Compare commits
10 commits
f6b6b76a8a
...
e8eea9957b
| Author | SHA1 | Date | |
|---|---|---|---|
| e8eea9957b | |||
|
180463e4e3 | ||
|
|
76231151bd | ||
|
|
f77d9e8ef2 | ||
|
|
f6cec7915a | ||
|
|
4576b43151 | ||
|
|
ac8b200daa | ||
|
|
ca6ad38c41 | ||
|
|
553ec9aa12 | ||
|
|
bd954eeaf1 |
3 changed files with 119 additions and 28 deletions
81
README.md
81
README.md
|
|
@ -9,7 +9,86 @@ This is a tool to overcome the [deep packet inspection](https://en.wikipedia.org
|
|||
Typically there are two different ways of blocking the use of a service in the network. The first consists in dropping all tcp packets from all the ports but a few. With this kind of blocking a simple *telnet host port* would end up in a refused or not allowed connection. The second one is a little more sneaky and does allow you to connect any port, or at least don't explicitly blocks you, instead it keeps analyzing the patterns inside the packets and when some pattern that is blacklisted like ssh or smtp handshake messages then it will drop following packets for that TCP connection. The fundamental difference is the first don't allow you even to establish a tcp connection while the second simply start dropping the following packets after the pattern is found and matched with an internal blacklist. So if you can connect to a <host:port> and suddently the traffic just stops to flow that is a strong indicator that your network is being actively monitored. If you wanna be sure about that you can simply change the protocol over that port if, for instance, you have control over the server that is hosting the service in that port. As an example you can just change ssh port with the HTTP port and retry the connections. What most certainly will happen is that the strange behavior has now swapped ports this kind of dynamic blocking is only possible because the packets are being deeply monitored and changed/drop depending in a set of rules defined by whom controls the network topology.
|
||||
|
||||
|
||||
## How to use
|
||||
|
||||
|
||||
### Installation
|
||||
|
||||
First you got to clone the project into your working space
|
||||
|
||||
git clone git@github.com:Balhau/gossh2http.git
|
||||
|
||||
The next step we need to do is configure the GOROOT environment path
|
||||
|
||||
export GOPATH=$HOME/<working_folder>/gossh2http
|
||||
|
||||
|
||||
After you need to checkout some dependencies
|
||||
|
||||
go get github.com/fatih/color
|
||||
go get github.com/urfave/cli
|
||||
|
||||
Then you need to go into the src folder and type
|
||||
|
||||
go build ssh2http.go
|
||||
|
||||
|
||||
### Running the executable
|
||||
|
||||
To check the command line documentation you can run
|
||||
|
||||
./ssh2http help
|
||||
|
||||
and get an output like the following. *Note that this is yet in development and more changes are to come*
|
||||
|
||||
NAME:
|
||||
ssh2http - Ssh to http packet wrapping
|
||||
|
||||
USAGE:
|
||||
ssh2http --from <local_ssh2http_ip>:<port --to <remote_ssh2http_tunnel>:<port>
|
||||
|
||||
VERSION:
|
||||
1.0.0
|
||||
|
||||
AUTHOR:
|
||||
Balhau <balhau@balhau.net>
|
||||
|
||||
COMMANDS:
|
||||
help, h Shows a list of commands or help for one command
|
||||
|
||||
GLOBAL OPTIONS:
|
||||
--from value, -f value source HOST:PORT (default: "127.0.0.1:10000") [$SSH_FROM]
|
||||
--to value, -t value destination HOST:PORT [$SSH_TO]
|
||||
--serve, -s list local addresses
|
||||
--help, -h show help
|
||||
--version, -v print the version
|
||||
|
||||
COPYRIGHT:
|
||||
MIT License
|
||||
|
||||
To use this program you need to start the executable in two different points.
|
||||
|
||||
The idea behind this is explained in the following diagram
|
||||
|
||||
|
||||
|
||||
|------------| |---------------| wrappedPackets |---------------| |---------|
|
||||
| sshClient | -->| wrapperClient | --------------->| wrapperServer | --->|sshServer|
|
||||
|------------| |---------------| |---------------| |---------|
|
||||
|
||||
|
||||
So for this you need to start the wrapperServer in a machine outside the monitored network, and
|
||||
a wrapperClient in your sshClient machine, the steps are the following
|
||||
|
||||
|
||||
sudo ./ssh2http -s -f localhost:10000 -t sshserver.com:22 --> In the server machine
|
||||
./ssh2http -f localhost:10000 -t sshserver.com:10000
|
||||
ssh login@localhost:10000
|
||||
|
||||
As an running example you can check [here](https://www.youtube.com/watch?v=OK7DjsOyMp8) for a demo
|
||||
|
||||
|
||||
# Notes
|
||||
|
||||
This tool was inspired in a very nice tool developed from a friend. [FWD](https://github.com/kintoandar/fwd)
|
||||
Thanks @kintoandar for that
|
||||
Thanks [@kintoandar](https://twitter.com/kintoandar) for that
|
||||
|
|
|
|||
BIN
src/src
BIN
src/src
Binary file not shown.
