/ Tools

Force CLI tool to use SOCKS5 on macOS

Background

A coder can't live without Google but things get difficulty in China... Google, Facebook, Instagram etc. I don't know how our dear computing students search for exceptions, documents but personally, I am spoiled by Google and StackOverflow. So I gotta find a way to access these when I come back home for holidays. In the past decades, VPN was the first choice before the GFW gets smarter, it is able to detect VPN traffic(it has special 'signature/fingerprint' as I read somewhere else) and block it periodically. So Shadowsocks come into place, it uses SOCK5 to proxy network traffic to servers which have unrestricted internet access and send back the response. Sounds great right? It is good enough for ordinary usage like browsing web or watching youtube. But we developers need more than that. Due to the characteristics of SOCK5 proxy, only TCP and UDP(needs configuration) can be transmitted through the proxy. (I'm not really sure about this please correct me if I'm wrong) And not all apps are using system proxy, some of them don't even have a setting to configure this. The problem is more serious among CLI tools. Think ssh... Ok enough bs...

Tool needed

proxychains Github here

Configuration

  1. Homebrew install (if you don't know this, google it and thank me)
  2. Set your proxy to run on a local port
  3. Edit this /Users/yourUserName/.proxychains/proxychains.conf Note that you should change your port accordingly.
strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
localnet 127.0.0.0/255.0.0.0
quiet_mode

[ProxyList]
socks5  127.0.0.1 1086

First try fails :(

The basic syntax is proxychains ssh host but you will soon notice this does not change a thing, the ssh is still going direct connection. The bad(good?) guy behind this is System Integrity Protection(SIP). This feature in modern macOS is preventing proxychains to inject into processes. One way is to disable SIP but I don't think it is a good idea to put the system in this risk.

Giving our CLI candy

As we can't inject into the system built in ssh, we don't want to disable SIP, what can we do? Getting another copy of ssh! Again use homebrew to install ssh and this copy of ssh is not protected by SIP(selfish isn't it). So now we do this: proxychains4 /usr/local/Cellar/openssh/7.6p1/bin/ssh user@hostOrIp
Problem solved :)

mimimi

mimimi

Currently a Computer Engineering student at the National University of Singapore, passionate about software engineering. Contact me: info at mimimi.fun

Read More
Force CLI tool to use SOCKS5 on macOS
Share this