多功能代理软件-3proxy
2015-01-08 15:29:07 
阿炯
3proxy是一款来自于俄罗斯的开源代理软件,支持多个平台,支持http(s)、ftp、pop3、socks4(a)、socks5(a)等多种代理方式。
3Proxy tiny free proxy server is really tiny cross-platform (Win32,Win64&Unix) freeware proxy servers set. It includes HTTP proxy with HTTPS and FTP support, SOCKSv4,SOCKSv4.5,SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, AIM/ICQ proxy (icqpr/icqpr.exe), MSN messenger / Live messenger proxy (msnpr/msnpr.exe), FTP proxy, caching DNS proxy, TCP and UDP portmappers.
You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
It's created to be small, simple and yet very functional.
It may be compiled with Visual C or gcc. Native Win32 version included in archive and supports installation as a service. Currently 3proxy is tested to work under Windows 98/NT/2000/2003/2008/XP/Vista/Windows 7 both i386 and x64, FreeBSD/i386, NetBSD/i386, OpenBSD/i386, Linux/i386, Linux/PPC, Linux/Alpha, Mac OS X/PPC, Solaris 10/i386.
3proxy is absolutely free and open source. It can be used under terms of GNU/GPL. Starting from 0.6 version BSD-style license is used and any compatible license (Apache license, GPL, LGPL) may be used instead.
Features
1. General
+ IPv6 support for incoming and outgoing connection, can be used as a proxy between IPv4 and IPv6 networks in either direction.
+ HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support.
+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+ Anonymous and random client IP emulation for HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ DNS proxy
+ DNS over TCP support, redirecting DNS traffic via parent proxy
+ SOCKSv4/4.5 Proxy
+ SOCKSv5 Proxy
+ SOCKSv5 UDP and BIND support (fully compatible with SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+ POP3 Proxy
+ FTP proxy
+ TCP port mapper (port forwarding)
+ UDP port mapper (port forwarding)
+ SMTP proxy
+ Threaded application (no child process).
+ Web administration and statistics
+ Plugins for functionality extension
+ Native 32/64 bit application
2. Proxy chaining and network connections
+ Can be used as a bridge between client and different proxy type(e.g. convert incoming HTTP proxy request from client to SOCKSv5 request to parent server).
+ Connect back proxy support to bypass firewalls
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
+ Load balancing between few network connections by choosing network interface
3. Logging
+ tuneable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging
+ RADIUS accounting
+ log file rotation
+ automatic log file processing with external archiver (for files)
+ Character filtering for log files
+ different log files for different servces are supported
4. Access control
+ ACL-driven Access control by username, source IP, destination IP/hostname, destination port and destination action(POST, PUT, GET, etc), weekday and daytime.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or combined) bandwith limitation for incoming and (!)outgoing trafic.
+ ACL-driven traffic limitation per day, week or month for incoming and outgoing traffic
+ Connection limitation and ratelimting
+ User authentication by username / password
+ RADIUS Authentication and Authorization
+ User authentication by DNS hostname
+ Authentication cache with possibility to limit user to single IP address
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER).
+ All access control entries now support weekday and time limitations
+ Hostnames and * templates are supported instead of IP address
5. Extensions
+ Regular expression filtering (with PCRE) via PCREPlugin
+ Authentication with Windows username/password (cleartext only)
+ SSL/TLS decryptions with certificate spoofing
+ Transparent redirection support for Linux and *BSD
6. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ socket options
+ running as daemon process
+ utility for automated networks list building
+ configuration reload on any file change Unix
+ support for chroot
+ support for setgid
+ support for setuid
+ support for signals (SIGUSR1 to reload configuration) Windows
+ support --install as service
+ support --remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress, on CONTINUE configuration is reloaded) Windows 95/98/ME
+ support --install as service
+ support --remove as service
7. Compilation
+ MSVC (static)
+ OpenWatcom (static)
+ Intel Windows Compiler (msvcrt.dll)
+ Windows/gcc (msvcrt.dll)
+ Cygwin/gcc (cygwin.dll)
+ Unix/gcc
+ Unix/ccc
+ Solaris
+ Mac OS X, iPhone OS
+ Linux and derivered systems
+ Lite version for Windows 95/98/NT/2000/XP/2003
+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above
3proxy Combined proxy server may be used as executable or service (supports installation and removal).
