DEV Community

Anim Mouse
Anim Mouse

Posted on

Hosting a SOCKS5 Proxy on GitHub Actions

My Workflow

Since GitHub Actions is an IaaS, and Actions Hackathon 2021 allows Wacky Wildcards, I wonder if I can use it as a proxy and view the internet from the perspective of GitHub's servers. So I created a proof of concept SOCKS5 proxy hosted on GitHub Actions.

As GitHub Actions runners are firewalled from incoming connections, what I did is connect to it through Cloudflare Tunnel. And as Cloudflare Tunnel can't tunnel TCP connections (we can use Ngrok but that's for another story), we tunnel SOCKS5 through websockets using Chisel.

Here you can see that I'm browsing the internet using Microsoft's IP address.
IP address check 1
IP address check 2
IP address check 3

Here you can see a speed test from my 45 mbps internet connection.
Speed test
This action can also be used as a VPN.

Submission Category:

Wacky Wildcards

Yaml File or Link to Code

name: Host Chisel SOCKS5 Proxy
on:
  workflow_dispatch:
    inputs:
      time-duration:
        description: Time to run chisel
        required: true
        default: 10m

jobs:
  socks5-proxy:
    runs-on: ubuntu-latest
    steps:
      - name: Install chisel
        working-directory: ${{ runner.temp }}
        env:
          version: 1.7.6
        run: |
          aria2c -x 16 "https://github.com/jpillora/chisel/releases/latest/download/chisel_${version}_linux_amd64.gz"
          gzip -d chisel_${version}_linux_amd64.gz
          mv chisel_${version}_linux_amd64 /usr/local/bin/chisel
          chmod +x /usr/local/bin/chisel

      - name: Setup Cloudflare Tunnel client
        uses: AnimMouse/setup-cloudflared@v1
        with:
          cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }}
          cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }}
          cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }}
          cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }}

      - name: Run chisel
        run: timeout "${{ github.event.inputs.time-duration }}" chisel server --socks5 || true

      - name: Shutdown and view logs of Cloudflare Tunnel
        if: always()
        uses: AnimMouse/setup-cloudflared/shutdown@v1
Enter fullscreen mode Exit fullscreen mode

GitHub logo AnimMouse / SOCKS5-proxy-actions

SOCKS5 proxy running on GitHub Actions using Chisel

SOCKS5 Proxy Actions

SOCKS5 Proxy hosted on GitHub Actions.

Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.

As GitHub Actions runner does not have a public IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.

This GitHub action participated on GitHub Actions Hackathon 2021, but sadly, it lost.

Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet

Deprecation

This workflow is deprecated as this may potentially violate the GitHub Actions Terms of Service, please use AnimMouse/SOCKS5-Proxy-Codespaces instead.

Actions should not be used for:

  • cryptomining;
  • disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the GitHub Bug Bounty program);
  • the provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;

Additional Resources / Info

GitHub logo AnimMouse / setup-cloudflared

Setup/Install Cloudflare Tunnel client for GitHub Actions

Setup cloudflared for GitHub Actions

Setup Cloudflare Tunnel client for GitHub Actions.

This action installs cloudflared for use in actions by installing it on tool cache using AnimMouse/tool-cache.

This GitHub action participated in the GitHub Actions Hackathon 2021, but sadly, it lost.

Test page for setup-cloudflared: https://setup-cloudflared.44444444.xyz (This will only work when the test action is running.)

Usage

To use cloudflared, run this action before cloudflared.

steps:
  - name: Setup cloudflared
    uses: AnimMouse/setup-cloudflared@v2
    
  - name: Check cloudflared version
    run: cloudflared -v
Enter fullscreen mode Exit fullscreen mode

Cloudflare Tunnel Usage

Use Cloudflare Tunnel to expose servers running inside GitHub Actions to the Internet.

  1. Encode the JSON credential in Base64 using this command base64 -w 0 <cloudflare-tunnel-id>.json and paste it to CLOUDFLARE_TUNNEL_CREDENTIAL secret.
  2. Inside the config.yaml, set credentials-file: to
    1. Ubuntu: /home/runner/.cloudflared/<cloudflare-tunnel-id>.json
    2. Windows: C:\Users\runneradmin\.cloudflared\<cloudflare-tunnel-id>.json
    3. macOS: /Users/runner/.cloudflared/<cloudflare-tunnel-id>.json
  3. Encode the config.yaml in Base64 using this command base64 -w 0 config.yaml and…

GitHub logo jpillora / chisel

A fast TCP/UDP tunnel over HTTP

Chisel

GoDoc CI

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

overview

Table of Contents

Features

  • Easy to use
  • Performant*
  • Encrypted connections using the SSH protocol (via crypto/ssh)
  • Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
  • Client auto-reconnects with exponential backoff
  • Clients can create multiple tunnel endpoints over one TCP connection
  • Clients can optionally pass through SOCKS or HTTP CONNECT proxies
  • Reverse port forwarding (Connections go through the server and out the client)
  • Server optionally doubles as a reverse proxy
  • Server optionally allows SOCKS5 connections (See guide below)
  • Clients optionally allow SOCKS5 connections from a reversed port…

Top comments (0)