My Workflow
Since GitHub Actions is an IaaS, and Actions Hackathon 2021 allows Wacky Wildcards, I wonder if I can use it as a proxy and view the internet from the perspective of GitHub's servers. So I created a proof of concept SOCKS5 proxy hosted on GitHub Actions.
As GitHub Actions runners are firewalled from incoming connections, what I did is connect to it through Cloudflare Tunnel. And as Cloudflare Tunnel can't tunnel TCP connections (we can use Ngrok but that's for another story), we tunnel SOCKS5 through websockets using Chisel.
Here you can see that I'm browsing the internet using Microsoft's IP address.
Here you can see a speed test from my 45 mbps internet connection.
This action can also be used as a VPN.
Submission Category:
Wacky Wildcards
Yaml File or Link to Code
name: Host Chisel SOCKS5 Proxyon: workflow_dispatch: inputs: time-duration: description: Time to run chisel required: true default: 10mjobs: socks5-proxy: runs-on: ubuntu-latest steps: - name: Install chisel working-directory: ${{ runner.temp }} env: version: 1.7.6 run: | aria2c -x 16 "https://github.com/jpillora/chisel/releases/latest/download/chisel_${version}_linux_amd64.gz" gzip -d chisel_${version}_linux_amd64.gz mv chisel_${version}_linux_amd64 /usr/local/bin/chisel chmod +x /usr/local/bin/chisel - name: Setup Cloudflare Tunnel client uses: AnimMouse/setup-cloudflared@v1 with: cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }} cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }} cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }} cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }} - name: Run chisel run: timeout "${{ github.event.inputs.time-duration }}" chisel server --socks5 || true - name: Shutdown and view logs of Cloudflare Tunnel if: always() uses: AnimMouse/setup-cloudflared/shutdown@v1
AnimMouse / SOCKS5-proxy-actions
SOCKS5 proxy running on GitHub Actions using Chisel
SOCKS5 Proxy Actions
SOCKS5 Proxy hosted on GitHub Actions.
Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.
As GitHub Actions runner does not have a public IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.
This GitHub action participated onGitHub Actions Hackathon 2021, but sadly, it lost.
Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet
Deprecation
This workflow is deprecated as this may potentially violate theGitHub Actions Terms of Service, please useAnimMouse/SOCKS5-Proxy-Codespaces instead.
Actions should not be used for:
- cryptomining;
- disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the GitHub Bug Bounty program);
- the provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;
- …
Additional Resources / Info
AnimMouse / setup-cloudflared
Setup/Install Cloudflare Tunnel client for GitHub Actions
Setup cloudflared for GitHub Actions
SetupCloudflare Tunnel client for GitHub Actions.
This action installscloudflared for use in actions by installing it on tool cache usingAnimMouse/tool-cache.
This GitHub action participated in theGitHub Actions Hackathon 2021, but sadly, it lost.
Test page for setup-cloudflared:https://setup-cloudflared.44444444.xyz (This will only work when the test action is running.)
Usage
To usecloudflared, run this action beforecloudflared.
steps: -name:Setup cloudflareduses:AnimMouse/setup-cloudflared@v2 -name:Check cloudflared versionrun:cloudflared -v
Cloudflare Tunnel Usage
Use Cloudflare Tunnel to expose servers running inside GitHub Actions to the Internet.
- Encode the JSON credential in Base64 using this command
base64 -w 0 <cloudflare-tunnel-id>.jsonand paste it toCLOUDFLARE_TUNNEL_CREDENTIALsecret. - Inside the config.yaml, set
credentials-file:to- Ubuntu:
/home/runner/.cloudflared/<cloudflare-tunnel-id>.json - Windows:
C:\Users\runneradmin\.cloudflared\<cloudflare-tunnel-id>.json - macOS:
/Users/runner/.cloudflared/<cloudflare-tunnel-id>.json
- Ubuntu:
- Encode the config.yaml in Base64 using this command
base64 -w 0 config.yamland…
Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
Table of Contents
Features
- Easy to use
- Performant*
- Encrypted connections using the SSH protocol (via
crypto/ssh) - Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
- Client auto-reconnects withexponential backoff
- Clients can create multiple tunnel endpoints over one TCP connection
- Clients can optionally pass through SOCKS or HTTP CONNECT proxies
- Reverse port forwarding (Connections go through the server and out the client)
- Server optionally doubles as areverse proxy
- Server optionally allowsSOCKS5 connections (Seeguide below)
- Clients optionally allowSOCKS5 connections from a reversed port…
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
