Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

流量被嗅探 #3193

Closed
3 of 11 tasks
lerogo opened this issue Nov 30, 2022 · 8 comments
Closed
3 of 11 tasks

流量被嗅探 #3193

lerogo opened this issue Nov 30, 2022 · 8 comments
Labels
lifecycle/stale

Comments

@lerogo
Copy link

lerogo commented Nov 30, 2022
edited

Describe the feature request

frp客户端的流量通过防火墙时,流量会被防火墙嗅探到,从而内网机器被封ip
希望增加伪装功能,或者加密传输

Describe alternatives you've considered

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
@Becods
Copy link
Contributor

Becods commented Nov 30, 2022
edited

#1992 #3050

frp的特征从来都不是加密的

自行修改

frp/pkg/msg/msg.go

Lines 61 to 191 in da51adc

// When frpc start, client send this message to login to server.
type Login struct {
Version string `json:"version,omitempty"`
Hostname string `json:"hostname,omitempty"`
Os string `json:"os,omitempty"`
Arch string `json:"arch,omitempty"`
User string `json:"user,omitempty"`
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
RunID string `json:"run_id,omitempty"`
Metas map[string]string `json:"metas,omitempty"`
// Some global configures.
PoolCount int `json:"pool_count,omitempty"`
}
type LoginResp struct {
Version string `json:"version,omitempty"`
RunID string `json:"run_id,omitempty"`
ServerUDPPort int `json:"server_udp_port,omitempty"`
Error string `json:"error,omitempty"`
}
// When frpc login success, send this message to frps for running a new proxy.
type NewProxy struct {
ProxyName string `json:"proxy_name,omitempty"`
ProxyType string `json:"proxy_type,omitempty"`
UseEncryption bool `json:"use_encryption,omitempty"`
UseCompression bool `json:"use_compression,omitempty"`
Group string `json:"group,omitempty"`
GroupKey string `json:"group_key,omitempty"`
Metas map[string]string `json:"metas,omitempty"`
// tcp and udp only
RemotePort int `json:"remote_port,omitempty"`
// http and https only
CustomDomains []string `json:"custom_domains,omitempty"`
SubDomain string `json:"subdomain,omitempty"`
Locations []string `json:"locations,omitempty"`
HTTPUser string `json:"http_user,omitempty"`
HTTPPwd string `json:"http_pwd,omitempty"`
HostHeaderRewrite string `json:"host_header_rewrite,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
RouteByHTTPUser string `json:"route_by_http_user,omitempty"`
// stcp
Sk string `json:"sk,omitempty"`
// tcpmux
Multiplexer string `json:"multiplexer,omitempty"`
}
type NewProxyResp struct {
ProxyName string `json:"proxy_name,omitempty"`
RemoteAddr string `json:"remote_addr,omitempty"`
Error string `json:"error,omitempty"`
}
type CloseProxy struct {
ProxyName string `json:"proxy_name,omitempty"`
}
type NewWorkConn struct {
RunID string `json:"run_id,omitempty"`
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type ReqWorkConn struct{}
type StartWorkConn struct {
ProxyName string `json:"proxy_name,omitempty"`
SrcAddr string `json:"src_addr,omitempty"`
DstAddr string `json:"dst_addr,omitempty"`
SrcPort uint16 `json:"src_port,omitempty"`
DstPort uint16 `json:"dst_port,omitempty"`
Error string `json:"error,omitempty"`
}
type NewVisitorConn struct {
ProxyName string `json:"proxy_name,omitempty"`
SignKey string `json:"sign_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
UseEncryption bool `json:"use_encryption,omitempty"`
UseCompression bool `json:"use_compression,omitempty"`
}
type NewVisitorConnResp struct {
ProxyName string `json:"proxy_name,omitempty"`
Error string `json:"error,omitempty"`
}
type Ping struct {
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type Pong struct {
Error string `json:"error,omitempty"`
}
type UDPPacket struct {
Content string `json:"c,omitempty"`
LocalAddr *net.UDPAddr `json:"l,omitempty"`
RemoteAddr *net.UDPAddr `json:"r,omitempty"`
}
type NatHoleVisitor struct {
ProxyName string `json:"proxy_name,omitempty"`
SignKey string `json:"sign_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type NatHoleClient struct {
ProxyName string `json:"proxy_name,omitempty"`
Sid string `json:"sid,omitempty"`
}
type NatHoleResp struct {
Sid string `json:"sid,omitempty"`
VisitorAddr string `json:"visitor_addr,omitempty"`
ClientAddr string `json:"client_addr,omitempty"`
Error string `json:"error,omitempty"`
}
type NatHoleClientDetectOK struct{}
type NatHoleSid struct {
Sid string `json:"sid,omitempty"`
}

