Skip to content
Permalink
Browse files

Added the ability to request subdomains. Closes #4

  • Loading branch information...
antoniomika committed Mar 22, 2019
1 parent a85d664 commit f4dd86b78571aaeba58ac2e48d338db5175fbcfe
Showing with 78 additions and 2 deletions.
  1. +27 −0 .vscode/launch.json
  2. +4 −0 README.md
  3. +9 −0 main.go
  4. +1 −2 requests.go
  5. +37 −0 utils.go
@@ -0,0 +1,27 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Launch",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${fileDirname}",
"env": {},
"args": [
"-sish.auth=true",
"-sish.debug=true",
"-sish.password=''",
"-sish.subdomainlen=3",
"-sish.httpsenabled=false",
"-sish.http=localhost:8081",
"-sish.addr=localhost:2222",
"-sish.domain=testing.ssi.sh",
"-sish.forcerandomsubdomain=false"
]
}
]
}
@@ -58,6 +58,8 @@ Usage of ./sish:
The address to listen for SSH connections (default "localhost:2222")
-sish.auth
Whether or not to require auth on the SSH service
-sish.bannedsubdomains string
A comma separated list of banned subdomains (default "localhost")
-sish.bindrandom
Bind ports randomly (OS chooses) (default true)
-sish.bindrange string
@@ -68,6 +70,8 @@ Usage of ./sish:
Whether or not to print debug information
-sish.domain string
The domain for HTTP(S) multiplexing (default "ssi.sh")
-sish.forcerandomsubdomain
Whether or not to force a random subdomain (default true)
-sish.http string
The address to listen for HTTP connections (default "localhost:80")
-sish.https string
@@ -7,6 +7,7 @@ import (
"os"
"os/signal"
"runtime"
"strings"
"sync"
"time"

@@ -38,6 +39,8 @@ var (
httpsPems = flag.String("sish.httpspems", "ssl/", "The location of pem files for HTTPS (fullchain.pem and privkey.pem)")
rootDomain = flag.String("sish.domain", "ssi.sh", "The domain for HTTP(S) multiplexing")
domainLen = flag.Int("sish.subdomainlen", 3, "The length of the random subdomain to generate")
forceRandomSubdomain = flag.Bool("sish.forcerandomsubdomain", true, "Whether or not to force a random subdomain")
bannedSubdomains = flag.String("sish.bannedsubdomains", "localhost", "A comma separated list of banned subdomains")
pkPass = flag.String("sish.pkpass", "S3Cr3tP4$$phrAsE", "Passphrase to use for the server private key")
pkLoc = flag.String("sish.pkloc", "keys/ssh_key", "SSH server private key")
authEnabled = flag.Bool("sish.auth", false, "Whether or not to require auth on the SSH service")
@@ -47,11 +50,17 @@ var (
cleanupUnbound = flag.Bool("sish.cleanupunbound", true, "Whether or not to cleanup unbound (forwarded) SSH connections")
bindRandom = flag.Bool("sish.bindrandom", true, "Bind ports randomly (OS chooses)")
debug = flag.Bool("sish.debug", false, "Whether or not to print debug information")
bannedList = []string{""}
)

func main() {
flag.Parse()

bannedList = append(bannedList, strings.Split(*bannedSubdomains, ",")...)
for k, v := range bannedList {
bannedList[k] = strings.ToLower(v + "." + *rootDomain)
}

watchCerts()

state := &State{
@@ -7,7 +7,6 @@ import (
"net"
"os"
"strconv"
"strings"

"golang.org/x/crypto/ssh"
)
@@ -82,7 +81,7 @@ func handleRemoteForward(newRequest *ssh.Request, sshConn *SSHConnection, state
scheme = "https"
}

host := strings.ToLower(RandStringBytesMaskImprSrc(*domainLen) + "." + *rootDomain)
host := getOpenHost(check.Addr, state, sshConn)

pH := &ProxyHolder{
ProxyHost: host,
@@ -232,6 +232,43 @@ func loadPrivateKey(passphrase string) ssh.Signer {
return signer
}

func inBannedList(host string) bool {
for _, v := range bannedList {
if strings.TrimSpace(v) == host {
return true
}
}

return false
}

func getOpenHost(addr string, state *State, sshConn *SSHConnection) string {
getUnusedHost := func() string {
first := true
host := strings.ToLower(addr + "." + *rootDomain)
getRandomHost := func() string {
return strings.ToLower(RandStringBytesMaskImprSrc(*domainLen) + "." + *rootDomain)
}

checkHost := func(checkHost string) bool {
if *forceRandomSubdomain || !first || inBannedList(host) {
host = getRandomHost()
}

first = false
_, ok := state.HTTPListeners.Load(host)
return ok
}

for checkHost(host) {
}

return host
}

return getUnusedHost()
}

// RandStringBytesMaskImprSrc creates a random string of length n
// https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang
func RandStringBytesMaskImprSrc(n int) string {

0 comments on commit f4dd86b

Please sign in to comment.
You can’t perform that action at this time.