Skip to content
Permalink
Browse files

Added better logging to client

  • Loading branch information...
antoniomika committed Nov 23, 2019
1 parent 9b4b0d1 commit 16c2a1a5f5e7c5fff5af56190dccc1eabb6d843f
Showing with 42 additions and 8 deletions.
  1. +2 −1 .vscode/launch.json
  2. +4 −4 README.md
  3. +14 −1 http.go
  4. +6 −0 main.go
  5. +16 −2 requests.go
@@ -22,7 +22,8 @@
"-sish.forcerandomsubdomain=false",
"-sish.bindrandom=false",
"-sish.tcpalias=true",
"-sish.proxyprotoenabled=false"
"-sish.proxyprotoenabled=false",
"-sish.logtoclient=true"
]
}
]
@@ -9,6 +9,7 @@ Builds are made automatically on Google Cloud Build and Dockerhub. Feel free to
1. Pull the Docker image
- `docker pull antoniomika/sish:latest`
2. Run the image

- ```bash
docker run -itd --name sish \
-v ~/sish/ssl:/ssl \
@@ -24,6 +25,7 @@ Builds are made automatically on Google Cloud Build and Dockerhub. Feel free to
-sish.pkloc=/keys/ssh_key \
-sish.bindrandom=false
```

3. SSH to your host to communicate with sish
- `ssh -p 2222 -R 80:localhost:8080 ssi.sh`

@@ -107,18 +109,16 @@ Usage of ./sish:
Whether or not to force a random subdomain (default true)
-sish.http string
The address to listen for HTTP connections (default "localhost:80")
-sish.httpport int
The port for HTTP connections. This is only for output messages (default 80)
-sish.https string
The address to listen for HTTPS connections (default "localhost:443")
-sish.httpsenabled
Whether or not to listen for HTTPS connections
-sish.httpspems string
The location of pem files for HTTPS (fullchain.pem and privkey.pem) (default "ssl/")
-sish.httpsport int
The port for HTTPS connections. This is only for output messages (default 443)
-sish.keysdir string
Directory for public keys for pubkey auth (default "pubkeys/")
-sish.logtoclient
Whether or not to log http requests to the client
-sish.password string
Password to use for password auth (default "S3Cr3tP4$$W0rD")
-sish.pkloc string
15 http.go
@@ -22,6 +22,7 @@ type ProxyHolder struct {
ProxyHost string
ProxyTo string
Scheme string
SSHConn *SSHConnection
}

func startHTTPHandler(state *State) {
@@ -51,7 +52,8 @@ func startHTTPHandler(state *State) {
// Truncate in a golang < 1.8 safe way
param.Latency = param.Latency - param.Latency%time.Second
}
return fmt.Sprintf("[GIN] %v | %s |%s %3d %s| %13v | %15s |%s %-7s %s %s\n%s",

logLine := fmt.Sprintf("%v | %s |%s %3d %s| %13v | %15s |%s %-7s %s %s\n%s",
param.TimeStamp.Format("2006/01/02 - 15:04:05"),
param.Request.Host,
statusColor, param.StatusCode, resetColor,
@@ -61,6 +63,17 @@ func startHTTPHandler(state *State) {
param.Path,
param.ErrorMessage,
)

if *logToClient {
hostname := strings.Split(param.Request.Host, ":")[0]
loc, ok := state.HTTPListeners.Load(hostname)
if ok {
proxyHolder := loc.(*ProxyHolder)
sendMessage(proxyHolder.SSHConn, strings.TrimSpace(logLine))
}
}

return logLine
}), gin.Recovery(), func(c *gin.Context) {
hostname := strings.Split(c.Request.Host, ":")[0]

@@ -74,6 +74,7 @@ var (
debug = flag.Bool("sish.debug", false, "Whether or not to print debug information")
versionCheck = flag.Bool("sish.version", false, "Print version and exit")
tcpAlias = flag.Bool("sish.tcpalias", false, "Whether or not to allow the use of TCP aliasing")
logToClient = flag.Bool("sish.logtoclient", false, "Whether or not to log http requests to the client")
bannedSubdomainList = []string{""}
filter *ipfilter.IPFilter
)
@@ -174,6 +175,11 @@ func main() {
log.Println(key, value)
return true
})
log.Println("===TCP Aliases====")
state.TCPListeners.Range(func(key, value interface{}) bool {
log.Println(key, value)
return true
})
log.Print("========End==========\n\n")

time.Sleep(2 * time.Second)
@@ -122,25 +122,28 @@ func handleRemoteForward(newRequest *ssh.Request, sshConn *SSHConnection, state
ProxyHost: host,
ProxyTo: chanListener.Addr().String(),
Scheme: scheme,
SSHConn: sshConn,
}

state.HTTPListeners.Store(host, pH)
defer state.HTTPListeners.Delete(host)

httpPortString := ""
if httpPort == 80 {
if httpPort != 80 {
httpPortString = fmt.Sprintf(":%d", httpPort)
}

requestMessages += fmt.Sprintf("%s: http://%s%s\r\n", aurora.BgBlue("HTTP"), host, httpPortString)
log.Printf("%s forwarding started: http://%s%s -> %s for client: %s\n", aurora.BgBlue("HTTP"), host, httpPortString, chanListener.Addr().String(), sshConn.SSHConn.RemoteAddr().String())

if *httpsEnabled {
httpsPortString := ""
if httpsPort == 443 {
if httpsPort != 443 {
httpsPortString = fmt.Sprintf(":%d", httpsPort)
}

requestMessages += fmt.Sprintf("%s: https://%s%s", aurora.BgBlue("HTTPS"), host, httpsPortString)
log.Printf("%s forwarding started: https://%s%s -> %s for client: %s\n", aurora.BgBlue("HTTPS"), host, httpPortString, chanListener.Addr().String(), sshConn.SSHConn.RemoteAddr().String())
}
} else {
if handleTCPAliasing {
@@ -150,8 +153,10 @@ func handleRemoteForward(newRequest *ssh.Request, sshConn *SSHConnection, state
defer state.TCPListeners.Delete(validAlias)

requestMessages += fmt.Sprintf("%s: %s", aurora.BgBlue("TCP Alias"), validAlias)
log.Printf("%s forwarding started: %s -> %s for client: %s\n", aurora.BgBlue("TCP Alias"), validAlias, chanListener.Addr().String(), sshConn.SSHConn.RemoteAddr().String())
} else {
requestMessages += fmt.Sprintf("%s: %s:%d", aurora.BgBlue("TCP"), *rootDomain, chanListener.Addr().(*net.TCPAddr).Port)
log.Printf("%s forwarding started: %s:%d -> %s for client: %s\n", aurora.BgBlue("TCP"), *rootDomain, chanListener.Addr().(*net.TCPAddr).Port, chanListener.Addr().String(), sshConn.SSHConn.RemoteAddr().String())
}
}

@@ -170,6 +175,15 @@ func handleRemoteForward(newRequest *ssh.Request, sshConn *SSHConnection, state

defer cl.Close()

if connType == "tcp" {
logLine := fmt.Sprintf("Accepted connection from %s -> %s", cl.RemoteAddr().String(), sshConn.SSHConn.RemoteAddr().String())
log.Println(logLine)

if *logToClient {
sendMessage(sshConn, logLine)
}
}

resp := &forwardedTCPPayload{
Addr: check.Addr,
Port: check.Rport,

0 comments on commit 16c2a1a

Please sign in to comment.
You can’t perform that action at this time.