aploium / shootback Goto Github PK
View Code? Open in Web Editor NEWa reverse TCP tunnel let you access target behind NAT or firewall
License: MIT License
a reverse TCP tunnel let you access target behind NAT or firewall
License: MIT License
Modern security standards do not support old/weak short ssl key/cert setups. I also encountered other issues which I had to fix. Also there must be a way to make it work with self-signed cert. Can you make the changes in your code?
I really like this project. The code is robust. You have done a wonderful job. I am using this in stead of ssh as some virtual environment I work with block ssh connections.
For this to work i had to make these changes
Slaver :
def _make_ssl_context(self):
if ssl is None:
log.warning('ssl module is NOT valid in this machine! Fallback to plain')
return None
ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
return ctx
Master:
def _make_ssl_context(self):
if ssl is None:
log.warning('ssl module is NOT valid in this machine! Fallback to plain')
return None
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
_certfile = tempfile.mktemp()
with open(_certfile, 'w') as fw:
fw.write(_DEFAULT_SSL_CERT)
_keyfile = tempfile.mktemp()
with open(_keyfile, 'w') as fw:
fw.write(_DEFAULT_SSL_KEY)
ctx.load_cert_chain(_certfile, _keyfile)
os.remove(_certfile)
os.remove(_keyfile)
return ctx
Without these modifications, I could not get this to work.
I would request you to modify the code in line with modern standards. Also is it possible to make it work with self-signed cert?
centos7.5作为slaver,master和slaver是能连接通的,但是报了以下错误信息,求助解决方案?
但是以下master和slaver调换一下就没有问题,centos7.5作为master,mac作为slaver,一切正常;
master
➜ shootback [master] python3 master.py -m 0.0.0.0:10000 -c 0.0.0.0:20000
[INFO 2018-07-27 15:00:42,478] shootback 2.2.8-r13 running as master
[INFO 2018-07-27 15:00:42,478] author: Aploium <[email protected]> site: https://github.com/aploium/shootback
[INFO 2018-07-27 15:00:42,478] slaver from: 0.0.0.0:10000 customer from: 0.0.0.0:20000
[INFO 2018-07-27 15:00:42,479] heart beat daemon start, delay: 30s
[INFO 2018-07-27 15:00:42,479] Listening for slavers: 0.0.0.0:10000
[INFO 2018-07-27 15:00:42,479] Listening for customers: 0.0.0.0:20000
[INFO 2018-07-27 15:00:42,480] SocketBridge daemon started
[INFO 2018-07-27 15:00:44,830] Got slaver 192.168.94.133:33930 Total: 1
[INFO 2018-07-27 15:00:44,833] Got slaver 192.168.94.133:33932 Total: 2
[INFO 2018-07-27 15:00:44,835] Got slaver 192.168.94.133:33934 Total: 3
[INFO 2018-07-27 15:00:44,838] Got slaver 192.168.94.133:33936 Total: 4
[INFO 2018-07-27 15:00:44,842] Got slaver 192.168.94.133:33938 Total: 5
[WARNING 2018-07-27 15:01:12,488] error during heartbeat to 192.168.94.133:33930: received zero bytes, socket was closed
[WARNING 2018-07-27 15:01:12,497] heart beat failed: 192.168.94.133:33930, time: 11.61ms
[WARNING 2018-07-27 15:01:12,502] error during heartbeat to 192.168.94.133:33932: received zero bytes, socket was closed
[WARNING 2018-07-27 15:01:12,503] heart beat failed: 192.168.94.133:33932, time: 5.76ms
[WARNING 2018-07-27 15:01:12,513] error during heartbeat to 192.168.94.133:33934: received zero bytes, socket was closed
[WARNING 2018-07-27 15:01:12,514] heart beat failed: 192.168.94.133:33934, time: 10.53ms
[WARNING 2018-07-27 15:01:12,525] error during heartbeat to 192.168.94.133:33936: received zero bytes, socket was closed
[WARNING 2018-07-27 15:01:12,525] heart beat failed: 192.168.94.133:33936, time: 11.58ms
[WARNING 2018-07-27 15:01:12,531] error during heartbeat to 192.168.94.133:33938: received zero bytes, socket was closed
[WARNING 2018-07-27 15:01:12,531] heart beat failed: 192.168.94.133:33938, time: 5.74ms
[WARNING 2018-07-27 15:01:12,531] heart_beat_daemon: sorry, no slaver available, keep sleeping
[INFO 2018-07-27 15:01:12,565] Got slaver 192.168.94.133:33940 Total: 1
[INFO 2018-07-27 15:01:12,581] Got slaver 192.168.94.133:33942 Total: 2
slaver:
➜ shootback git:(master) python slaver.py -m 192.168.98.178:10000 -t 0.0.0.0:80
[INFO 2018-07-27 15:00:44,811] shootback 2.2.8-r13 slaver running
[INFO 2018-07-27 15:00:44,812] author: Aploium <[email protected]> site: https://github.com/aploium/shootback
[INFO 2018-07-27 15:00:44,812] Master: 192.168.98.178:10000
[INFO 2018-07-27 15:00:44,812] Target: 0.0.0.0:80
[INFO 2018-07-27 15:00:44,812] running as slaver, master addr: 192.168.98.178:10000 target: 0.0.0.0:80
[INFO 2018-07-27 15:00:44,812] SocketBridge daemon started
[INFO 2018-07-27 15:00:44,820] connected to master[192.168.98.178:10000] at 192.168.94.133:33930 total: 1
