TCP代理不仅可以将流量从一个主机转发给另一个主机,而且可以评估基于网络的软件。在企业级环境下进行渗透测试时,你会经常遇到无法使用Wireshark的情况,无法再Windows系统上加载驱动嗅探本地流量,分段的网络也阻止你使用工具直接嗅探目标主机。作者经常在实际案例中部署简单的TCP代理以了解未知的协议,修改发送到应用的数据包,或者为模糊测试创建一个测试环境。
代码如下:
import sys
import socket
import threading
def server_loop(local_host,local_port,remote_host,remote_port,receive_first):
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
server.bind((local_host,local_port))
except:
print "[!!] Failed to listen on %s:%d" % (local_host, local_port)
print "[!!] Check for other listening sockets or correct permissions."
sys.exit(0)
print "[*] Listening on %s:%d" % (local_host, local_port)
server.listen(5)
while True:
client_socket, addr = server.accept()
# print the connected data of local
print "[==>] Received incoming connection from %s:%d" % (addr[0],addr[1])
# open a thread to connect with computer
proxy_thread = threading.Thread(target=proxy_handler,args=(client_socket,remote_host,remote_port,receive_first))
proxy_thread.start()
def proxy_handler(client_socket, remote_host,remote_port,receive_first):
# connect the computer
remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remote_socket.connect((remote_host,remote_port))
# get data from computer
if receive_first:
remote_buffer = receive_from(remote_socket)
hexdump(remote_buffer)
# handler the things that had been sent
remote_buffer = response_handler(remote_buffer)
# send the data if we hava to send to client
if len(remote_buffer):
print "[<==] Sending %d bytes to localhost." % len(remote_buffer)
client_socket.send(remote_buffer)
# read the data from local, then send to localhost and host
while True:
# get data from local
local_buffer = receive_from(client_socket)
if len(local_buffer):
print "[<==] Received %d bytes from localhost." % len(local_buffer)
hexdump(local_buffer)
# send to local
local_buffer = request_handler(local_buffer)
# send to computer
remote_socket.send(local_buffer)
print "[==>] Sent to remote."
# get the data that answer
remote_buffer = receive_from(remote_socket)
if len(remote_buffer):
print "[<==] Received %d bytes from remote." % len(remote_buffer)
hexdump(remote_buffer)
# send to response to handle the data
remote_buffer = response_handler(remote_buffer)
client_socket.send(remote_buffer)
print "[==>] Sent to localhost."
if not len(local_buffer) or not len(remote_buffer):
client_socket.close()
remote_socket.close()
print "[*] No more data. Closing connections."
break
def hexdump(src, length=16):
result = []
digits = 4 if isinstance(src, unicode) else 2
for i in xrange(0, len(src), length):
s = src[i:i+length]
hexa = b' '.join(["%0*X" % (digits, ord(x)) for x in s])
text = b' '.join([x if 0x20 <= ord(x) < 0x7F else b'.' for x in s])
result.append( b"%04X %-*s %s" % (i, length*(digits + 1), hexa,text))
print b'\n'.join(result)
def receive_from(connection):
buffer = ""
connection.settimeout(2)
try:
while True:
data = connection.recv(4096)
if not data:
break
buffer += data
except:
pass
return buffer
def request_handler(buffer):
return buffer
def response_handler(buffer):
return buffer
def main():
# no fancy command line parsing here
if len(sys.argv[1:]) != 5:
print "Usage: ./proxy.py [localhost] [localport] [remotehost] [remoteport] [receive_first]"
print "Example: ./proxy.py 127.0.0.1 9000 10.12.132.1 9000 True"
sys.exit(0)
# setup local listening parameters
local_host = sys.argv[1]
local_port = int(sys.argv[2])
# setup remote target
remote_host = sys.argv[3]
remote_port = int(sys.argv[4])
# this tells our proxy to connect and receive data
# before sending to the remote host
receive_first = sys.argv[5]
if "True" in receive_first:
receive_first = True
else:
receive_first = False
# now spin up our listening socket
server_loop(local_host,local_port,remote_host,remote_port,receive_first)
main()
书上的测试代码是:
root@kali:~# sudo python ./proxy.py 127.0.0.1 21 ftp.target.ca 21 True
[*] Listening on 127.0.0.1:21
一直没反应,书上说的是,需要将代理指向真实的FTP服务器,这样才能获得实际的响应。
之后搜索了一番,在另一个博主这看到了别的测试方法。
在终端输入以上句子后,在浏览器打开百度,就会有反馈数据:
但是一开始打开浏览器不会有回应,因为还没把端口设置为80,按照以下步骤设置,可以得到结果:
这个是在一个老哥的博客里看的,非常感谢。
https://www.cnblogs.com/20179204gege/p/9193616.html
这位老哥写的可详细了666