table of Contents
What is a proxy
The client cannot directly request the server, but can only send the request to the forwarding proxy server (referred to as the proxy server). The proxy server forwards the request to the server, and then forwards the response back to the client after receiving the server's response. Applicable to when the client accesses the external network from the internal network, it may not be able to directly access the external network due to the existence of the firewall. At this time, it needs to use the forwarding proxy server to access the external network
Forward proxy
The internal network cannot directly access the external network, and the external network must be accessed through a proxy server.
This is a 代理服务器
visit 问服务器
, and the user knows which server I want to request. But the server does not know which user requested it, and the user is hidden.
Reverse proxy
The server cannot be accessed on the intranet. So 服务器把自己的信息放到代理服务器上
, then the user is going to access the proxy server. For example, if I use my personal computer as a server to build a website, it can be said that my server is in the intranet. Obviously, I cannot access my website directly from the public Internet. At this time, a reverse proxy is needed.
Assume that port 80 of the proxy server can only be accessed from the internal network, and port 8080 can be accessed from the public network.
8080 users from the public network port to access the proxy server, over a period of say, 服务器将自己的信息放到代理服务器上
. The proxy server is looking for it on its own body to see if the server requested by the user has left information on its body.
If yes, the proxy server forwards the user's request to port 80 through nat and other methods, and then port 80 of the proxy server accesses the server on the intranet.
If the server requested by the user does not leave any information on the proxy server. I'm sorry, I can't visit. (Obviously, I used a proxy server to act as a proxy for the server on my intranet, so you can access my server from the public network through the proxy server. But you can’t access other people’s intranet servers through this proxy server. , He did not act as a proxy on the proxy server)
that one
-l 指定要监听的本地端口
-d 指定要反弹到的机器 ip
-e 指定要反弹到的机器端口
-f 指定要主动连接的机器 ip
-g 指定要主动连接的机器端口
-t 指定超时时长,默认为 1000
ew forward proxy
kali ip: 172.16.11.83
windows 1 ip: 192.168.177.134
windows 2 ip: 192.168.0.114
Directly use windows 2 (192.168.0.114) to remotely connect to windows 1 (192.168.177.134).
So win 2 visits kali, and kali visits win 1. Indirectly achieved the goal.
./ew_for_Linux32 -s lcx_tran -l 1080 -f 192.168.177.134 -g 3389
………………
ew reverse proxy
./ew_for_linux64 -s lcx_listen -l 1080 -e 8080
ew_for_Win.exe -s lcx_slave -d 192.168.0.114 -e 8080 -f 192.168.177.134 -g 3389
Reference materials
https://blog.csdn.net/ws13129/article/details/94445378
ssh
centos ip : 172.16.11.78
kali ip : 172.16.11.83
First, centos starts the web service.
Here, create a new 123.html file in the root directory of the website
. The content is i am 172.16.11.78. That is, the ip address of centos.
ssh forward proxy
grammar
ssh -L [客户端IP或省略]:[客户端端口]:[服务器侧能访问的IP]:[服务器侧能访问的IP的端口] [登陆服务器的用户名@服务器IP]
-g:允许远程主机连接主机(host)的转发端口;
-f 后台执行ssh指令
-C 允许压缩数据
-N 不执行远程指令
-R 将远程主机(服务器)的某个端口转发到本地主机指定的端口 //即反向代理
-L 将本地机(客户机)的某个端口转发到远端指定机器的指定端口 //即正向代理
-p 指定远程主机的端口
Demo
Enter in kali
ssh -CfNg -L 172.16.11.83:80:172.16.11.78:80 root@172.16.11.78
(Direct access to 172.16.11.78, no access. 172.16.11.83 can access 172.16.11.78)
At this point, when you visit 172.16.11.83 in the browser, the content of 172.16.11.78 is displayed.
ssh reverse proxy
/etc/ssh/sshd_config
GatewayPorts yes
ssh -R 80:192.168.177.134:22 root@47.*.*.232
Ssh root@localhost –p 80
Refer to
http://www.toxingwang.com/linux-unix/2581.html
FRP intranet penetration
Client: kali 172.16.11.83
Server: centos 47.*.*.232
(remote host)
Server side (1)
The server deletes the file about the client
rm -rf frpc*
Then modify the server configuration file (frps.ini)
vi frps.ini
[common]
bind_port = 7000
vhost_http_port = 8080
[common]
Part of the required configuration
bind_port
is that the frp server port
vhost_http_port
is the http access port
Then save and start the frp server
./frps -c ./frps.ini
Client (1)
Again, to avoid typing mistakes. The client deletes all files on the server.
rm -rf frps*
Then change the configuration file
vi frpc.ini
[common]
server_addr = 47.*.*.232
server_port = 7000
# server_addr填frp服务端的ip(也就是外网主机的IP),server_port填frp服务端的bind_prot。
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
# local_port 是本地的ssh端口
[web]
type = http
local_port = 80
custom_domains = www.*.cn
# local_port 是本地的web端口,custom_domains为要映射的域名,记得域名的A记录要解析到外网主机的IP(当然,也可以改hosts文件)
Then save and run frp client
./frps -c ./frps.ini
The time expires and the remote server is replaced with a local virtual machine
Server (2)
The operation is the same as (1), and the feedback after successful operation is as follows:
Client (2)
DNS tunnel
……
HTTPS tunnel
……
Use subdomains of well-known websites
For example, websites such as github and twitter can allow users to create subdomains.
C&C service