Add option to change tcp destination port and ip before sending to proxy server

3 files changed, 93 insertions, 0 deletions

diff --git a/src/core.h b/src/core.h
index 564df20..a9ad88b 100644
--- a/src/core.h
+++ b/src/core.h
@@ -25,6 +25,7 @@
 #define __CORE_HEADER
 #define BUFF_SIZE 8*1024  // used to read responses from proxies.
 #define     MAX_LOCALNET 64
+#define     MAX_DNAT 64
 
 #include "ip_type.h"
 
@@ -69,6 +70,11 @@ typedef struct {
 } localaddr_arg;
 
 typedef struct {
+	struct in_addr orig_dst, new_dst;
+	unsigned short orig_port, new_port;
+} dnat_arg;
+
+typedef struct {
 	ip_type ip;
 	unsigned short port;
 	proxy_type pt;
diff --git a/src/libproxychains.c b/src/libproxychains.c
index 8446bb0..6f91bd6 100644
--- a/src/libproxychains.c
+++ b/src/libproxychains.c
@@ -72,6 +72,8 @@ int proxychains_quiet_mode = 0;
 int proxychains_resolver = 0;
 localaddr_arg localnet_addr[MAX_LOCALNET];
 size_t num_localnet_addr = 0;
+dnat_arg dnats[MAX_DNAT];
+size_t num_dnats = 0;
 unsigned int remote_dns_subnet = 224;
 
 pthread_once_t init_once = PTHREAD_ONCE_INIT;
@@ -268,6 +270,8 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 	char *env;
 	char local_in_addr_port[32];
 	char local_in_addr[32], local_in_port[32], local_netmask[32];
+	char dnat_orig_addr_port[32], dnat_new_addr_port[32];
+	char dnat_orig_addr[32], dnat_orig_port[32], dnat_new_addr[32], dnat_new_port[32];
 	FILE *file = NULL;
 
 	if(proxychains_got_chain_data)
@@ -419,6 +423,55 @@ inv_host:
 					proxychains_quiet_mode = 1;
 				} else if(strstr(buff, "proxy_dns")) {
 					proxychains_resolver = 1;
+				} else if(strstr(buff, "dnat")) {
+					if(sscanf(buff, "%s %21[^ ] %21s\n", user, dnat_orig_addr_port, dnat_new_addr_port) < 3) {
+						fprintf(stderr, "dnat format error");
+						exit(1);
+					}
+					/* clean previously used buffer */
+					memset(dnat_orig_port, 0, sizeof(dnat_orig_port) / sizeof(dnat_orig_port[0]));
+					memset(dnat_new_port, 0, sizeof(dnat_new_port) / sizeof(dnat_new_port[0]));
+
+					(void)sscanf(dnat_orig_addr_port, "%15[^:]:%5s", dnat_orig_addr, dnat_orig_port);
+					(void)sscanf(dnat_new_addr_port, "%15[^:]:%5s", dnat_new_addr, dnat_new_port);
+
+					if(num_dnats < MAX_DNAT) {
+						int error;
+						error =
+						    inet_pton(AF_INET, dnat_orig_addr,
+							      &dnats[num_dnats].orig_dst);
+						if(error <= 0) {
+							fprintf(stderr, "dnat original destination address error\n");
+							exit(1);
+						}
+
+						error =
+						    inet_pton(AF_INET, dnat_new_addr,
+							      &dnats[num_dnats].new_dst);
+						if(error <= 0) {
+							fprintf(stderr, "dnat effective destination address error\n");
+							exit(1);
+						}
+
+						if(dnat_orig_port[0]) {
+							dnats[num_dnats].orig_port =
+							    (short) atoi(dnat_orig_port);
+						} else {
+							dnats[num_dnats].orig_port = 0;
+						}
+
+						if(dnat_new_port[0]) {
+							dnats[num_dnats].new_port =
+							    (short) atoi(dnat_new_port);
+						} else {
+							dnats[num_dnats].new_port = 0;
+						}
+
+						PDEBUG("added dnat: orig-dst=%s orig-port=%d new-dst=%s new-port=%d\n", dnat_orig_addr, dnats[num_dnats].orig_port, dnat_new_addr, dnats[num_dnats].new_port);
+						++num_dnats;
+					} else {
+						fprintf(stderr, "# of dnat exceed %d.\n", MAX_DNAT);
+					}
 				}
 			}
 		}
@@ -501,6 +554,24 @@ int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	// check if connect called from proxydns
         remote_dns_connect = !v6 && (ntohl(p_addr_in->s_addr) >> 24 == remote_dns_subnet);
 
+	if (!v6) for(i = 0; i < num_dnats && !remote_dns_connect; i++) {
+		if(dnats[i].orig_dst.s_addr == p_addr_in->s_addr) {
+			if(!dnats[i].orig_port) {
+				p_addr_in = &dnats[i].new_dst;
+				if(dnats[i].new_port)
+					port = dnats[i].new_port;
+
+				break;
+			}
+			else if(dnats[i].orig_port == port) {
+				p_addr_in = &dnats[i].new_dst;
+				if (dnats[i].new_port)
+					port = dnats[i].new_port;
+				break;
+			}
+		}
+	}
+
 	if (!v6) for(i = 0; i < num_localnet_addr && !remote_dns_connect; i++) {
 		if((localnet_addr[i].in_addr.s_addr & localnet_addr[i].netmask.s_addr)
 		   == (p_addr_in->s_addr & localnet_addr[i].netmask.s_addr)) {
diff --git a/src/proxychains.conf b/src/proxychains.conf
index 83f7d90..65c04ad 100644
--- a/src/proxychains.conf
+++ b/src/proxychains.conf
@@ -90,6 +90,22 @@ tcp_connect_time_out 8000
 # localnet 172.16.0.0/255.240.0.0
 # localnet 192.168.0.0/255.255.0.0
 
+### Examples for dnat
+## Trying to proxy connections to destinations which are dnatted,
+## will result in proxying connections to the new given destinations.
+## Whenever I connect to 1.1.1.1 on port 1234 actually connect to 1.1.1.2 on port 443
+# dnat 1.1.1.1:1234  1.1.1.2:443
+
+## Whenever I connect to 1.1.1.1 on port 443 actually connect to 1.1.1.2 on port 443
+## (no need to write :443 again)
+# dnat 1.1.1.2:443  1.1.1.2
+
+## No matter what port I connect to on 1.1.1.1 port actually connect to 1.1.1.2 on port 443
+# dnat 1.1.1.1  1.1.1.2:443
+
+## Always, instead of connecting to 1.1.1.1, connect to 1.1.1.2
+# dnat 1.1.1.1  1.1.1.2
+
 # ProxyList format
 #       type  ip  port [user pass]
 #       (values separated by 'tab' or 'blank')