My Workflow
Since GitHub Actions is an IaaS, and Actions Hackathon 2021 allows Wacky Wildcards, I wonder if I can use it as a proxy and view the internet from the perspective of GitHub's servers. So I created a proof of concept SOCKS5 proxy hosted on GitHub Actions.
As GitHub Actions runners are firewalled from incoming connections, what I did is connect to it through Cloudflare Tunnel. And as Cloudflare Tunnel can't tunnel TCP connections (we can use Ngrok but that's for another story), we tunnel SOCKS5 through websockets using Chisel.
Here you can see that I'm browsing the internet using Microsoft's IP address.
Here you can see a speed test from my 45 mbps internet connection.
This action can also be used as a VPN.
Submission Category:
Wacky Wildcards
Yaml File or Link to Code
name: Host Chisel SOCKS5 Proxy
on:
workflow_dispatch:
inputs:
time-duration:
description: Time to run chisel
required: true
default: 10m
jobs:
socks5-proxy:
runs-on: ubuntu-latest
steps:
- name: Install chisel
working-directory: ${{ runner.temp }}
env:
version: 1.7.6
run: |
aria2c -x 16 "https://github.com/jpillora/chisel/releases/latest/download/chisel_${version}_linux_amd64.gz"
gzip -d chisel_${version}_linux_amd64.gz
mv chisel_${version}_linux_amd64 /usr/local/bin/chisel
chmod +x /usr/local/bin/chisel
- name: Setup Cloudflare Tunnel client
uses: AnimMouse/setup-cloudflared@v1
with:
cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }}
cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }}
cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }}
cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }}
- name: Run chisel
run: timeout "${{ github.event.inputs.time-duration }}" chisel server --socks5 || true
- name: Shutdown and view logs of Cloudflare Tunnel
if: always()
uses: AnimMouse/setup-cloudflared/shutdown@v1
AnimMouse / SOCKS5-proxy-actions
SOCKS5 proxy running on GitHub Actions using Chisel
SOCKS5 Proxy Actions
SOCKS5 Proxy hosted on GitHub Actions.
Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.
As GitHub Actions runner does not have a public IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.
This GitHub action participated on GitHub Actions Hackathon 2021, but sadly, it lost.
Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet
Deprecation
This workflow is deprecated as this may potentially violate the GitHub Actions Terms of Service, please use AnimMouse/SOCKS5-Proxy-Codespaces instead.
Actions should not be used for:
- cryptomining;
- disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the GitHub Bug Bounty program);
- the provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;
- …
Additional Resources / Info
AnimMouse / setup-cloudflared
Setup/Install Cloudflare Tunnel client for GitHub Actions
Setup cloudflared for GitHub Actions
Setup Cloudflare Tunnel client for GitHub Actions.
This action installs cloudflared for use in actions by installing it on tool cache using AnimMouse/tool-cache.
This GitHub action participated in the GitHub Actions Hackathon 2021, but sadly, it lost.
Test page for setup-cloudflared: https://setup-cloudflared.44444444.xyz (This will only work when the test action is running.)
Usage
To use cloudflared
, run this action before cloudflared
.
steps:
- name: Setup cloudflared
uses: AnimMouse/setup-cloudflared@v2
- name: Check cloudflared version
run: cloudflared -v
Cloudflare Tunnel Usage
Use Cloudflare Tunnel to expose servers running inside GitHub Actions to the Internet.
- Encode the JSON credential in Base64 using this command
base64 -w 0 <cloudflare-tunnel-id>.json
and paste it toCLOUDFLARE_TUNNEL_CREDENTIAL
secret. - Inside the config.yaml, set
credentials-file:
to- Ubuntu:
/home/runner/.cloudflared/<cloudflare-tunnel-id>.json
- Windows:
C:\Users\runneradmin\.cloudflared\<cloudflare-tunnel-id>.json
- macOS:
/Users/runner/.cloudflared/<cloudflare-tunnel-id>.json
- Ubuntu:
- Encode the config.yaml in Base64 using this command
base64 -w 0 config.yaml
and…
Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
Table of Contents
Features
- Easy to use
- Performant*
-
Encrypted connections using the SSH protocol (via
crypto/ssh
) - Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
- Client auto-reconnects with exponential backoff
- Clients can create multiple tunnel endpoints over one TCP connection
- Clients can optionally pass through SOCKS or HTTP CONNECT proxies
- Reverse port forwarding (Connections go through the server and out the client)
- Server optionally doubles as a reverse proxy
- Server optionally allows SOCKS5 connections (See guide below)
- Clients optionally allow SOCKS5 connections from a reversed port…
Top comments (0)