|
|
@ -8,12 +8,25 @@ import (
|
|||
"github.com/urfave/cli"
|
||||
"net"
|
||||
"os"
|
||||
//"io"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
//"runtime"
|
||||
)
|
||||
|
||||
func logError(err error){
|
||||
if(err!=nil){
|
||||
}
|
||||
color.Set(color.FgRed)
|
||||
fmt.Println("Error reading:", err.Error())
|
||||
color.Unset()
|
||||
}
|
||||
|
||||
func logGreen(str string){
|
||||
color.Set(color.FgGreen)
|
||||
fmt.Println(str)
|
||||
color.Unset()
|
||||
}
|
||||
|
||||
|
||||
func chanFromConn(conn net.Conn) chan []byte {
|
||||
c := make(chan []byte)
|
||||
go func() {
|
||||
|
|
@ -80,9 +93,7 @@ func handleSshHandshakeServer(remoteAddress string,client net.Conn) (sshServer n
|
|||
|
||||
sshServer, err := net.Dial("tcp", remoteAddress)
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error connecting:", err.Error())
|
||||
}
|
||||
logError(err)
|
||||
|
||||
fmt.Println("Reading payload")
|
||||
|
||||
|
|
@ -90,9 +101,7 @@ func handleSshHandshakeServer(remoteAddress string,client net.Conn) (sshServer n
|
|||
|
||||
fmt.Println("Payload readed")
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error reading:", err.Error())
|
||||
}
|
||||
logError(err)
|
||||
|
||||
fmt.Println("Input String: ",string(bufIn))
|
||||
|
||||
|
|
@ -102,14 +111,11 @@ func handleSshHandshakeServer(remoteAddress string,client net.Conn) (sshServer n
|
|||
|
||||
payload, err := base64.StdEncoding.DecodeString(sshB64Payload)
|
||||
|
||||
logError(err)
|
||||
|
||||
strPayload := strings.Trim(string(payload),"")
|
||||
fmt.Println("payload: ",strPayload)
|
||||
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error reading:", err.Error())
|
||||
}
|
||||
|
||||
sshServer.Write([]byte(strPayload))
|
||||
|
||||
return sshServer
|
||||
|
|
@ -120,15 +126,11 @@ func handleSshHandshakeClient(remoteAddress string,client net.Conn) (sshServer n
|
|||
|
||||
sshServer, err := net.Dial("tcp", remoteAddress)
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error connecting:", err.Error())
|
||||
}
|
||||
logError(err)
|
||||
|
||||
_,err = client.Read(bufIn)
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error reading:", err.Error())
|
||||
}
|
||||
logError(err)
|
||||
|
||||
stringInput := strings.Trim(string(bufIn),"\x00")
|
||||
|
||||
|
|
@ -204,20 +206,30 @@ func main(){
|
|||
}
|
||||
|
||||
app.Flags = []cli.Flag{
|
||||
cli.BoolFlag{
|
||||
Name: "serve, s",
|
||||
Usage: "list local addresses",
|
||||
cli.StringFlag{
|
||||
Name: "from, f",
|
||||
Value: "127.0.0.1:10000",
|
||||
EnvVar: "SSH_FROM",
|
||||
Usage: "source HOST:PORT",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "to, t",
|
||||
EnvVar: "SSH_TO",
|
||||
Usage: "destination HOST:PORT",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "serve, s",
|
||||
Usage: "list local addresses",
|
||||
},
|
||||
}
|
||||
|
||||
color.Set(color.FgGreen)
|
||||
fmt.Println("This is a green message")
|
||||
color.Unset()
|
||||
app.Action = func(c *cli.Context) error {
|
||||
if c.Bool("serve"){
|
||||
serveServer("localhost:10100","localhost:10200")
|
||||
logGreen("Started shh2http server-server")
|
||||
serveServer(c.String("from"),c.String("to"))
|
||||
}else{
|
||||
serveClient("localhost:10000","localhost:10100")
|
||||
logGreen("Started shh2http server-client")
|
||||
serveClient(c.String("from"),c.String("to"))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue