Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An error about proxy for PowerShell function: Invoke-WebRequest #15

Open
HUMORCE opened this issue Dec 23, 2020 · 6 comments
Open

An error about proxy for PowerShell function: Invoke-WebRequest #15

HUMORCE opened this issue Dec 23, 2020 · 6 comments

Comments

@HUMORCE
Copy link

HUMORCE commented Dec 23, 2020

Powershell

Windows Powershell 5.1.19041.610 (Windows 10 built-in):

$ proxychains powershell -Command 'Invoke-WebRequest example.org'
[PID15676] [I] 2020/12/23 20:26:05 <> localhost:7890
[PID15676] [I] 2020/12/23 20:26:05 Ws2_32.dll connect(2772 224.134.186.179:80 16) -> example.org:80 PROXY


StatusCode        : 200
StatusDescription : OK
Content           : <!doctype html>
                    <html>
                    <head>
                        <title>Example Domain</title>

                        <meta charset="utf-8" />
                        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
                        <meta name="viewport" conten...
RawContent        : HTTP/1.1 200 OK
                    Age: 534623
                    Vary: Accept-Encoding
                    X-Cache: HIT
                    Accept-Ranges: bytes
                    Content-Length: 1256
                    Cache-Control: max-age=604800
                    Content-Type: text/html; charset=UTF-8
                    Date: Wed, 23 Dec ...
Forms             : {}
Headers           : {[Age, 534623], [Vary, Accept-Encoding], [X-Cache, HIT], [Accept-Ranges, bytes]...}
Images            : {}
InputFields       : {}
Links             : {@{innerHTML=More information...; innerText=More information...; outerHTML=<A
                    href="https://www.iana.org/domains/example">More information...</A>; outerText=More
                    information...; tagName=A; href=https://www.iana.org/domains/example}}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 1256



[I] 2020/12/23 20:26:06 All Windows descendant process exited.
[I] 2020/12/23 20:26:06 Master exiting

Powershell Core 7.1.0 (same results for x64/x86 versions) :

$ proxychains pwsh -Command 'Invoke-WebRequest example.org'
[PID 3600] [W] 2020/12/23 20:26:55 connect() error: No connection could be made because the target machine actively refused it.(10061)
[PID 3600] [W] 2020/12/23 20:26:55 Mswsock.dll (FP)ConnectEx(2208 [::ffff:93.184.216.34]:80 28) PROXY ret: 0, wsa last error: No connection could be made because the target machine actively refused it.(10061)
Invoke-WebRequest: No connection could be made because the target machine actively refused it.
[I] 2020/12/23 20:26:55 All Windows descendant process exited.
[I] 2020/12/23 20:26:55 Master exiting

What caused PowerShell 7.1 to get the wrong IP format?
The proxy server does not support IPv6.
IPv6 has been disabled in the network adapter.

Invoke-WebRequest example.org -Proxy $PROXY_URI is work well.
@HUMORCE
Copy link
Author

HUMORCE commented Dec 24, 2020 

invoke-webrequest example.org
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32.dll GetAddrInfoExW() called
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32.dll FreeAddrInfoExW() called
[PID18724] [D] 2020/12/23 23:59:41 Mswsock.dll (FP)ConnectEx(2688, [::ffff:93.184.216.34]:80, 28) called
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32_GenericTunnelTo(localhost:5354)
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32_GenericConnectTo(localhost:5354)
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32.dll freeaddrinfo() called
[PID18724] [D] 2020/12/23 23:59:41 Ws2_32_DirectConnect([::1]:5354)
[PID18724] [W] 2020/12/23 23:59:43 connect() error: No connection could be made because the target machine actively refused it.(10061)
[PID18724] [D] 2020/12/23 23:59:43 Ws2_32_GenericTunnelTo(localhost:5354) connect failed!
[PID18724] [W] 2020/12/23 23:59:43 Mswsock.dll (FP)ConnectEx(2688 [::ffff:93.184.216.34]:80 28) PROXY ret: 0, wsa last error: No connection could be made because the target machine actively refused it.(10061)
Invoke-WebRequest: No connection could be made because the target machine actively refused it.
[USERNAME@DUST proxychains_0.6.8_win32_x64_debug]$[PID18724] [D] 2020/12/23 23:59:43 (In CreateProcessW) g_pRemoteData->dwDebugDepth = 1
[PID18724] [D] 2020/12/23 23:59:43 CreateProcessW: (null), "C:\Users\USERNAME\scoop\apps\lua\current\lua.exe" C:\Users\USERNAME\scoop\apps\z.lua\current\z.lua --add C:\Users\USERNAME\Desktop\proxychains_0.6.8_win32_x64_debug, lpProcessAttributes: 0x8fbf08d6f0, lpThreadAttributes: 0x8fbf08d6f0, bInheritHandles: 1, dwCreationFlags: 0, lpCurrentDirectory: C:\Users\USERNAME\Desktop\proxychains_0.6.8_win32_x64_debug; Ret: 1 Child winpid 16016, tid 10964
[PID18724] [D] 2020/12/23 23:59:43 Child is an X64 process.
[PID18724] [D] 2020/12/23 23:59:43 C:\Users\USERNAME\Desktop\proxychains_0.6.8_win32_x64_debug\proxychains_hook_x64d.dll
[PID18724] [D] 2020/12/23 23:59:43 pTargetPeb: 000000000031E000, TargetCtx.Rax - Rdx: 0000000000000000 0000000000000000 0000000000401500 000000000031E000.
[PID18724] [D] 2020/12/23 23:59:43 pTargetOriginalEntry: 0000000000401500
[PID16016] [D] 2020/12/23 23:59:43 (In InitHook) g_pRemoteData->dwDebugDepth = 2
[D] 2020/12/23 23:59:43 Child process winpid 16016 created.
[D] 2020/12/23 23:59:43 Registered child pid 16016
[D] 2020/12/23 23:59:43 PerProcessTable:
[D] 2020/12/23 23:59:43
[WINPID18724 PerProcessData]

