lyc8503 / easierconnect Goto Github PK
View Code? Open in Web Editor NEW深信服 EasyConnect 第三方开源 Golang 客户端 / Sangfor EasyConnect protocol reimplementation in Go
深信服 EasyConnect 第三方开源 Golang 客户端 / Sangfor EasyConnect protocol reimplementation in Go
APPID最好不包含斜杠符号(/),因为fyne存储Preferences时,会存储在....../fyne/APPID/preferences.json中(至少在macOS中),如果包含,会使APPID被解析为多层目录存储。
因此APPID 最好是全小写的反写域名命名,如可以用com.github.lyc8503.easierconnect等。
cc @6769
感谢作者的贡献,新年快乐!:)
求助大佬,系统 Windows11 22H2
cpu AMD Ryzen 7 5800H
下载 TestBuild14 里面的 EasierConnect-windows-amd64.zip ,解压双击闪一下就没了,可咋整?
product: sanfor SSL VPN
version: M7.6.8R2
2023/01/23 08:28:55 Login Request: https://xxxxxxxxxx.com/por/login_psw.csp?anti_replay=1&encrypt=1
panic: Login FAILED: <?xml version="1.0" encoding="utf-8"?>
<Auth>
<LBEnabled>0</LBEnabled>
<Message><![CDATA[password auth success]]></Message>
<Result>1</Result>
<TwfID>4e2025688d4b4810</TwfID>
<pwpErrorCode>0</pwpErrorCode>
<ErrorCode>1</ErrorCode>
<CurAuth>1</CurAuth>
<CSRF_RAND_CODE>1589546080</CSRF_RAND_CODE>
<EnableMAM>0</EnableMAM>
<IsFirstAuth>1</IsFirstAuth>
<AuthInfo><![CDATA[]]></AuthInfo>
</Auth>
goroutine 1 [running]:
main.WebLogin()
EasierConnect/web_login.go:103 +0x20e5
main.main()
EasierConnect/protocol.go:119 +0x45
你好,当我运行时显示如下信息。
Error occurred while recv, retrying: EOF
panic: recv retry limit exceeded.
goroutine 36 [running]:
EasierConnect/core.StartProtocol.func1()
EasierConnect/core/protocol.go:196 +0x105
created by EasierConnect/core.StartProtocol
EasierConnect/core/protocol.go:199 +0xd2
服务端版本:未知
EasierConnect版本:13
连接过程中报错如下:
2023/01/27 21:42:39 Login Request: https://xxx:443/por/login_auth.csp?apiversion=1
2023/01/27 21:42:39 WARNING: No CSRF Code Match. Maybe you're connecting to an older server? Continue anyway...
2023/01/27 21:42:39 Login Request: https://xxxx:443/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
2023/01/27 21:42:39 No NextAuth found.
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x19
EasierConnect/core.WebLogin({0xc000024618?, 0x2?}, {0xc00001c120, 0x8}, {0xc00001c170, 0xa})
EasierConnect/core/web_login.go:149 +0x16de
EasierConnect/core.(*EasyConnectClient).Login(0xc000115ef0, {0xc00001c120?, 0xc000115e90?}, {0xc00001c170?, 0x2?})
EasierConnect/core/EasyConnectClient.go:35 +0x91
main.main()
EasierConnect/main.go:39 +0x5bb
2023/01/27 21:42:39 Login FAILED: 0 101-100https://:0-1
我对这一块怎么实现的非常感兴趣,尤其是逆向的的思路,希望作者能出个教程,个人愿意付费
如果该程序可以有容易的启动方式,那么设计一个简单的登录UI,并后台于状态栏方便重新连接,那么将更方便使用?
我的一些想法有:
1、分出核心package , cli和gui程序可以分别完成
2、考虑一些Go的跨平台易于使用的GUI库实现,如fyne等
3、使用Electron等套壳cli程序。
最后,感谢作者的贡献!
登录需要TOTP,但到如下错误就退出了
2023/01/24 11:11:41 Login Request: https://serveradd:port/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
2023/01/24 11:11:41 No NextAuth found.
