put ssh detection on full auto
This commit is contained in:
parent
4368569b25
commit
af9a7c5812
|
@ -1,6 +1,7 @@
|
||||||
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
|
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
|
||||||
community_member: true # receive infrequent relevant updates
|
community_member: true # receive infrequent relevant updates
|
||||||
telemetry: true # contribute to project telemetric data
|
telemetry: true # contribute to project telemetric data
|
||||||
|
ssh_auto: 22 # forward ssh-looking packets, from any connection, to port 22
|
||||||
remote_options:
|
remote_options:
|
||||||
https_redirect: true # redirect http to https remotely (default)
|
https_redirect: true # redirect http to https remotely (default)
|
||||||
local_ports: # ports to forward
|
local_ports: # ports to forward
|
||||||
|
|
|
@ -56,6 +56,16 @@ module.exports.assign = function (state, tun, cb) {
|
||||||
console.log('first message from', tun);
|
console.log('first message from', tun);
|
||||||
var net = state.net || require('net');
|
var net = state.net || require('net');
|
||||||
|
|
||||||
|
function trySsh(tun, cb) {
|
||||||
|
// https://security.stackexchange.com/questions/43231/plausibly-deniable-ssh-does-it-make-sense?rq=1
|
||||||
|
// https://tools.ietf.org/html/rfc4253#section-4.2
|
||||||
|
if (false === state.config.ssh_auto || 'SSH-2.0-' !== tun.data.slice(0, 8).toString()) {
|
||||||
|
cb(null, false);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
cb(null, getNetConn(state.config.sshPort || 22));
|
||||||
|
}
|
||||||
|
|
||||||
var handlers = {};
|
var handlers = {};
|
||||||
handlers.http = function (socket) {
|
handlers.http = function (socket) {
|
||||||
if (!state.greenlock) {
|
if (!state.greenlock) {
|
||||||
|
@ -201,12 +211,31 @@ module.exports.assign = function (state, tun, cb) {
|
||||||
//console.log('[hit tls server]', tlsSocket.remoteFamily, tlsSocket.remoteAddress, tlsSocket.remotePort, tlsSocket.localPort);
|
//console.log('[hit tls server]', tlsSocket.remoteFamily, tlsSocket.remoteAddress, tlsSocket.remotePort, tlsSocket.localPort);
|
||||||
//console.log(addr);
|
//console.log(addr);
|
||||||
var conf = state.config.servernames[tlsSocket.servername];
|
var conf = state.config.servernames[tlsSocket.servername];
|
||||||
|
tlsSocket.once('data', function (firstChunk) {
|
||||||
|
tlsSocket.pause();
|
||||||
|
//tlsSocket.unshift(firstChunk);
|
||||||
|
tlsSocket._handle.onread(firstChunk.length, firstChunk);
|
||||||
|
|
||||||
|
trySsh({ data: firstChunk }, function (err, conn) {
|
||||||
|
process.nextTick(function () { tlsSocket.resume(); });
|
||||||
|
|
||||||
|
if (conn) {
|
||||||
|
conn.pipe(tlsSocket);
|
||||||
|
tlsSocket.pipe(conn);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!conf || !conf.handler) {
|
if (!conf || !conf.handler) {
|
||||||
|
console.log('https default handler');
|
||||||
handlers.https(tlsSocket);
|
handlers.https(tlsSocket);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
console.log('https invokeHandler');
|
||||||
invokeHandler(conf, tlsSocket, tun, id);
|
invokeHandler(conf, tlsSocket, tun, id);
|
||||||
});
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
//console.log('[hit tcp connection]', other.remoteFamily, other.remoteAddress, other.remotePort, other.localPort);
|
//console.log('[hit tcp connection]', other.remoteFamily, other.remoteAddress, other.remotePort, other.localPort);
|
||||||
|
@ -284,19 +313,11 @@ module.exports.assign = function (state, tun, cb) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
function trySsh(tun) {
|
|
||||||
// https://security.stackexchange.com/questions/43231/plausibly-deniable-ssh-does-it-make-sense?rq=1
|
|
||||||
// https://tools.ietf.org/html/rfc4253#section-4.2
|
|
||||||
if ('SSH-2.0-' !== tun.data.slice(0, 8).toString()) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
cb(null, getNetConn(state.config.sshPort || 22));
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ('tcp' === tun.service) {
|
if ('tcp' === tun.service) {
|
||||||
if (trySsh(tun)) { return; }
|
trySsh(tun, function (err, conn) {
|
||||||
|
if (conn) { cb(null, conn); return; }
|
||||||
cb(new Error("No TCP handler"));
|
cb(new Error("No TCP handler"));
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
console.warn("Unknown service '" + tun.service + "'");
|
console.warn("Unknown service '" + tun.service + "'");
|
||||||
|
|
Loading…
Reference in New Issue