[D] 2020/12/23 23:59:43
[WINPID16016 PerProcessData]

[PID16016] [D] 2020/12/23 23:59:43 I'm WINPID 16016 Hooked!
[PID18724] [D] 2020/12/23 23:59:43 I've Injected WINPID 16016
[D] 2020/12/23 23:59:43 Child process winpid 16016 exited (0000000000).
[D] 2020/12/23 23:59:43 PerProcessTable:
 [D] 2020/12/23 23:59:43
[WINPID18724 PerProcessData]

output of debug release.

@shunf4
Copy link
Owner

shunf4 commented Dec 24, 2020
edited
Loading

2 issues:

  • pwsh 7.1.0 uses an unknown function to resolve names, not intercepted by proxychains.exe
  • pwsh 7.1.0 then connects to the resolved IPv4 addresses using IPv4-mapped IPv6 addresses, which is not recognized and supported at present.

@shunf4
Copy link
Owner

shunf4 commented Dec 24, 2020

For a temporary solution, can you try disabling the IPv6 stack on Windows and see whether it works? (Note by this way, name resolving process is not proxified.)

@shunf4
Copy link
Owner

shunf4 commented Dec 24, 2020

  • pwsh 7.1.0 uses an unknown function to resolve names, not intercepted by proxychains.exe

an unknown function GetAddrInfoExW (not intercepted at present)

@HUMORCE
Copy link
Author

HUMORCE commented Dec 24, 2020

For a temporary solution, can you try disabling the IPv6 stack on Windows and see whether it works? (Note by this way, name resolving process is not proxified.)

tried, doesn't work.

  • pwsh 7.1.0 uses an unknown function to resolve names, not intercepted by proxychains.exe

an unknown function GetAddrInfoExW (not intercepted at present)

woah, the cat was caught.

@HUMORCE
Copy link
Author

HUMORCE commented Jan 1, 2021
edited
Loading 

proxychains -l D pwsh -Command 'iwr example.org'
[PID14808] [W] 2021/01/01 11:41:51 GetThreadContext() Failed: The parameter is incorrect.(87)
[PID14808] [E] 2021/01/01 11:41:51 Injecting WINPID 6108 Error: The parameter is incorrect.(87)

StatusCode        : 200
StatusDescription : OK
Content           : <!doctype html>
                    <html>
                    <head>
                        <title>Example Domain</title>

                        <meta charset="utf-8" />
                        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
                        <meta name="viewport" conten…
RawContent        : HTTP/1.1 200 OK
                    Age: 500383
                    Cache-Control: max-age=604800
                    Date: Fri, 01 Jan 2021 11:41:51 GMT
                    ETag: "3147526947+ident"
                    Server: ECS
                    Server: (sjc/16DD)
                    Vary: Accept-Encoding
                    X-Cache: HIT
                    Conten…
Headers           : {[Age, System.String[]], [Cache-Control, System.String[]], [Date, System.String[]], [ETag,
                    System.String[]]…}
Images            : {}
InputFields       : {}
Links             : {@{outerHTML=<a href="https://www.iana.org/domains/example">More information...</a>; tagName=A;
                    href=https://www.iana.org/domains/example}}
RawContentLength  : 1256
RelationLink      : {}


[I] 2021/01/01 11:41:52 All Windows descendant process exited.
[I] 2021/01/01 11:41:52 Master exiting
If the issue can't be reproduced, maybe caused by scoop shims.

ScoopInstaller/Scoop#3634
ScoopInstaller/Scoop#3998

switch to new scoop shim will not solve this issue.
the pwsh is not managed by proxychains.

[PID14808] [W] 2021/01/01 11:41:51 GetThreadContext() Failed: The parameter is incorrect.(87)
[PID14808] [E] 2021/01/01 11:41:51 Injecting WINPID 6108 Error: The parameter is incorrect.(87)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HUMORCE @shunf4