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x19
EasierConnect/core.WebLogin({0xc0000a2540?, 0x2?}, {0xc00009e100, 0x5}, {0xc00009e150, 0x10})
EasierConnect/core/web_login.go:142 +0x162d
EasierConnect/core.(*EasyConnectClient).Login(0xc0000c1ef0, {0xc00009e100?, 0xc0000c1e90?}, {0xc00009e150?, 0x2?})
EasierConnect/core/EasyConnectClient.go:35 +0x91
main.main()
EasierConnect/main.go:38 +0x5bb
2023/01/24 11:11:41 Login FAILED: <?xml version="1.0" encoding="utf-8"?>
<Auth>
<LBEnabled>1</LBEnabled>
<CSRF_RAND_CODE>CODEHERE</CSRF_RAND_CODE>
<AuthInfo><![CDATA[]]></AuthInfo>
<Note><![CDATA[Server forbidden access!]]></Note>
<ErrorCode>20113</ErrorCode>
<Result>0</Result>
<Message><![CDATA[not allow to login now]]></Message>
</Auth>
举个例子,在官方客户端,输入vpn.nju.edu.cn进行连接,但最后选择的服务器域名可能是vpn1.nju.edu.cn,vpn3.nju.edu.cn, 等, 这些可能会走不同的网络线路,但是本客户端尚未考虑,可能导致以下两点:
以上问题暂未有实际情况依据,仅供提议,多域名的存在应该是为了负载均衡以及同一地区的线路接入择优。
最后,感谢作者的贡献,新年快乐!:)
作者新年好🎇,软件很好用,我遇到个问题就是我学校的知网链接通过代理无法正常获取到响应,出现的这些报错和通过代理访问非校园网内的链接是一样的,所以我这里是访问了baidu的日志
2023/01/28 19:09:53 socks dial: www.baidu.com:80
2023/01/28 19:09:56 Error occurred while send, retrying: write tcp 192.168.1.101:49332->
61.138.251.102:443: wsasend: An established connection was aborted by the software in your host machine.
2023/01/28 19:09:56 socket: connected to: 61.138.251.102:443
2023/01/28 19:09:56 tls: connected to: 61.138.251.102:443
2023/01/28 19:09:56 send handshake: wrote 64 bytes
00000000 05 00 00 00 39 65 36 34 62 39 36 33 39 31 38 64 |....9e64b963918d|
00000010 32 66 61 62 63 65 36 31 31 34 65 32 30 30 36 36 |2fabce6114e20066|
00000020 36 30 31 00 32 39 61 33 33 66 61 35 63 63 36 37 |601.29a33fa5cc67|
00000030 32 30 30 36 00 00 00 00 00 00 00 00 15 ef 4b 3b |2006..........K;|
2023/01/28 19:09:57 send handshake: read 36 bytes
00000000 08 00 00 00 00 00 00 00 00 17 78 02 90 eb 4f 07 |..........x...O.|
00000010 30 39 af e5 ff 7f 00 00 17 0c ca 31 0f 7f 00 00 |09.........1....|
00000020 00 00 00 00 |....|
2023/01/28 19:09:57 Error occurred while send, retrying: unexpected send handshake reply
2023/01/28 19:09:57 socket: connected to: 61.138.251.102:443
2023/01/28 19:09:57 tls: connected to: 61.138.251.102:443
2023/01/28 19:09:57 send handshake: wrote 64 bytes
00000000 05 00 00 00 39 65 36 34 62 39 36 33 39 31 38 64 |....9e64b963918d|
00000010 32 66 61 62 63 65 36 31 31 34 65 32 30 30 36 36 |2fabce6114e20066|
00000020 36 30 31 00 32 39 61 33 33 66 61 35 63 63 36 37 |601.29a33fa5cc67|
00000030 32 30 30 36 00 00 00 00 00 00 00 00 15 ef 4b 3b |2006..........K;|
2023/01/28 19:09:57 send handshake: read 36 bytes
00000000 08 00 00 00 00 00 00 00 00 17 78 02 90 eb 4f 07 |..........x...O.|
00000010 30 39 af e5 ff 7f 00 00 17 0c ca 31 0f 7f 00 00 |09.........1....|
00000020 00 00 00 00 |....|
2023/01/28 19:09:57 Error occurred while send, retrying: unexpected send handshake reply
2023/01/28 19:09:57 socket: connected to: 61.138.251.102:443
2023/01/28 19:09:57 tls: connected to: 61.138.251.102:443
2023/01/28 19:09:57 send handshake: wrote 64 bytes
00000000 05 00 00 00 39 65 36 34 62 39 36 33 39 31 38 64 |....9e64b963918d|
00000010 32 66 61 62 63 65 36 31 31 34 65 32 30 30 36 36 |2fabce6114e20066|
00000020 36 30 31 00 32 39 61 33 33 66 61 35 63 63 36 37 |601.29a33fa5cc67|
00000030 32 30 30 36 00 00 00 00 00 00 00 00 15 ef 4b 3b |2006..........K;|
2023/01/28 19:09:57 send handshake: read 36 bytes
00000000 08 00 00 00 00 00 00 00 00 17 78 02 90 eb 4f 07 |..........x...O.|
00000010 30 39 af e5 ff 7f 00 00 17 0c ca 31 0f 7f 00 00 |09.........1....|