It uses config file to read it's configuration (see 3proxy.cfg.sample for details).
3proxy.exe is all-in-one, it doesn't require all others .exe to work.
See 3proxy.cfg.sample for examples, see man 3proxy.cfg
相关的功能指令字
proxy HTTP proxy server, binds to port 3128
ftppr FTP proxy server, binds to port 21
socks SOCKS 4/5 proxy server, binds to port 1080
ftppr FTP proxy server, please do not mess it with FTP over HTTP proxy used in browsers
pop3p POP3 proxy server, binds to port 110. You must specify POP3 username as username@target.host.ip[:port] port is 110 by default.
Exmple: in Username configuration for you e-mail reader set someuser@pop.example.org, to obtains mail for someuser from pop.somehost.ru via proxy.
smtpp SMTP proxy server, binds to port 25. You must specify SMTP username as username@target.host.ip[:port] port is 25 by default.
Exmple: in Username configuration for you e-mail reader set someuser@mail.example.org, to send mail as someuser via mail.somehost.ru via proxy.
tcppm TCP port mapping. Maps some TCP port on local machine to TCP port on remote host.
udppm UDP port mapping. Maps some UDP port on local machine to UDP port on remote machine. Only one user simulationeously can use UDP mapping, so it cann't be used for public service in large networks. It's OK to use it to map to DNS server in small network or to map Counter-Strike server for single client (you can use few mappings on different ports for different clients in last case).
mycrypt Program to obtain crypted password fro cleartext. Supports both MD5/crypt and NT password.
mycrypt password produces NT password
mycrypt salt password produces MD5/crypt password with salt "salt".
Run utility with --help option for command line reference.
代理链的工作原理
由权重值(即1000)来分组,每组权重值相加必须为1000,一组即为一层。拿使用手册中的例子来说:
parent 1000 socks5 192.168.10.1 1080
parent 1000 connect 192.168.20.1 3128
parent 300 socks4 192.168.30.1 1080
parent 700 socks5 192.168.40.1 1080
以上的代理链共分为三组,分别是第一层:10.1,第二层:20.1,第三层:30.1和40.1。
当一个请求到达后,第一层和第二层是必须要经过的,在第三层中,有30%的机会通过30.1,70%的机会通过40.1。
使用权重的时候注意保证每组权重和为1000。
配置文件的修改
3proxy.cfg
nscache 65536
域名解析结果的cache时间
log c:\windows\3proxy.log D
日志文件路径,D = Daily rotation(每天一个文件)
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
日志格式
rotate 7
保留最后7天的日志,这里一天为单位是上面的 log .. D 这里的D决定的,你也可以改成 M = Monthly, W = Weekly, H = Hourly,3proxy还可以对历史日志自动压缩存档,具体做法请看手册。
service
以Windows服务方式启动, Windows Only !对linux及非nt系统应替换为 daemon,以保证在后台运行。
auth iponly
以ip/port作为认证依据,一般用这个就足够了,除非你想用3proxy对外提供服务。
proxy -a -p8080
http匿名代理,端口8080
auth iponly
socks -a -p1080
socks匿名代理,端口1080
下面开始是一个proxy chain的设置方法
auth iponly
allow *
这是一个acl的开始,决定了下面的chain的访问许可
parent 1000 socks5+ xxx.xxx.xxx.xxx 1080 USERNAME PASSWORD
allow * 127.0.0.1 *
parent 1000 socks5 192.168.0.1 8080 usr pwd #父代理
proxy -a -p1234 #http代理
socks -a -p1235 #socks代理
bandlimin 819200 *
带宽限制,单位:bits per second 1byte = 8bits
flush
#使用flush清空服务列表,接下来就可以开设新的服务
allow * 127.0.0.1 *
parent 1000 socks4 127.0.0.1 9050 #tor父代理
parent 1000 socks5 192.168.0.1 8080 usr pwd
#这里实现了一个代理链,这部分原来的简单教程有一点错误
#所有的请求都将通过tor后通过192.168.0.1,详细的解释可以参看文档
proxy -a -p1236
最新版本:0.8
官方主页:
http://3proxy.ru
h3proxy on github
3Proxy tiny free proxy server is really tiny cross-platform (Win32,Win64&Unix) freeware proxy servers set. It includes HTTP proxy with HTTPS and FTP support, SOCKSv4,SOCKSv4.5,SOCKSv5 proxy (socks/socks.exe), POP3 proxy, SMTP proxy, AIM/ICQ proxy (icqpr/icqpr.exe), MSN messenger / Live messenger proxy (msnpr/msnpr.exe), FTP proxy, caching DNS proxy, TCP and UDP portmappers.
