionally, the capability to block system calls that are sending data to an IP address and port that is not the desired proxy.
An option to kill the application if a proxy leak occurs has been added, which is useful for manual QA testing of applications. Furthermore, an option to allow proxy leaks but log any that occur has also been added, which is useful for automated testing of applications.
Additionally, the capability to use the environment variables that Tor Browser uses, such as TOR_SOCKS_PORT, to decide what the desired proxy is, has been included.
SOCKSification is currently being implemented. The approach is to intercept the connect syscall’s entry point and modify the destination IP/Port by manipulating the syscall. The exit of the connect syscall is then intercepted in order to capture the returning file descriptor representing the established socket. The file descriptor is duplicated using pidfd getfd, then a SOCKS5 handshake is done.
Overall, the project is progressing well and any suggestions are much welcomed.