00000020 00 00 00 00 |....|
2023/01/28 19:09:57 Error occurred while send, retrying: unexpected send handshake reply
2023/01/28 19:09:57 socket: connected to: 61.138.251.102:443
2023/01/28 19:09:57 tls: connected to: 61.138.251.102:443
2023/01/28 19:09:58 send handshake: wrote 64 bytes
00000000 05 00 00 00 39 65 36 34 62 39 36 33 39 31 38 64 |....9e64b963918d|
00000010 32 66 61 62 63 65 36 31 31 34 65 32 30 30 36 36 |2fabce6114e20066|
00000020 36 30 31 00 32 39 61 33 33 66 61 35 63 63 36 37 |601.29a33fa5cc67|
00000030 32 30 30 36 00 00 00 00 00 00 00 00 15 ef 4b 3b |2006..........K;|
2023/01/28 19:09:58 send handshake: read 36 bytes
00000000 08 00 00 00 00 00 00 00 00 17 78 02 90 eb 4f 07 |..........x...O.|
00000010 30 39 af e5 ff 7f 00 00 17 0c ca 31 0f 7f 00 00 |09.........1....|
00000020 00 00 00 00 |....|
2023/01/28 19:09:58 Error occurred while send, retrying: unexpected send handshake reply
panic: send retry limit exceeded.
goroutine 41 [running]:
EasierConnect/core.StartProtocol.func2()
EasierConnect/core/protocol.go:210 +0x105
created by EasierConnect/core.StartProtocol
EasierConnect/core/protocol.go:213 +0x167
这是我用来发送请求的nodejs代码(可证明不是浏览器中其他链接的干扰)
const superagent = require('superagent')
require('superagent-proxy')(superagent)
superagent.get('http://www.baidu.com/')
.disableTLSCerts()
.proxy('socks://127.0.0.1:2500')
.then(e => {
console.log(e);
})
不知是不是我使用的操作不当👀
I tried to use vpn on win11 but got this error:
2023/01/24 20:42:48 Login Request: https://vpn.tju.edu.cn:443/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
2023/01/24 20:42:48 No NextAuth found.
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x83
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x1a
EasierConnect/core.WebLogin({0x11c9a540, 0x12}, {0x11c96140, 0xa}, {0x11c96178, 0x8})
EasierConnect/core/web_login.go:142 +0x1963
EasierConnect/core.(*EasyConnectClient).Login(0x11ca9f80, {0x11c96140, 0xa}, {0x11c96178, 0x8})
EasierConnect/core/EasyConnectClient.go:35 +0x8d
main.main()
EasierConnect/main.go:38 +0x623
2023/01/24 20:42:48 Login FAILED: <?xml version="1.0" encoding="utf-8"?>
<Auth>
<LBEnabled>0</LBEnabled>
<CSRF_RAND_CODE>121068608</CSRF_RAND_CODE>
<AuthInfo><![CDATA[]]></AuthInfo>
<Note><![CDATA[Server forbidden access!]]></Note>
<ErrorCode>20113</ErrorCode>
<Result>0</Result>
<Message><![CDATA[not allow to login now]]></Message>
</Auth>
有可能通过截获 EasyConnect 官方客户端的服务进程和前端(服务端网页/客户端gui)的通讯来获取登录后的 twfId,从而将其用于给 EasierConnect 连接 vpn。
除了调试外,主要的应用场景可能是遇到 EasierConnect 尚未适配的登录方式时,作为一种暂时的变通方式,也可以尽可能地由开源实现来连接深信服的 vpn。即:仅登录部分需要使用深信服专有客户端的一部分,其余部分由 EasierConnect 完成。在 GNU/Linux 版的 EasyConnect 官方客户端中,对这个深信服的服务进程或许可以做到(相比于 docker/podman)较为轻量级的隔离(待验证)。
78f5625 “撤回了 AGPLv3”,事实上 AGPLv3 是无法撤回的:
如果继续保留现在无许可证和 AGPLv3 代码混合的状态,同时如果后续的其他 fork 也沿用了 78f5625,则这些 fork 也可能会有许可证问题。因此我建议 main 分支恢复 AGPLv3 许可证(revert 78f5625)。
以上只是我的一些愚见,再次感谢作者的项目。
https://gist.github.com/githuu5y5u/e9d20ef43f46f61bf0171ed1cea18538
登录一切正常 (-twf-id 方式) 且试了远端路由表上的IP但就是走不通, 原版客户端版本 7.6.11 一切正常
Windows 11 家庭中文版 22H2 22623.1245
从 releases 页面下载Windows AMD64 zip 包,被报毒拦截,链接: https://github.com/lyc8503/EasierConnect/releases/download/TestBuild14/EasierConnect-windows-amd64.zip
应该是 Windows Defender 误报,对病毒检测不太了解,估计是 go 二进制被错误识别了
用 virustotal 在线病毒检测,没有问题
https://www.virustotal.com/gui/url/4c8b8166c6153af4d391e5ef563d71d70deb6cb370516e0e8eee11c92c245a14/detection
When I was using the socks proxy after the connection has been established, I'll get these. But it had work a while.
