当前位置: 文江博客话题详情

动态重写 TCP 流:有多困难?把所说的流转储怎么样?

发布于 2024-08-19 07:47:20 字数 242 浏览 14 评论 0原文

我正在尝试编写一个 tcp 流“隧道”(类似于默认情况下的 SSH 句柄),但有一个例外,我必须在流经时重写某些信息。

我确信那里有类似的东西,但我一直没能找到它。 我有三个主要问题:

  • 是否有一种简单的方法来保存 TCP 流以供观察? (即使用 netcat,或 ssh -r/-l/-D,或一起使用其他一些实用程序)
  • 动态重写流有多难?

编辑:被重写的信息只是初始身份验证。

原文

I'm trying to write a tcp stream 'tunnel' (similar to the ones SSH handles by default) but with one exception, I have to rewrite certain information as it flows through.

I'm certain there's something similar out there but I have not been able to find it.
I have three main questions:

  • Is there an easy way to save a tcp stream for observation? (ie using netcat, or a ssh -r/-l/-D, or using some other utility alltogether)
  • how hard is it to rewrite the stream on the fly?

Edit: The information being rewritten would be just the initial authentication.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

风透绣罗衣 2024-08-26 07:47:20

可以从现有(或容易找到的)公用设施中拼凑出带有测井功能的直通隧道。

socat -v -x tcp-l:8080,fork,reuseaddr tcp:localhost:80 2>log

在此示例中,连接到 http://localhost:8080/ 将传递到 http://localhost:80/,并将日志数据传输到 log

TCPreen 工具专门用于此目的。

如果你有 root 权限,有很多分析器,例如 tcpdumptcpflow 可以直接从网络捕获数据包,而无需重定向流量。

socat 还可以使用 ,cr,crnl 选项进行一些非常基本的流修改,即剥离/添加/替换 \r 字符。

无论如何,回到最初的问题……自从我编写任何 Java 以来已经有很长时间了,这完全未经测试,但是可以在重新传输之前修改流量的隧道并不困难。

public class ForwardAndChangeCaseThread extends Thread {
    private Socket in, out;
    public ForwardAndChangeCaseThread(Socket in, Socket out) {
        this.in = in; this.out = out;
    }
    public void run() {
        byte[] buf = new byte[4096];
        InputStream in = this.in.getInputStream();
        OutputStream out = this.out.getOutputStream();
        int count;
        while ((count = in.read(buf)) > 0) {
            for (int i = 0; i < count; i++)
                if (buf[i] >= 0x40) buf[i] ^= 0x20;
            out.write(buf, 0, count);
        }
    }
}
public class TcpForwarder {
    public static void main(String[] args) {
        ServerSocket listen = new ServerSocket(8080, 1);
        for (;;) {
            Socket local = listen.accept();
            Socket remote = new Socket("localhost", 80);
            new ForwardAndChangeCaseThread(local, remote).start();
            new ForwardAndChangeCaseThread(remote, local).start();
        }
    }
}

A straight pass-through tunnel with logging can be cobbled together from existing (or easily found) utilities.

socat -v -x tcp-l:8080,fork,reuseaddr tcp:localhost:80 2>log

In this example, connecting to http://localhost:8080/ will pass through to http://localhost:80/, and log data transferred to log.

The tool TCPreen is specialized for this exact purpose.

If you have root privileges, there are many analyzers such as tcpdump and tcpflow which can capture packets directly from the network, without having to redirect traffic.

socat can also do some very basic stream modification with the ,cr and ,crnl options, which strip/add/replace \r characters.

In any case, back to the original question… It's been ages since I've written any Java, and this is totally untested, but a tunnel that can modify traffic before retransmitting isn't difficult.

public class ForwardAndChangeCaseThread extends Thread {
    private Socket in, out;
    public ForwardAndChangeCaseThread(Socket in, Socket out) {
        this.in = in; this.out = out;
    }
    public void run() {
        byte[] buf = new byte[4096];
        InputStream in = this.in.getInputStream();
        OutputStream out = this.out.getOutputStream();
        int count;
        while ((count = in.read(buf)) > 0) {
            for (int i = 0; i < count; i++)
                if (buf[i] >= 0x40) buf[i] ^= 0x20;
            out.write(buf, 0, count);
        }
    }
}
public class TcpForwarder {
    public static void main(String[] args) {
        ServerSocket listen = new ServerSocket(8080, 1);
        for (;;) {
            Socket local = listen.accept();
            Socket remote = new Socket("localhost", 80);
            new ForwardAndChangeCaseThread(local, remote).start();
            new ForwardAndChangeCaseThread(remote, local).start();
        }
    }
}
回复 原文
笑红尘 2024-08-26 07:47:20

非常肯定 Ettercap 支持 TCP 流的重写。

tcpdump 可以写出数据包捕获,然后您可以使用 Wireshark

如果您想以编程方式执行此操作,您可以检查它们各自的来源以了解从哪里开始。

Pretty sure Ettercap supports rewriting of TCP streams.

tcpdump can write out packet captures, which you could then later analyze using Wireshark

If you want to do it programmatically, you could inspect their respective sources to get ideas of where to start.

回复 原文
天煞孤星 2024-08-26 07:47:20

不是自吹自擂,但我在很久以前为异步 IO 编写的框架中编写了一些代码来完成此操作。关于代码的很多内容现在都有点过时了,但它确实有效。以下是其网页的链接:

我写的用于隧道的东西你想要的东西叫做PortForward,还有一些东西可以转储TCP流,但我忘了我叫它什么。由于框架的工作原理,它们可以很容易地组合起来。

如果您需要帮助使用它来实现该目标,我会回来。正如其他人指出的那样,不可能动态重写 SSL 流。因此,如果您的连接使用加密和/或 MAC(其中一种情况是 SSL),那么您就不走运了。

Not to toot my own horn, but I wrote some code to do exactly this in a framework I wrote a long time ago for asynchronous IO. There are a lot of things about the code that are kind of dated now, but it does work. Here's a link to the web page on it:

The thing I wrote that does the tunnel thing you want is called PortForward, and there's also something there that will dump out a TCP stream, but I forgot what I called it. They can be easily combined because of how the framework works.

I'll come back if you want help using it to accomplish that goal. As others have pointed out, it is impossible to re-write an SSL stream on the fly. So if your connection is using encryption and/or MACs (one way this would be true is if it were SSL) you're out of luck.

回复 原文
枫林﹌晚霞¤ 2024-08-26 07:47:20

我不确定这是否是您所要求的,但是...

除非您拥有服务器 SSL 证书的私钥,否则您无法动态重写 SSL 流...或者您可以在某个时刻拦截它(在客户端或服务器地址空间),不受 SSL 保护。如果可以的话,SSL 就是浪费时间。

同样,如果您捕获 SSL 流的全部内容(双向),这对您没有任何好处,除非您拥有相关的私钥。

I'm not sure if this is what you are asking, but ...

You cannot rewrite an SSL stream on the fly unless you have the private key for the server's SSL cert ... or you can intercept it at some point (in the client or server address space) where it is not SSL protected. If you could, SSL would be a waste of time.

Similarly, if you capture the entire contents of an SSL stream (in both directions), it will do you no good, unless you have the relevant private keys.

回复 原文
~没有更多了~

关于作者

深海蓝天

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

櫻之舞

文章 0 评论 0

弥枳

文章 0 评论 0

m2429

文章 0 评论 0

寻找一个思念的角度

文章 0 评论 0

野却迷人

文章 0 评论 0

我怀念的。

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文