You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.
It's created to be small, simple and yet very functional.
It may be compiled with Visual C or gcc. Native Win32 version included in archive and supports installation as a service. Currently 3proxy is tested to work under Windows 98/NT/2000/2003/2008/XP/Vista/Windows 7 both i386 and x64, FreeBSD/i386, NetBSD/i386, OpenBSD/i386, Linux/i386, Linux/PPC, Linux/Alpha, Mac OS X/PPC, Solaris 10/i386.
3proxy is absolutely free and open source. It can be used under terms of GNU/GPL. Starting from 0.6 version BSD-style license is used and any compatible license (Apache license, GPL, LGPL) may be used instead.
Features
1. General
+ IPv6 support for incoming and outgoing connection, can be used as a proxy between IPv4 and IPv6 networks in either direction.
+ HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support.
+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+ Anonymous and random client IP emulation for HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ DNS proxy
+ DNS over TCP support, redirecting DNS traffic via parent proxy
+ SOCKSv4/4.5 Proxy
+ SOCKSv5 Proxy
+ SOCKSv5 UDP and BIND support (fully compatible with SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+ POP3 Proxy
+ FTP proxy
+ TCP port mapper (port forwarding)
+ UDP port mapper (port forwarding)
+ SMTP proxy
+ Threaded application (no child process).
+ Web administration and statistics
+ Plugins for functionality extension
+ Native 32/64 bit application
2. Proxy chaining and network connections
+ Can be used as a bridge between client and different proxy type(e.g. convert incoming HTTP proxy request from client to SOCKSv5 request to parent server).
+ Connect back proxy support to bypass firewalls
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
+ Load balancing between few network connections by choosing network interface
3. Logging
+ tuneable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging
+ RADIUS accounting
+ log file rotation
+ automatic log file processing with external archiver (for files)
+ Character filtering for log files
+ different log files for different servces are supported
4. Access control
+ ACL-driven Access control by username, source IP, destination IP/hostname, destination port and destination action(POST, PUT, GET, etc), weekday and daytime.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or combined) bandwith limitation for incoming and (!)outgoing trafic.
+ ACL-driven traffic limitation per day, week or month for incoming and outgoing traffic
+ Connection limitation and ratelimting
+ User authentication by username / password
+ RADIUS Authentication and Authorization
+ User authentication by DNS hostname
+ Authentication cache with possibility to limit user to single IP address
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER).
+ All access control entries now support weekday and time limitations
+ Hostnames and * templates are supported instead of IP address
5. Extensions
+ Regular expression filtering (with PCRE) via PCREPlugin
+ Authentication with Windows username/password (cleartext only)
+ SSL/TLS decryptions with certificate spoofing
+ Transparent redirection support for Linux and *BSD
6. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ socket options
+ running as daemon process
+ utility for automated networks list building
+ configuration reload on any file change Unix
+ support for chroot
+ support for setgid
+ support for setuid
+ support for signals (SIGUSR1 to reload configuration) Windows
+ support --install as service
+ support --remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress, on CONTINUE configuration is reloaded) Windows 95/98/ME
+ support --install as service
+ support --remove as service
7. Compilation
+ MSVC (static)
+ OpenWatcom (static)
+ Intel Windows Compiler (msvcrt.dll)
+ Windows/gcc (msvcrt.dll)
+ Cygwin/gcc (cygwin.dll)
+ Unix/gcc
+ Unix/ccc
+ Solaris
+ Mac OS X, iPhone OS
+ Linux and derivered systems
+ Lite version for Windows 95/98/NT/2000/XP/2003
+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above
3proxy Combined proxy server may be used as executable or service (supports installation and removal).