panic: send retry limit exceeded.
goroutine 35 [running]:
EasierConnect/core.StartProtocol.func2()
/Users/***/EasierConnect/core/protocol.go:210 +0xf0
created by EasierConnect/core.StartProtocol
/Users/***/EasierConnect/core/protocol.go:213 +0x154
Same as the title. Some institutions only support login with QR code (I'm not sure as I didn't find any instructions for other methods on the VPN manual of our school). Any plan for support this feature?
请问作者能否给此项目添加一份开源许可证,以便用户能知道可以对这个项目做什么?
有些服务是要指定端口的,而非固定的 443端口,应可以配置端口
最新版本12运行时报错如下:
panic: runtime error: index out of range [1] with length 0
goroutine 1 [running]:
EasierConnect/core.WebLogin({0xc000020600?, 0x2?}, {0xc000022130, 0x7}, {0xc000022168, 0x8})
EasierConnect/core/web_login.go:53 +0x192a
EasierConnect/core.(*EasyConnectClient).Login(0xc000095ef0, {0xc000022130?, 0xc000095e90?}, {0xc000022168?, 0x2?})
EasierConnect/core/EasyConnectClient.go:35 +0x91
main.main()
EasierConnect/main.go:39 +0x5bb
怀疑服务端版本太低,本软件是否不支持服务器端版本低于7.5的,如果是的话,有计划支持么?
2023/01/23 21:27:48 Error occurred while send, retrying: unexpected send handshake reply panic: send retry limit exceeded.
如题。
我是部署在家里的路由器上,暴露在公网上,希望能加上鉴权功能提高安全性。
应该是除了L3还有别的协议的原因,L3在某些学校/企业貌似只能访问内网,对于文库之类的IP好像一连就 FIN
默认日志级别的登录日志如下,部分信息做了混淆
2023/03/20 20:51:02 SMS Code verification SUCCESS
2023/03/20 20:51:02 ECAgent Request: /por/conf.csp & /por/rclist.csp
2023/03/20 20:51:02 Server Session ID: "\xbe\xe3\xe3\xe3\xe9W\x15\n\xe3\xfcb\xe3\x82\xf45t\x8e0\xefd-=~\xe1{O^\xc0\xad"
2023/03/20 20:51:02 Parsed /por/rclist.csp
2023/03/20 20:51:02 try parsing by goXml
2023/03/20 20:51:02 Large rule detected for: 10.25.0.1-10.15.0.254 mask: 0
2023/03/20 20:51:02 Progress: 0/100 (ResourceList.Rcs)
2023/03/20 20:51:02 Progress: 20/100 (ResourceList.Rcs)
2023/03/20 20:51:02 Progress: 40/100 (ResourceList.Rcs)
2023/03/20 20:51:02 Progress: 60/100 (ResourceList.Rcs)
2023/03/20 20:51:02 Progress: 80/100 (ResourceList.Rcs)
2023/03/20 20:51:02 Parsed 2306 Domain rules
2023/03/20 20:51:02 Parsed 9 Ipv4 rules
2023/03/20 20:51:02 Parsed 1 Dns rules
2023/03/20 20:51:02 Parsed /por/conf.csp
2023/03/20 20:51:02 socket: connected to: 198.18.0.86:443
2023/03/20 20:51:02 tls: connected to: 198.18.0.86:443
2023/03/20 20:51:03 query ip: wrote 64 bytes
2023/03/20 20:51:03 query ip: wrote 64 bytes
00000000 00 00 00 00 62 65 65 33 30 61 36 66 31 61 64 61 |....bee30a6f1ada|
00000020 61 62 38 00 33 36 38 35 63 66 62 35 32 35 32 33 |ab8.3685cfb52523|
00000020 61 62 38 00 33 36 38 35 63 66 62 35 32 35 32 33 |ab8.3685cfb52523|
00000030 30 30 34 38 00 00 00 00 00 00 00 00 ff ff ff ff |0048............|
2023/03/20 20:51:03 query ip: read 36 bytes
00000000 00 00 00 00 0a 0a 10 25 00 dc 05 4c 0a 0a 0a 02 |..1M%..1M....|
00000010 00 00 00 00 00 00 00 00 17 dc 05 4c 6f 7f 00 00 |...........Lo...|
00000020 10 e2 1e 11 |....|
2023/03/20 20:51:03 SMS Code required
When using cli to connect to https://vpn.jxnu.edu.cn:443
, I failed to log in and got the following return message.
