the builtin proxy can forward multiple source ports

2025-08-23 06:36:15 -07:00 · 2018-07-12 20:56:36 +08:00 · 2018-07-12 20:56:36 +08:00 · b1d3e36960
commit b1d3e36960
parent 82186e2b47
9 changed files with 49 additions and 47 deletions
--- a/firewall/firewall_linux.go
+++ b/firewall/firewall_linux.go
@ -74,7 +74,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine []
 			action, "PREROUTING",
 			"-i", r.Interface,
 			"-p", r.Protocol,
-			"--dport", fmt.Sprintf("%d", r.SrcPort),
+			"--dport", fmt.Sprintf("%s", r.SrcPort),
 			"-j", "DNAT",
 			"--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort),
 		}
@ -85,7 +85,7 @@ func (f *LinuxFirewall) getCommandLine(r *Redirection, enabled bool) (cmdLine []
 			"-i", r.Interface,
 			"-p", r.Protocol,
 			"-d", r.SrcAddress,
-			"--dport", fmt.Sprintf("%d", r.SrcPort),
+			"--dport", fmt.Sprintf("%s", r.SrcPort),
 			"-j", "DNAT",
 			"--to", fmt.Sprintf("%s:%d", r.DstAddress, r.DstPort),
 		}
--- a/firewall/redirection.go
+++ b/firewall/redirection.go
@ -1,17 +1,28 @@
 package firewall
-import "fmt"
+import (
 	"fmt"
 	"strconv"
 )
 type Redirection struct {
 	Interface  string
 	Protocol   string
 	SrcAddress string
-	SrcPort    int
+	SrcPort    string
 	DstAddress string
 	DstPort    int
 	MultiPort	bool
 }
-func NewRedirection(iface string, proto string, port_from int, addr_to string, port_to int) *Redirection {
+func NewRedirection(iface string, proto string, port_from string, addr_to string, port_to int) *Redirection {
 	_, err := strconv.Atoi(port_from)
 	multi_port := false
 	if err != nil {
 		multi_port = true
 	} else {
 		multi_port = false
 	}
 	return &Redirection{
 		Interface:  iface,
 		Protocol:   proto,
@ -19,6 +30,7 @@ func NewRedirection(iface string, proto string, port_from int, addr_to string, p
 		SrcPort:    port_from,
 		DstAddress: addr_to,
 		DstPort:    port_to,
 		MultiPort:  multi_port,
 	}
 }
--- a/modules/custom_http_proxy.go
+++ b/modules/custom_http_proxy.go
@ -16,7 +16,7 @@ func NewCustomHttpProxy(s *session.Session) *CustomHttpProxy {
 	}
 	p.AddParam(session.NewStringParameter("custom.http.port",
-		"80", session.PortListValidator,
+		"80", session.PortsValidator,
 		"HTTP port to redirect when the proxy is activated."))
 	p.AddParam(session.NewStringParameter("custom.http.proxy.address",
@ -63,7 +63,7 @@ func (p *CustomHttpProxy) Configure() error {
 	var err error
 	var address string
 	var proxyPort int
-	var httpPort []string
+	var httpPort string
 	var stripSSL bool
 	if p.Running() {
@ -72,7 +72,7 @@ func (p *CustomHttpProxy) Configure() error {
 		return err
 	} else if err, proxyPort = p.IntParam("custom.http.proxy.port"); err != nil {
 		return err
-	} else if err, httpPort = p.ListParam("custom.http.port"); err != nil {
+	} else if err, httpPort = p.StringParam("custom.http.port"); err != nil {
 		return err
 	} else if err, stripSSL = p.BoolParam("custom.http.proxy.sslstrip"); err != nil {
 		return err
--- a/modules/custom_proxy_base.go
+++ b/modules/custom_proxy_base.go
@ -8,7 +8,6 @@ import (
 	"strings"
 	"github.com/bettercap/bettercap/log"
 	"github.com/bettercap/bettercap/core"
 	"strconv"
 )
 type CustomProxy struct {
@ -61,7 +60,7 @@ func (p *CustomProxy) stripPort(s string) string {
 	return s[:ix]
 }
-func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort []string, stripSSL bool) error {
+func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort string, stripSSL bool) error {
 	p.stripper.Enable(stripSSL)
 	p.Address = proxyAddress
@ -71,20 +70,16 @@ func (p *CustomProxy) Configure(proxyAddress string, proxyPort int, srcPort []st
 		p.sess.Firewall.EnableForwarding(true)
 	}
-	for _,v := range srcPort {
+	p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
 		"TCP",
 		srcPort,
 		p.Address,
 		proxyPort)
-		port, _ := strconv.Atoi(v)
+	if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
-		p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
+		return err
 			"TCP",
 			port,
 			p.Address,
 			proxyPort)
 		if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
 			return err
 		}
 		log.Debug("Applied redirection %s", p.Redirection.String())
 	}
 	log.Debug("Applied redirection %s", p.Redirection.String())
 	return nil
--- a/modules/http_proxy.go
+++ b/modules/http_proxy.go
@ -16,7 +16,7 @@ func NewHttpProxy(s *session.Session) *HttpProxy {
 	}
 	p.AddParam(session.NewStringParameter("http.port",
-		"80", session.PortListValidator,
+		"80", session.PortsValidator,
 		"HTTP port to redirect when the proxy is activated."))
 	p.AddParam(session.NewStringParameter("http.proxy.address",
@ -68,7 +68,7 @@ func (p *HttpProxy) Configure() error {
 	var err error
 	var address string
 	var proxyPort int
-	var httpPort []string
+	var httpPort string
 	var scriptPath string
 	var stripSSL bool
@ -78,7 +78,7 @@ func (p *HttpProxy) Configure() error {
 		return err
 	} else if err, proxyPort = p.IntParam("http.proxy.port"); err != nil {
 		return err
-	} else if err, httpPort = p.ListParam("http.port"); err != nil {
+	} else if err, httpPort = p.StringParam("http.port"); err != nil {
 		return err
 	} else if err, scriptPath = p.StringParam("http.proxy.script"); err != nil {
 		return err
--- a/modules/http_proxy_base.go
+++ b/modules/http_proxy_base.go
@ -106,7 +106,7 @@ func (p *HTTPProxy) doProxy(req *http.Request) bool {
 	return true
 }
-func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort []string, scriptPath string, stripSSL bool) error {
+func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort string, scriptPath string, stripSSL bool) error {
 	var err error
 	p.stripper.Enable(stripSSL)
@ -132,21 +132,16 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort []string,
 		p.sess.Firewall.EnableForwarding(true)
 	}
 	p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
 		"TCP",
 		httpPort,
 		p.Address,
 		proxyPort)
-	for _,v := range httpPort {
+	if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
-
+		return err
 		port, _ := strconv.Atoi(v)
 		p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
 			"TCP",
 			port,
 			p.Address,
 			proxyPort)
 		if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
 			return err
 		}
 		log.Debug("Applied redirection %s", p.Redirection.String())
 	}
 	log.Debug("Applied redirection %s", p.Redirection.String())
 	p.sess.UnkCmdCallback = func(cmd string) bool {
 		if p.Script != nil {
@ -191,7 +186,7 @@ func TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *goproxy.ProxyCt
 	}
 }
-func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort []string, scriptPath string, certFile string, keyFile string, stripSSL bool) (err error) {
+func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort string, scriptPath string, certFile string, keyFile string, stripSSL bool) (err error) {
 	if p.Configure(address, proxyPort, httpPort, scriptPath, stripSSL); err != nil {
 		return err
 	}
--- a/modules/https_proxy.go
+++ b/modules/https_proxy.go
@ -19,7 +19,7 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
 	}
 	p.AddParam(session.NewStringParameter("https.port",
-		"443", session.PortListValidator,
+		"443", session.PortsValidator,
 		"HTTPS port to redirect when the proxy is activated."))
 	p.AddParam(session.NewStringParameter("https.proxy.address",
@ -81,7 +81,7 @@ func (p *HttpsProxy) Configure() error {
 	var err error
 	var address string
 	var proxyPort int
-	var httpsPort []string
+	var httpsPort string
 	var scriptPath string
 	var certFile string
 	var keyFile string
@ -93,7 +93,7 @@ func (p *HttpsProxy) Configure() error {
 		return err
 	} else if err, proxyPort = p.IntParam("https.proxy.port"); err != nil {
 		return err
-	} else if err, httpsPort = p.ListParam("https.port"); err != nil {
+	} else if err, httpsPort = p.StringParam("https.port"); err != nil {
 		return err
 	} else if err, stripSSL = p.BoolParam("https.proxy.sslstrip"); err != nil {
 		return err
--- a/modules/tcp_proxy.go
+++ b/modules/tcp_proxy.go
@ -87,7 +87,7 @@ func (p *TcpProxy) Author() string {
 func (p *TcpProxy) Configure() error {
 	var err error
-	var port int
+	var port string
 	var proxyPort int
 	var address string
 	var proxyAddress string
@ -103,7 +103,7 @@ func (p *TcpProxy) Configure() error {
 		return err
 	} else if err, proxyPort = p.IntParam("tcp.proxy.port"); err != nil {
 		return err
-	} else if err, port = p.IntParam("tcp.port"); err != nil {
+	} else if err, port = p.StringParam("tcp.port"); err != nil {
 		return err
 	} else if err, tunnelAddress = p.StringParam("tcp.tunnel.address"); err != nil {
 		return err
@ -113,7 +113,7 @@ func (p *TcpProxy) Configure() error {
 		return err
 	} else if p.localAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", proxyAddress, proxyPort)); err != nil {
 		return err
-	} else if p.remoteAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", address, port)); err != nil {
+	} else if p.remoteAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%s", address, port)); err != nil {
 		return err
 	} else if p.tunnelAddr, err = net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", tunnelAddress, tunnelPort)); err != nil {
 		return err
--- a/session/module_handler.go
+++ b/session/module_handler.go
@ -9,7 +9,7 @@ import (
 )
 const IPv4Validator = `^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`
-const PortListValidator = `^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+[,]+)*(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$`
+const PortsValidator = `^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+[,]+)*(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$|^(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+):(([0-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-5]{2}[0-3][0-5])+)$`
 type ModuleHandler struct {
 	Name        string