What are the scenarios of Intranet penetration?

  • Development environments such as wechat applets or online payment systems often need an external environment for debugging, otherwise, it is difficult to develop.
  • You can debug server programs such as the test environment (there are always some bugs that cannot be reproduced locally, but the test or formal environment exists). , modify the gateway redirect to the proxy machine, it can directly debug the server program, it is not very comfortable, save a lot of compile package upload time.
  • Help a friend to make something, provide access to the external network, friends can see the effect directly, convenient and fast.
  • The machine and the server are one experience

What are some of the more common penetration tools?

Ngrok, Natapp, Xiaomi Ball, Sunny-Ngrok, EchoSite, Ssh, AutoSSH, Lanproxy, Spike, FRP, FCN, NPS, Peanut shell, Net cloud wear

lanproxy

Lanproxy is an Intranet penetration tool that proxies PCS and servers on the LAN to the public network. Lanproxy supports TCP traffic forwarding and any TCP upper-layer protocol (access to Intranet websites, local payment interface debugging, SSH access, remote desktop…). . At present, there are peanut Shell, TeamView, GoToMyCloud and so on that provide similar services in the market. However, if you want to use the public network server of the third party, you have to pay for the third party, and these services have various restrictions. In addition, data packets will flow through the third party, so it is also a big risk to data security.

Lanproxy is implemented based on Java (Netty) and GO

Warehouse address: gitee.com/fengfei/lan… Release package download: github.com/ffay/lanpro… File.nioee.com/d/2e81550eb…

Set up steps

Make sure you have an external server and have traffic (I use aliyun Student edition, and the traffic is 1000G, which is enough)

1. Download the distribution package

To file.nioee.com/d/2e81550eb… Download the corresponding server and Client. Here I download the Server and Windows versions of the Client

Decompress the downloaded server package. The directory structure is as follows

|---bin                                            # script directory
|    |----startup.bat
|    |----startup.sh
|    |----stop.sh
|---conf                                          # config file directory
|    |----config.properties
|    |----log4j.properties
|    |----test.jks
|---lib                                             # dependent jar| |... (omitted) | -- - webpages# page file| |... (omitted)Copy the code

2. The configuration server

Modify the conf/config. The properties

Server. The bind = 0.0.0.0Server.ssl. enable=false, use the port configured below.
server.port=10307

server.ssl.enable=trueServer. The SSL. Bind = 0.0.0.0Server.ssl. enable=true, use the port configured below.
server.ssl.port=10308
server.ssl.jksPath=test.jks
server.ssl.keyStorePassword=123456
server.ssl.keyManagerPassword=123456
# This configuration can be ignored
server.ssl.needsClientAuth=false

# WEB online configurationThe config. Server. The bind = 0.0.0.0The port of WEB online configuration can be accessed by opening http://IP:10305 after starting the service
config.server.port=10305
config.admin.username=admin
config.admin.password=admin
Copy the code

3. Start the server

Upload the server folder to the external server.

  • The bin directory is displayed
  • Add the execute permission chmod +x startup.sh chmod +x stop.sh
  • Start the service sh startup.sh
  • Verify that the service is normal. Open the browser to http://IP:10305 and enter the username and password of the configuration file (config.admin.username & config.admin.password)

Coming here, your server completes…

4. Add and configure clients

Client Management Add client keys and record them for later use on the client

Configuration Management Adds a configuration

5. Start the client

This demonstration uses the Windows.exe mode to start

Decompress the downloaded client package to an. Exe file. Use the Windows CMD window to go to the corresponding directory and execute the following script

client_windows_amd64.exe -s youPubilcServerIP -p youConfiguredPort -k youConfiguredClinetKey -ssl trueSuch as: client_windows_amd64. Exe-s 47.xx.xx.01 -p 10308 -k 3eddfafgafasdgafadfgafda1b5cc -ssl true
Copy the code

6. Check whether the verification is successful

The 10309 port mapping 127.0.0.1:18080 was configured in step 4

Therefore, ensure that 127.0.0.1:18080 can be accessed properly and use the public network, for example, http://IP:10309

If proxy-java-client-0.1.zip is used to run the client, use the following configuration

The key must be the same as that used to create the client in the proxy-server configuration background.Client. key= Key of the client configured on the serverIf SSL is enabled on the server, then the client needs to be enabled as well
ssl.enable=true
ssl.jksPath=test.jks
ssl.keyStorePassword=123456
Server IP address/domain name
server.host=4x.xx.xx.x1
Port through which the client connects to the server
If ssl.enable=true, enter the SSL port; if ssl.enable=false, enter the common port
server.port=10308
Copy the code

Combined with Nginx to achieve forwarding, HTTPS and so on are good, combined with VNC use, you can achieve desktop sharing and so on… If this article is helpful to you, please give me a thumbs up ~~ not for nothing!!

  • Public id: IT_loading
  • CSDN:blog.csdn.net/JinglongSou…
  • Blog: shaines. Cn /
  • E-mail: [email protected]

Programmer [back], is a focus on programming, love technology Java backend developer, passionate about [Java backend], [data crawler field]. Share skills and dry goods from time to time!! Welcome to pay attention to “IT loading “, a dry goods and combat only public account.