2023/01/24 18:28:25 Login Request: https://vpn.jxnu.edu.cn:443/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
2023/01/24 18:28:26 SMS code required.
2023/01/24 18:28:26 SMS Request: https://vpn.jxnu.edu.cn:443/por/login_sms.csp?apiversion=1
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x19
EasierConnect/core.WebLogin({0xc00001c660?, 0x2?}, {0xc000024130, 0xc}, {0xc000024180, 0x9})
EasierConnect/core/web_login.go:125 +0x1205
EasierConnect/core.(*EasyConnectClient).Login(0xc00007fef0, {0xc000024130?, 0xc00007fe90?}, {0xc000024180?, 0x2?})
EasierConnect/core/EasyConnectClient.go:35 +0x91
main.main()
EasierConnect/main.go:38 +0x5bb
2023/01/24 18:28:26 unexpected sms resp: <?xml version="1.0" encoding="utf-8"?>
<Auth>
<SmsSendInterval>0</SmsSendInterval>
<IS_IN_PERIOD>1</IS_IN_PERIOD>
<T_SMSTITLE></T_SMSTITLE>
<ISLBENABLED>0</ISLBENABLED>
<T_SMSINFOR></T_SMSINFOR>
<Message><![CDATA[auth result.]]></Message>
<USER_PHONE>151****7528</USER_PHONE>
<SMS_INTERVAL>0</SMS_INTERVAL>
<CURRENT_PHONE></CURRENT_PHONE>
<CompatData><![CDATA[
var g_DisableTime ="0";
var phone ="151****7528";
var smsApps ="HTTP";
]]></CompatData>
<ErrorCode>1</ErrorCode>
<SMS_SENDTYPE>HTTP</SMS_SENDTYPE>
</Auth>
When run with a server force auth using SMS, it output
Login Request: https://***/por/login_auth.csp?apiversion=1
Twf Id: ***
RSA Key: ***
RSA Exp: ***
WARNING: No CSRF Code Match. Maybe you're connecting to an older server? Continue anyway...
Password to encrypt: ***
Encrypted Password: ***
Login Request: https://***/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x1c
EasierConnect/core.WebLogin({0x1400012c0c0?, 0x2?}, {0x16f3bf5ed, 0xe}, {0x16f3bf606, 0x9})
EasierConnect/core/web_login.go:137 +0x11cc
EasierConnect/core.(*EasyConnectClient).Login(0x1400019fee8, {0x16f3bf5ed?, 0x1400013de88?}, {0x16f3bf606?, 0x2?})
EasierConnect/core/EasyConnectClient.go:35 +0xac
main.main()
EasierConnect/main.go:38 +0x540
Not implemented auth: <?xml version="1.0" encoding="utf-8"?><Auth><Result>2</Result> <EnableMAM>0</EnableMAM><SuportMDM>0</SuportMDM><CurAuth>1</CurAuth><NextAuth>2</NextAuth><AuthInfo><![CDATA[]]></AuthInfo><Note><![CDATA[]]></Note><ChallengeMsg><![CDATA[]]></ChallengeMsg><SmsIsStillValid>1</SmsIsStillValid><Phone><![CDATA[***]]></Phone><CurPhone><![CDATA[]]></CurPhone></Auth>
which look like not support SMS auth.
Please add support to SMS auth, it will extremely helpful.
非常感谢作者的工作!(之前我一直想逆向但是能力有限没有成功)
似乎 EasyConnect <7.6.7 版本的登录过程中所使用的 api 有些区别:
/por/login_auth.csp?apiversion=1
可能没有 CSRF_RAND_CODE
,此时加密密码直接使用 password
而非 password+"_"+csrfCode
/por/login_psw.csp
需要加 type=cs
这个参数才会返回 xml/por/login_psw.csp
返回的 body 中没有 <NextService>
,而只有 <NextAuth>
:
<NextAuth>-1</NextAuth>
表示(此时若还有 <Result>1</Result>
那么应该是登录成功)<NextAuth>编号</NextAuth>
和 <Result>2</Result>
表示(在我的测试中硬件特征码的编号为 4
)<Result>0</Result>
表示做了以下修改后可以登录 <7.6.7 且仅有帐号、密码认证的 EasyConnect,并且可以访问 vpn 一侧的内网站点
diff --git a/web_login.go b/web_login.go
index b4a8955..a3849a5 100644
--- a/web_login.go
+++ b/web_login.go
@@ -49,7 +49,12 @@ func WebLogin(server string, username string, password string) string {
rsaExp := string(regexp.MustCompile(`<RSA_ENCRYPT_EXP>(.*)</RSA_ENCRYPT_EXP>`).FindSubmatch(buf[:n])[1])
log.Printf("RSA Exp: %s", rsaExp)
- csrfCode := string(regexp.MustCompile(`<CSRF_RAND_CODE>(.*)</CSRF_RAND_CODE>`).FindSubmatch(buf[:n])[1])
+ csrfMatch := regexp.MustCompile(`<CSRF_RAND_CODE>(.*)</CSRF_RAND_CODE>`).FindSubmatch(buf[:n])
+ csrfCode := ""
+ if csrfMatch != nil {
+ csrfCode := string(csrfMatch[1])
+ password += "_" + csrfCode
+ }
log.Printf("CSRF Code: %s", csrfCode)
pubKey := rsa.PublicKey{}
@@ -58,14 +63,14 @@ func WebLogin(server string, username string, password string) string {
moduls.SetString(rsaKey, 16)
pubKey.N = &moduls
- encryptedPassword, err := rsa.EncryptPKCS1v15(rand.Reader, &pubKey, []byte(password+"_"+csrfCode))
+ encryptedPassword, err := rsa.EncryptPKCS1v15(rand.Reader, &pubKey, []byte(password))
if err != nil {
panic(err)
}
encryptedPasswordHex := hex.EncodeToString(encryptedPassword)
log.Printf("Encrypted Password: %s", encryptedPasswordHex)
- addr = server + "/por/login_psw.csp?anti_replay=1&encrypt=1"
+ addr = server + "/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs"
log.Printf("Login Request: %s", addr)
form := url.Values{
@@ -87,7 +92,7 @@ func WebLogin(server string, username string, password string) string {
n, _ = resp.Body.Read(buf)
defer resp.Body.Close()
- if !strings.Contains(string(buf[:n]), "Auth is success") {
+ if strings.Contains(string(buf[:n]), "<Result>0</Result>") {
panic("Login FAILED: " + string(buf[:n]))
}
@@ -142,7 +147,10 @@ func WebLogin(server string, username string, password string) string {
log.Print("SMS Code verification SUCCESS")
} else {
- panic("not implemented: sms not required")
+ nextAuth := string(regexp.MustCompile(`<NextAuth>(.*)</NextAuth>`).FindSubmatch(buf[:n])[1])
+ if nextAuth != "-1" {
+ panic("not implemented nextAuth: "+nextAuth)
+ }
}
log.Printf("Web Login process done.")
update: 代码里的 tab 我不小心弄成空格了,现在改回来了
13版本连接sslvpn服务端版本7.0,连接成功后,类似xshell等工具配置socks代理后无法连接,报错如下:
2023/01/25 20:16:46 socks dial: 172.16.X.X:22
2023/01/25 20:18:54 client connection failed: connect tcp 172.16.X.X:22: operation timed out
使用原厂客户端连接正常
系统环境:
Microsoft Windows 11 专业版
10.0.22621 暂缺 Build 22621
go 1.19.10
打包命令:
go build main.go
go build -v -o EasierConnect.exe -trimpath -ldflags "-s -w -buildid=" .
都试过,结果一样。
执行命令:
.\EasierConnect.exe -server xxxx -port xxxx -username xxxx -password xxxx
报错详情:
goroutine 34 [running]:
EasierConnect/core.StartProtocol.func2()
D:/go/src/github.com/EasierConnect/core/protocol.go:210 +0x105
created by EasierConnect/core.StartProtocol
D:/go/src/github.com/EasierConnect/core/protocol.go:213 +0x167
报错场景:
自行打包版本运行未直接报错,访问大部分网站也都OK,但就是存在一两个网站访问时会报上述错误。
使用release中预打包的二进制同样的命令运行,访问前述出问题的网站一切如常。
TestBuild11
连接成功后打开的第一个网页正常,但是打开第二个网页就出现问题了
2023/01/25 15:07:41 recv: read 1400 bytes
00000000 45 00 05 78 09 11 40 00 3e 06 17 e7 c0 a8 fd 33 |E..x..@.>......3|
00000010 c0 a8 98 03 00 50 4c a0 a5 18 8f 2a 2e 7e 9e 6c |.....PL....*.~.l|
00000020 80 10 00 7a 45 50 00 00 01 2023/01/25 15:07:41 send: wrote 52 bytes
01 08 0a 51 1c 6e 32 |...zEP......Q.n2|
00000030 b0 76 06 d1 a8 78 f5 91 7e 9e ea 7a a9 eb 22 0e |.v...x..~..z..".|
00000040 6f fd 3d panic: runtime error: slice bounds out of range [:486] with capacity 64
goroutine 27 [running]:
EasierConnect/core.BlockTXStream.func1({0xc00002be80, 0xb8ecc0?, 0x40})
EasierConnect/core/protocol.go:179 +0x157
EasierConnect/core.(*EasyConnectEndpoint).WritePackets(0xc000132210, {{0xc000122380, 0x1, 0x1}})
EasierConnect/core/tun_stack.go:62 +0xdc
gvisor.dev/gvisor/pkg/tcpip/stack.(*delegatingQueueingDiscipline).WritePacket(0xc00011e310, 0xc000002000)
gvisor.dev/[email protected]/pkg/tcpip/stack/nic.go:152 +0xa2
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writeRawPacket(0xc00017ac00, 0xc000002000)
gvisor.dev/[email protected]/pkg/tcpip/stack/nic.go:396 +0x39
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).writePacket(0xc00017ac00, 0x4?)
gvisor.dev/[email protected]/pkg/tcpip/stack/nic.go:392 +0x3d
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).WritePacket(0xc00017ac00, 0xc000000564?, 0xc000002000)
gvisor.dev/[email protected]/pkg/tcpip/stack/nic.go:353 +0x1cd
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacketPostRouting(0xc000334000, 0xc000646000, 0xc000002000, 0x0?)
gvisor.dev/[email protected]/pkg/tcpip/network/ipv4/ipv4.go:560 +0x2f0
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).writePacket(0xc000334000, 0x0?, 0x0?)
gvisor.dev/[email protected]/pkg/tcpip/network/ipv4/ipv4.go:510 +0x153
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).WritePacket(0x7bed20?, 0xc000646000, {0x800?, 0xa0?, 0x4c?}, 0xa518946e2e7e9e6c?)
gvisor.dev/[email protected]/pkg/tcpip/network/ipv4/ipv4.go:478 +0x85
gvisor.dev/gvisor/pkg/tcpip/stack.(*Route).WritePacket(0xc000646000, {0x41a3d0?, 0xc0?, 0x0?}, 0x4?)
gvisor.dev/[email protected]/pkg/tcpip/stack/route.go:468 +0x7f
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.sendTCP(0xc000646000, {{0x4ca0, {0xc00041a3d0, 0x4}, 0x50, {0xc00041a3ac, 0x4}}, 0x40, 0x0, 0x10, ...}, ...)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/connect.go:911 +0x234
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).sendTCP(0xc000642000, 0x719da0?, {{0x4ca0, {0xc00041a3d0, 0x4}, 0x50, {0xc00041a3ac, 0x4}}, 0x40, 0x0, ...}, ...)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/connect.go:809 +0xe5
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).sendRaw(0xc000642000, 0x0?, 0x10, 0x2e7e9e6c, 0xa518946e, 0x3fd5)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/connect.go:978 +0x316
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).sendEmptyRaw(0xc000690360?, 0xe0?, 0x0?, 0x72d5c0?, 0x0?)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/connect.go:965 +0x9c
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*sender).sendEmptySegment(0xc0006ce000, 0xd0?, 0x2e7e9e6c)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/snd.go:1696 +0x99
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*sender).sendAck(...)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/snd.go:338
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*endpoint).handleSegmentsLocked(0xc000642000)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/connect.go:1189 +0x159
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*processor).handleConnected(0xc000642220?, 0xc000642000)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/dispatcher.go:192 +0x85
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*processor).start(0xc000312cf0, 0x0?)
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/dispatcher.go:312 +0x245
created by gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*dispatcher).init
gvisor.dev/[email protected]/pkg/tcpip/transport/tcp/dispatcher.go:390 +0x13b
即使后续不更新,可否提供最后的编译版本?