It uses config file to read it's configuration (see 3proxy.cfg.sample for details).
3proxy.exe is all-in-one, it doesn't require all others .exe to work.
See 3proxy.cfg.sample for examples, see man 3proxy.cfg
相关的功能指令字
proxy HTTP proxy server, binds to port 3128
ftppr FTP proxy server, binds to port 21
socks SOCKS 4/5 proxy server, binds to port 1080
ftppr FTP proxy server, please do not mess it with FTP over HTTP proxy used in browsers
pop3p POP3 proxy server, binds to port 110. You must specify POP3 username as username@target.host.ip[:port] port is 110 by default.
Exmple: in Username configuration for you e-mail reader set someuser@pop.example.org, to obtains mail for someuser from pop.somehost.ru via proxy.
smtpp SMTP proxy server, binds to port 25. You must specify SMTP username as username@target.host.ip[:port] port is 25 by default.
Exmple: in Username configuration for you e-mail reader set someuser@mail.example.org, to send mail as someuser via mail.somehost.ru via proxy.
tcppm TCP port mapping. Maps some TCP port on local machine to TCP port on remote host.
udppm UDP port mapping. Maps some UDP port on local machine to UDP port on remote machine. Only one user simulationeously can use UDP mapping, so it cann't be used for public service in large networks. It's OK to use it to map to DNS server in small network or to map Counter-Strike server for single client (you can use few mappings on different ports for different clients in last case).
mycrypt Program to obtain crypted password fro cleartext. Supports both MD5/crypt and NT password.
mycrypt password produces NT password
mycrypt salt password produces MD5/crypt password with salt "salt".
Run utility with --help option for command line reference.
代理链的工作原理
由权重值(即1000)来分组,每组权重值相加必须为1000,一组即为一层。拿使用手册中的例子来说:
parent 1000 socks5 192.168.10.1 1080
parent 1000 connect 192.168.20.1 3128
parent 300 socks4 192.168.30.1 1080
parent 700 socks5 192.168.40.1 1080
以上的代理链共分为三组,分别是第一层:10.1,第二层:20.1,第三层:30.1和40.1。
当一个请求到达后,第一层和第二层是必须要经过的,在第三层中,有30%的机会通过30.1,70%的机会通过40.1。
使用权重的时候注意保证每组权重和为1000。
配置文件的修改
3proxy.cfg
nscache 65536
域名解析结果的cache时间
log c:\windows\3proxy.log D
日志文件路径,D = Daily rotation(每天一个文件)
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
日志格式
rotate 7
保留最后7天的日志,这里一天为单位是上面的 log .. D 这里的D决定的,你也可以改成 M = Monthly, W = Weekly, H = Hourly,3proxy还可以对历史日志自动压缩存档,具体做法请看手册。
service
以Windows服务方式启动, Windows Only !对linux及非nt系统应替换为 daemon,以保证在后台运行。
auth iponly
以ip/port作为认证依据,一般用这个就足够了,除非你想用3proxy对外提供服务。
proxy -a -p8080
http匿名代理,端口8080
auth iponly
socks -a -p1080
socks匿名代理,端口1080
下面开始是一个proxy chain的设置方法
auth iponly
allow *
这是一个acl的开始,决定了下面的chain的访问许可
parent 1000 socks5+ xxx.xxx.xxx.xxx 1080 USERNAME PASSWORD
allow * 127.0.0.1 *
parent 1000 socks5 192.168.0.1 8080 usr pwd #父代理
proxy -a -p1234 #http代理
socks -a -p1235 #socks代理
bandlimin 819200 *
带宽限制,单位:bits per second 1byte = 8bits
flush
#使用flush清空服务列表,接下来就可以开设新的服务
allow * 127.0.0.1 *
parent 1000 socks4 127.0.0.1 9050 #tor父代理
parent 1000 socks5 192.168.0.1 8080 usr pwd
#这里实现了一个代理链,这部分原来的简单教程有一点错误
#所有的请求都将通过tor后通过192.168.0.1,详细的解释可以参看文档
proxy -a -p1236
最新版本:0.8
官方主页:
http://3proxy.ru
h3proxy on github