此外

建议不要在公司禁止的情况下使用,安全风险和后果需要自负。

@lerogo
Copy link
Author

lerogo commented Nov 30, 2022
edited

#1992 #3050

frp的特征从来都不是加密的

自行修改

frp/pkg/msg/msg.go

Lines 61 to 191 in da51adc

// When frpc start, client send this message to login to server.
type Login struct {
Version string `json:"version,omitempty"`
Hostname string `json:"hostname,omitempty"`
Os string `json:"os,omitempty"`
Arch string `json:"arch,omitempty"`
User string `json:"user,omitempty"`
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
RunID string `json:"run_id,omitempty"`
Metas map[string]string `json:"metas,omitempty"`
// Some global configures.
PoolCount int `json:"pool_count,omitempty"`
}
type LoginResp struct {
Version string `json:"version,omitempty"`
RunID string `json:"run_id,omitempty"`
ServerUDPPort int `json:"server_udp_port,omitempty"`
Error string `json:"error,omitempty"`
}
// When frpc login success, send this message to frps for running a new proxy.
type NewProxy struct {
ProxyName string `json:"proxy_name,omitempty"`
ProxyType string `json:"proxy_type,omitempty"`
UseEncryption bool `json:"use_encryption,omitempty"`
UseCompression bool `json:"use_compression,omitempty"`
Group string `json:"group,omitempty"`
GroupKey string `json:"group_key,omitempty"`
Metas map[string]string `json:"metas,omitempty"`
// tcp and udp only
RemotePort int `json:"remote_port,omitempty"`
// http and https only
CustomDomains []string `json:"custom_domains,omitempty"`
SubDomain string `json:"subdomain,omitempty"`
Locations []string `json:"locations,omitempty"`
HTTPUser string `json:"http_user,omitempty"`
HTTPPwd string `json:"http_pwd,omitempty"`
HostHeaderRewrite string `json:"host_header_rewrite,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
RouteByHTTPUser string `json:"route_by_http_user,omitempty"`
// stcp
Sk string `json:"sk,omitempty"`
// tcpmux
Multiplexer string `json:"multiplexer,omitempty"`
}
type NewProxyResp struct {
ProxyName string `json:"proxy_name,omitempty"`
RemoteAddr string `json:"remote_addr,omitempty"`
Error string `json:"error,omitempty"`
}
type CloseProxy struct {
ProxyName string `json:"proxy_name,omitempty"`
}
type NewWorkConn struct {
RunID string `json:"run_id,omitempty"`
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type ReqWorkConn struct{}
type StartWorkConn struct {
ProxyName string `json:"proxy_name,omitempty"`
SrcAddr string `json:"src_addr,omitempty"`
DstAddr string `json:"dst_addr,omitempty"`
SrcPort uint16 `json:"src_port,omitempty"`
DstPort uint16 `json:"dst_port,omitempty"`
Error string `json:"error,omitempty"`
}
type NewVisitorConn struct {
ProxyName string `json:"proxy_name,omitempty"`
SignKey string `json:"sign_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
UseEncryption bool `json:"use_encryption,omitempty"`
UseCompression bool `json:"use_compression,omitempty"`
}
type NewVisitorConnResp struct {
ProxyName string `json:"proxy_name,omitempty"`
Error string `json:"error,omitempty"`
}
type Ping struct {
PrivilegeKey string `json:"privilege_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type Pong struct {
Error string `json:"error,omitempty"`
}
type UDPPacket struct {
Content string `json:"c,omitempty"`
LocalAddr *net.UDPAddr `json:"l,omitempty"`
RemoteAddr *net.UDPAddr `json:"r,omitempty"`
}
type NatHoleVisitor struct {
ProxyName string `json:"proxy_name,omitempty"`
SignKey string `json:"sign_key,omitempty"`
Timestamp int64 `json:"timestamp,omitempty"`
}
type NatHoleClient struct {
ProxyName string `json:"proxy_name,omitempty"`
Sid string `json:"sid,omitempty"`
}
type NatHoleResp struct {
Sid string `json:"sid,omitempty"`
VisitorAddr string `json:"visitor_addr,omitempty"`
ClientAddr string `json:"client_addr,omitempty"`
Error string `json:"error,omitempty"`
}
type NatHoleClientDetectOK struct{}
type NatHoleSid struct {
Sid string `json:"sid,omitempty"`
}

此外

建议不要在公司禁止的情况下使用,安全风险和后果需要自负。

好的,谢谢!就是改起来有点麻烦,呜呜🥹

@lerogo
Copy link
Author

lerogo commented Nov 30, 2022
edited

希望增加伪装功能,或者加密传输,就像trojan、v2ray这样的

@xqzr
Copy link

xqzr commented Nov 30, 2022 

[common]
...
tls_enable = true
disable_custom_tls_first_byte = true

@ideazw
Copy link

ideazw commented Dec 8, 2022 

[common]
...
tls_enable = true
disable_custom_tls_first_byte = true

加了这个就不会被嗅探到了吗?

@xqzr
Copy link

xqzr commented Dec 16, 2022 

[common]
...
tls_enable = true
disable_custom_tls_first_byte = true

加了这个就不会被嗅探到了吗?

最大可能减少。

@guation
Copy link

guation commented Dec 29, 2022

改用kcp协议然后外面套个udp2raw 以前v2ray的mkcp被gfw检测封杀的时候就是用udp2raw来过墙的

@github-actions
Copy link

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 5, 2023
This was referenced May 16, 2023
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ideazw @guation @xqzr @Becods @lerogo