From b1d3e369601ee0b1f917248c710363fadbf24146 Mon Sep 17 00:00:00 2001 From: gorgiaxx Date: Thu, 12 Jul 2018 20:56:36 +0800 Subject: [PATCH] the builtin proxy can forward multiple source ports --- firewall/firewall_linux.go | 4 ++-- firewall/redirection.go | 18 +++++++++++++++--- modules/custom_http_proxy.go | 6 +++--- modules/custom_proxy_base.go | 23 +++++++++-------------- modules/http_proxy.go | 6 +++--- modules/http_proxy_base.go | 25 ++++++++++--------------- modules/https_proxy.go | 6 +++--- modules/tcp_proxy.go | 6 +++--- session/module_handler.go | 2 +- 9 files changed, 49 insertions(+), 47 deletions(-) diff --git a/firewall/firewall_linux.go b/firewall/firewall_linux.go index cd192870..b1a629be 100644 --- a/firewall/firewall_linux.go +++ b/firewall/firewall_linux.go @@ -74,7 +74,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine [] action, "PREROUTING", "-i", r.Interface, "-p", r.Protocol, - "--dport", fmt.Sprintf("%d", r.SrcPort), + "--dport", fmt.Sprintf("%s", r.SrcPort), "-j", "DNAT", "--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort), } @@ -85,7 +85,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine [] "-i", r.Interface, "-p", r.Protocol, "-d", r.SrcAddress, - "--dport", fmt.Sprintf("%d", r.SrcPort), + "--dport", fmt.Sprintf("%s", r.SrcPort), "-j", "DNAT", "--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort), } diff --git a/firewall/redirection.go b/firewall/redirection.go index b4d9ef93..3123eeaf 100644 --- a/firewall/redirection.go +++ b/firewall/redirection.go @@ -1,17 +1,28 @@ package firewall -import "fmt" +import ( + "fmt" + "strconv" +) type Redirection struct { Interface string Protocol string SrcAddress string - SrcPort int + SrcPort string DstAddress string DstPort int + MultiPort bool } -func NewRedirection(iface string, proto string, port_from int, addr_to string, port_to int) *Redirection { +func NewRedirection(iface string, proto string, port_from string, addr_to string, port_to int) *Redirection { + _, err := strconv.Atoi(port_from) + multi_port := false + if err != nil { + multi_port = true + } else { + multi_port = false + } return &Redirection{ Interface: iface, Protocol: proto, @@ -19,6 +30,7 @@ func NewRedirection(iface string, proto string, port_from int, addr_to string, p SrcPort: port_from, DstAddress: addr_to, DstPort: port_to, + MultiPort: multi_port, } } diff --git a/modules/custom_http_proxy.go b/modules/custom_http_proxy.go index 11fcf785..3b1acc66 100644 --- a/modules/custom_http_proxy.go +++ b/modules/custom_http_proxy.go @@ -16,7 +16,7 @@ func NewCustomHttpProxy(s *session.Session) *CustomHttpProxy { } p.AddParam(session.NewStringParameter("custom.http.port", - "80", session.PortListValidator, + "80", session.PortsValidator, "HTTP port to redirect when the proxy is activated.")) p.AddParam(session.NewStringParameter("custom.http.proxy.address", @@ -63,7 +63,7 @@ func (p *CustomHttpProxy) Configure() error { var err error var address string var proxyPort int - var httpPort []string + var httpPort string var stripSSL bool if p.Running() { @@ -72,7 +72,7 @@ func (p *CustomHttpProxy) Configure() error { return err } else if err, proxyPort = p.IntParam("custom.http.proxy.port"); err != nil { return err - } else if err, httpPort = p.ListParam("custom.http.port"); err != nil { + } else if err, httpPort = p.StringParam("custom.http.port"); err != nil { return err } else if err, stripSSL = p.BoolParam("custom.http.proxy.sslstrip"); err != nil { return err diff --git a/modules/custom_proxy_base.go b/modules/custom_proxy_base.go index bb6a7789..b6f4e53b 100644 --- a/modules/custom_proxy_base.go +++ b/modules/custom_proxy_base.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/bettercap/bettercap/log" "github.com/bettercap/bettercap/core" - "strconv" ) type CustomProxy struct { @@ -61,7 +60,7 @@ func (p *CustomProxy) stripPort(s string) string { return s[:ix] } -func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort []string, stripSSL bool) error { +func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort string, stripSSL bool) error { p.stripper.Enable(stripSSL) p.Address = proxyAddress @@ -71,20 +70,16 @@ func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort []st p.sess.Firewall.EnableForwarding(true) } - for _,v := range srcPort { + p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(), + "TCP", + srcPort, + p.Address, + proxyPort) - port, _ := strconv.Atoi(v) - p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(), - "TCP", - port, - p.Address, - proxyPort) - - if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil { - return err - } - log.Debug("Applied redirection %s", p.Redirection.String()) + if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil { + return err } + log.Debug("Applied redirection %s", p.Redirection.String()) return nil diff --git a/modules/http_proxy.go b/modules/http_proxy.go index 154a6cd9..401133da 100644 --- a/modules/http_proxy.go +++ b/modules/http_proxy.go @@ -16,7 +16,7 @@ func NewHttpProxy(s *session.Session) *HttpProxy { } p.AddParam(session.NewStringParameter("http.port", - "80", session.PortListValidator, + "80", session.PortsValidator, "HTTP port to redirect when the proxy is activated.")) p.AddParam(session.NewStringParameter("http.proxy.address", @@ -68,7 +68,7 @@ func (p *HttpProxy) Configure() error { var err error var address string var proxyPort int - var httpPort []string + var httpPort string var scriptPath string var stripSSL bool @@ -78,7 +78,7 @@ func (p *HttpProxy) Configure() error { return err } else if err, proxyPort = p.IntParam("http.proxy.port"); err != nil { return err - } else if err, httpPort = p.ListParam("http.port"); err != nil { + } else if err, httpPort = p.StringParam("http.port"); err != nil { return err } else if err, scriptPath = p.StringParam("http.proxy.script"); err != nil { return err diff --git a/modules/http_proxy_base.go b/modules/http_proxy_base.go index bb78f1b6..4c648590 100644 --- a/modules/http_proxy_base.go +++ b/modules/http_proxy_base.go @@ -106,7 +106,7 @@ func (p *HTTPProxy) doProxy(req *http.Request) bool { return true } -func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort []string, scriptPath string, stripSSL bool) error { +func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort string, scriptPath string, stripSSL bool) error { var err error p.stripper.Enable(stripSSL) @@ -132,21 +132,16 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort []string, p.sess.Firewall.EnableForwarding(true) } + p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(), + "TCP", + httpPort, + p.Address, + proxyPort) - for _,v := range httpPort { - - port, _ := strconv.Atoi(v) - p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(), - "TCP", - port, - p.Address, - proxyPort) - - if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil { - return err - } - log.Debug("Applied redirection %s", p.Redirection.String()) + if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil { + return err } + log.Debug("Applied redirection %s", p.Redirection.String()) p.sess.UnkCmdCallback = func(cmd string) bool { if p.Script != nil { @@ -191,7 +186,7 @@ func TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *goproxy.ProxyCt } } -func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort []string, scriptPath string, certFile string, keyFile string, stripSSL bool) (err error) { +func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort string, scriptPath string, certFile string, keyFile string, stripSSL bool) (err error) { if p.Configure(address, proxyPort, httpPort, scriptPath, stripSSL); err != nil { return err } diff --git a/modules/https_proxy.go b/modules/https_proxy.go index 39a146af..503dad3a 100644 --- a/modules/https_proxy.go +++ b/modules/https_proxy.go @@ -19,7 +19,7 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy { } p.AddParam(session.NewStringParameter("https.port", - "443", session.PortListValidator, + "443", session.PortsValidator, "HTTPS port to redirect when the proxy is activated.")) p.AddParam(session.NewStringParameter("https.proxy.address", @@ -81,7 +81,7 @@ func (p *HttpsProxy) Configure() error { var err error var address string var proxyPort int - var httpsPort []string + var httpsPort string var scriptPath string var certFile string var keyFile string @@ -93,7 +93,7 @@ func (p *HttpsProxy) Configure() error { return err } else if err, proxyPort = p.IntParam("https.proxy.port"); err != nil { return err - } else if err, httpsPort = p.ListParam("https.port"); err != nil { + } else if err, httpsPort = p.StringParam("https.port"); err != nil { return err } else if err, stripSSL = p.BoolParam("https.proxy.sslstrip"); err != nil { return err diff --git a/modules/tcp_proxy.go b/modules/tcp_proxy.go index d3be611a..e7c59e76 100644 --- a/modules/tcp_proxy.go +++ b/modules/tcp_proxy.go @@ -87,7 +87,7 @@ func (p *TcpProxy) Author() string { func (p *TcpProxy) Configure() error { var err error - var port int + var port string var proxyPort int var address string var proxyAddress string @@ -103,7 +103,7 @@ func (p *TcpProxy) Configure() error { return err } else if err, proxyPort = p.IntParam("tcp.proxy.port"); err != nil { return err - } else if err, port = p.IntParam("tcp.port"); err != nil { + } else if err, port = p.StringParam("tcp.port"); err != nil { return err } else if err, tunnelAddress = p.StringParam("tcp.tunnel.address"); err != nil { return err @@ -113,7 +113,7 @@ func (p *TcpProxy) Configure() error { return err } else if p.localAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", proxyAddress, proxyPort)); err != nil { return err - } else if p.remoteAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", address, port)); err != nil { + } else if p.remoteAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%s", address, port)); err != nil { return err } else if p.tunnelAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", tunnelAddress, tunnelPort)); err != nil { return err diff --git a/session/module_handler.go b/session/module_handler.go index 6d936d3b..19e95b3b 100644 --- a/session/module_handler.go +++ b/session/module_handler.go @@ -9,7 +9,7 @@ import ( ) const IPv4Validator = `^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$` -const PortListValidator = `^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+[,]+)*(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$` +const PortsValidator = `^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+[,]+)*(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$|^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+):(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$` type ModuleHandler struct { Name string