[INFO 2018-07-27 15:00:44,823] connected to master[192.168.98.178:10000] at 192.168.94.133:33932 total: 2
[INFO 2018-07-27 15:00:44,825] connected to master[192.168.98.178:10000] at 192.168.94.133:33934 total: 3
[INFO 2018-07-27 15:00:44,828] connected to master[192.168.98.178:10000] at 192.168.94.133:33936 total: 4
[INFO 2018-07-27 15:00:44,832] connected to master[192.168.98.178:10000] at 192.168.94.133:33938 total: 5
[WARNING 2018-07-27 15:01:12,478] bad handshake or timeout between: 192.168.98.178:10000 and 192.168.94.133:33930
[WARNING 2018-07-27 15:01:12,478] a slaver[192.168.94.133:33930] abort due to handshake error or timeout
[WARNING 2018-07-27 15:01:12,491] bad handshake or timeout between: 192.168.98.178:10000 and 192.168.94.133:33932
[WARNING 2018-07-27 15:01:12,491] a slaver[192.168.94.133:33932] abort due to handshake error or timeout
[WARNING 2018-07-27 15:01:12,499] bad handshake or timeout between: 192.168.98.178:10000 and 192.168.94.133:33934
[WARNING 2018-07-27 15:01:12,500] a slaver[192.168.94.133:33934] abort due to handshake error or timeout
[WARNING 2018-07-27 15:01:12,515] bad handshake or timeout between: 192.168.98.178:10000 and 192.168.94.133:33936
[WARNING 2018-07-27 15:01:12,515] a slaver[192.168.94.133:33936] abort due to handshake error or timeout
[WARNING 2018-07-27 15:01:12,521] bad handshake or timeout between: 192.168.98.178:10000 and 192.168.94.133:33938
[WARNING 2018-07-27 15:01:12,521] a slaver[192.168.94.133:33938] abort due to handshake error or timeout
[INFO 2018-07-27 15:01:12,553] connected to master[192.168.98.178:10000] at 192.168.94.133:33940 total: 1
[INFO 2018-07-27 15:01:12,567] connected to master[192.168.98.178:10000] at 192.168.94.133:33942 total: 2
当 服务端断网再恢复网络 或者 强行关闭再启动服务器端, 客户端无法重连上来.
当 客户端断网恢复或更换IP地址后, 也无法自动连上服务端
需要重启服务端/客户端 才可以
Or socat, or netcat, or... :)
关闭时,有时端口被占用,建议:有masterstart.py 和 masterstop.py 管理进程
这工具能用来翻墙吗
how to access all open port services from local to client, because there are many port such as rdp, flask, some services at different ports etc. how to use ip virtualisation such as use domain instead of ip and local server can be accessed anywhere
In some special network environment, like some company or school,
you must using proxy to connect to the Internet.
In this situation, slaver need to use proxy to connect to the master.
Hope you can support for SOCKS5 proxy as well~
一台vps运行master,两台slaver实现p2p互联,握手通过vps,接下来的数据传输实现p2p
I would appreciate if master after receiving the connection from slaver would fork itself listening on port received from client and that port is defined in separate GET request received before fork.
The Case:
I am running socks5 proxy server together with slaver and this socks is redirected to public ip and port in master. This simple reversed connection works. Problem I am facing is with multiple slavers with socks proxy running behind NAT. Master is not able to manage multiple connections from public internet to each separate proxy on separate public ports on server's public ip.
Would it be possible for you to write such functionality?
I got a error number 11 after several packets when transfering large data. The error message is BlockingIOError(11, 'Resource temporarily unavailable')
.
Line 277 in cab462c
It seems that errno.EWOULDBLOCK should be considered. My guess is that even the socket is writeable, but it may not be able to send a big chunk of data to remote pair.
如题
/home/common_func.py:24: UserWarning: selectors module not available, fallback to select
warnings.warn('selectors module not available, fallback to select')
Traceback (most recent call last):
File "slaver.py", line 396, in
main_slaver()
File "slaver.py", line 359, in main_slaver
args = argparse_slaver()
File "slaver.py", line 311, in argparse_slaver
https://github.com/aploium/shootback""".format(ver=version_info()),
File "/home/tomcat/common_func.py", line 68, in version_info
return "{}.{}.{}-r{}".format(*version)
ValueError: zero length field name in forma
slaver和master即使设置不同的key,也可以连接成功和正常使用。
服务端如何配置才能支持https
服务端运行在windows上,客户端运行在ubuntu 14上面,很多连接处于fin_wait2,导致从服务器转发连接,从客户端获取数据失败。
我有如下的部署:
局域网内的主机A,有 ipv4 地址和 ipv6 地址,作为网络服务器。ipv4 地址不是公网 ip,而 ipv6 地址是公网 ip,因此我做了一个 AAAA 的域名解析,因此我的域名可以直接访问这台内网主机A。但是,由于很多人没有 ipv6 环境,所以我还是需要内网穿透来提供 ipv4 服务。
阿里云上的主机B,有 ipv4 地址,因此我对相同的域名又设置了一个DNS的A记录,由此访客没有ipv6网络,则访问到的实际上是B主机,我在B主机和A主机之间通过 shootback 进行端口转发。由此,一个 ipv4和ipv6的双栈便搭建好了。
问题是,对于没有ipv6网络的访客,目前好像是B主机记录其真实 IP 地址,到了A主机那里显示的 ip 地址不体现真实访客。比如,A主机上的 shootback 日志里显示的是 A 和 B 之间的连接信息,apache 的 access.log 里体现的访客 ip 地址是 127.0.0.1. 唯一能看到访客 ip 的是从A主机的shootback日志里。
有什么办法能让内网中的 B 也显示访客的真实 ip 地址呢?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.