Using SocksiPy with SSL

Question

I\'m trying to use SocksIPy with ssl module (from stdlib) to grab a site\'s remote certificate but SocksIPy won\'t play with ssl.

The below code will connect to chec

Answer 1

I have tested this code while running tcpdump so it should work.

import socks
import ssl

s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1",port=9050)
s.connect(('83.94.121.246', 443))
ss = ssl.wrap_socket(s)
print ss.send("hello")
ss.close()

I didn't review the ssl.py but I guess you have to call connect on the socks object and not the ssl object.

Answer 2

Put ssl.wrap_socket below connect. It doesn't work properly otherwise.

Use validation and CA certfile Getting the certificate from the server requires creating the SSL object with validation turned on and giving it a CA certificates file. If you can't find one on your system you could download the one provided by the CURL project based on Mozilla's as a local file: http://curl.haxx.se/docs/caextract.html

Note: the SocksIPy project hasn't been updated in quite a while and doesn't support Python 3.

Fixed version of original code:

import socks
import ssl

s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", port=9050)
s.connect(('check.torproject.org', 443))
ss = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs="cacert.pem")

print "Peer cert: ", ss.getpeercert()

ss.write("""GET / HTTP/1.0\r\nHost: check.torproject.org\r\n\r\n""")

content = []
while True:
    data = ss.read()
    if not data: break
    content.append(data)

ss.close()
content = "".join(content)

assert "This browser is configured to use Tor" in content