服务端版本:6.9
EasierConnect版本:13
连接过程中报错如下:
2023/01/26 12:15:49 Login Request: https://X.X.X.X:XX33/por/login_auth.csp?apiversion=1
2023/01/26 12:15:52 Twf Id: 6450003aebXXXXXX
2023/01/26 12:15:52 RSA Key: D51EE9CE315206BF4578E218FBDE25247F2DD5B1483AFE39F7076A89574B9069CD5CE096D85013BD38FFA5F4EE46D49F165954F80B57958364A34185647ACF5E70C6BB59A19DEA47C3940D35A70D7797518B34340EC8F7AE61EA51D14ED59FF3BCFF7AF6B19AB9019FC72195073417129A8459D67C19977876A2C0F80B755892AC7F17CD3BEDC0743E5977E33694CAB646E91F8047B736E0B63425F5251FB04AC6D000FDDD40577AED779729E31839306F461A95E5CAA88B02D710E6893B3F7D0ED39517477EDA00101F7F6D68B337DC93F66C45787D955D606FBB9A5A5EF89A28E8C241CCE2B9E282B9F839C4E81B17F8033AA67CA31A6F421D6E1D3DFC840X
2023/01/26 12:15:52 Warning: No RSA_ENCRYPT_EXP, using default.
2023/01/26 12:15:52 RSA Exp: 65537
2023/01/26 12:15:52 WARNING: No CSRF Code Match. Maybe you're connecting to an older server? Continue anyway...
2023/01/26 12:15:52 Password to encrypt: XXXXXXX
2023/01/26 12:15:52 Encrypted Password: c4f7165b81682f21b785c4cd30c9c32fd5a1f6a5dfdc56b6dfa8ebf428ed5223a93405b2e6f76940d3394a5b03aef62d8d600a0dc4bfb5375cd342a37ac1a5eddeea70e4b0d61d8ce1c3993ff559cc974d5e5e0088d9ea133ca09d2b9ff2ecd1addf4c93a0f5adaeb0a6183e3bcbeda19a6e9b58e79716de5568882a3e2ff8c39d74739a7861b5833af44deba9ce7675d05c9481585b5c46cd01004fe101bf2f2e05cd4c566e049e44348db7212b06442fa1608da89171c56688cbb47dfaa3579a3a5cfed22b925d230ccbfaca86e444cb13953e2c8fc00afb93658199546118d50fe4df1c96ac5c30ccc8e22ed363f8627e9e42e82059cea60135fc8ad2164X
2023/01/26 12:15:52 Login Request: https://X.X.X.X:XX33/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
2023/01/26 12:15:52 No NextAuth found.
2023/01/26 12:15:52 Web Login process done.
2023/01/26 12:15:52 ECAgent Request: /por/conf.csp & /por/rclist.csp
2023/01/26 12:15:53 Server Session ID: "]\x8c\nF\xc7\xc9\xfc\x86\xbf\xa1#\x88\xcd8Y\xd2-\x81\x8e(\xff\xa7e\xfd\rH#\xb0]\x7f/\x97"
2023/01/26 12:15:53 socket: connected to: X.X.X.X:XX33
2023/01/26 12:15:53 tls: connected to: X.X.X.X:XX33
2023/01/26 12:15:53 query ip: wrote 64 bytes
00000000 00 00 00 00 35 64 38 63 30 61 34 36 63 37 63 39 |....5d8c0a46c7c9|
00000010 66 63 38 36 62 66 61 31 32 33 38 38 63 64 33 38 |fc86bfa12388cd38|
00000020 35 39 64 00 36 34 35 30 30 30 33 61 65 62 31 33 |59d.6450003aeb13|
00000030 64 39 66 31 00 00 00 00 00 00 00 00 ff ff ff ff |d9f1............|
2023/01/26 12:15:54 query ip: read 36 bytes
00000000 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 90 ba 30 08 68 fb ff 7f da b6 08 08 |......0.h.......|
00000020 ac a7 23 08 |..#.|
goroutine 1 [running]:
runtime/debug.Stack()
runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
runtime/debug/stack.go:16 +0x19
EasierConnect/core.QueryIp({0xc000020600?, 0xc00015a480?}, 0xc00015a4b0)
EasierConnect/core/protocol.go:81 +0x24e
EasierConnect/core.(*EasyConnectClient).LoginByTwfId(0xc00028fef0, {0xc000114030, 0x10})
EasierConnect/core/EasyConnectClient.go:68 +0xbd
EasierConnect/core.(*EasyConnectClient).Login(0xc000095ef0, {0xc000022130?, 0xc000095e90?}, {0xc000022168?, 0x2?})
EasierConnect/core/EasyConnectClient.go:43 +0xea
main.main()
EasierConnect/main.go:39 +0x5bb
2023/01/26 12:15:54 unexpected query ip reply
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.