开发者

How to redirect an application's connection through a Socks5/SSH/HTTPS tunnel? Any recomendations of SDK's to accomplish such task?

I need to tunnel the connections (mostly TCP) made by an application through Socks5, SSH or HTTPS.

So far, I've found 3 ways to do this: api hooks, winsock lsp and a driver.

I'm looking for advice on the best way to handle this, and any recommendations on 开发者_如何学GoSDK's that could abstract this task for me (free/open-source preferred, but commercial ones are welcome as long as the price is not high for a one-man-starting-company to afford).

ps. I'm using .Net (C# and-or C++/CLI)

edit: I have no control whatsoever of the target application.


As a straight way you can invoke plink command line to create the tunnel and then connect to the localhost from your application. Plink is the commandline version of Putty, you have tons of options and it is a very popular, safe and tested application.

You have an application (SSH Tunnel Client) that does it for you with a nice UI. It is a bit buggy but it works just fine.

This example connects the port 80 in the remote machine to the port 8000 of your local host.

plink.exe -L 127.0.0.1:8000:127.0.0.1:80 -C -pw 1234 -2  -l user myserver.com

What I don't recommend of this method is that the commandline contains the password and it is easy to see with any process manager, now the good thing of plink is that you have the source code available so you can integrate it in your project.

Edit

Now imagine that your application connects to "yahoo.com" to get some data, you can't modify the application but you can setup a Man in the Middle. You can execute the next command:

plink.exe -L 127.0.0.1:80:google.com:80 -C -pw 1234 -2  -l user myserver.com

Where myserver.com is a SSH sever that allows you to do tunnels and has access to google.com Now go to your hosts file in C:\windows\system32\drivers\etc\ as administrator and add the next entry:

127.0.0.1 yahoo.com

You can test the setup with your browser and navigate to yahoo.com an you will see the google.com page. It seems simple but the real power is that all the traffic is passing through myserver.com.

Some advantages are

  1. All the traffic to yahoo.com is encrypted
  2. You can bypass proxy restrictions with this method
  3. You can get access to the intranet where myserver.com is located if you can connect to it from the outside
  4. You can log or modify the data of the connection

Be aware that this method is very likely to have problems with HTTPS connections because of the certificates authentication.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