【探索】基于WebSocket的内网穿透工具

Last updated on October 23, 2024 pm

国内的服务器除了挂个备案,不想再要了。而许多内网的服务需要在外网访问,内网穿透是必不可少的。但是用国外的服务器的话,需要过一层未知的东西,难免被误伤,融入汪洋大海也是必须的。之前折腾了一下通过套一层QUIC来伪装,不知道为什么,总是不稳定。寻寻觅觅,又找到一个特征少的内网穿透工具:ProxyNT 。ProxyNT是一个用python编写的基于WebSocket的反向代理服务器,可以透过NAT和防火墙将本地服务器暴露到公网上,从原理看,套上一层CDN保护公网ip也是可以的。

服务端

1
2
3
4
mkdir -p ~/app/proxynt && cd ~/app/proxynt && nano Dockerfile && nano docker-compose.yml
docker build -t limour/proxynt .
nano config.json
sudo docker-compose up -d
1
2
3
4
FROM python:3.9-alpine
RUN pip install -U python-snappy
RUN pip install -U https://github.com/sazima/proxynt/archive/refs/heads/master.zip
ENTRYPOINT ["nt_server", "-c", "/opt/config.json"]
1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3.3'
services:
proxynt:
restart: unless-stopped
volumes:
- './config.json:/opt/config.json'
- '/etc/localtime:/etc/localtime:ro'
image: limour/proxynt

networks:
default:
external: true
name: ngpm
1
2
3
4
5
6
7
8
9
10
{
"port": 18888,
"log_file": "/dev/null",
"path": "/websocket_path",
"password": "helloworld",
"admin": {
"enable": true,
"admin_password": "new_password"
}
}

反代 proxynt:18888

客户端

1
2
3
4
5
6
mkdir -p ~/app/proxynt && cd ~/app/proxynt
# pip install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple
# pip install --use-pep517 python-snappy -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install -U python-snappy -i https://pypi.tuna.tsinghua.edu.cn/simple
pip install -U https://xxx.limour.top/token/https://github.com/sazima/proxynt/archive/refs/heads/master.zip
whereis nt_client
1
2
3
4
5
6
7
8
nano config.json
nt_client -c config.json # 测试
nano proxynt.sh && chmod +x proxynt.sh
nano proxynt.service
sudo mv proxynt.service /etc/systemd/system/proxynt.service
sudo systemctl enable proxynt
sudo systemctl start proxynt
sudo systemctl status proxynt
1
2
3
4
5
6
7
8
9
{
"server": {
"url": "wss://limour.top:443/websocket_path",
"password": "helloworld",
"compress": true
},
"client_name": "home_pc",
"log_file": "/home/limour/app/proxynt/nt.log"
}
1
2
3
#!/bin/sh
export PYTHONPATH=/home/limour/.local/lib/python3.10/site-packages
/home/limour/.local/bin/nt_client -c /home/limour/app/proxynt/config.json
1
2
3
4
5
6
7
8
9
[Unit]
Description=proxynt
After=network.target
[Service]
ExecStart=/home/limour/app/proxynt/proxynt.sh
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
  • 访问 https://limour.top:443/websocket_path/admin
  • 看到客户端上线后,新建配置即可

附加 WebSSH

和上面的内网穿透配合,连接时host填proxynt,可以保证内网ssh不暴露公网的同时,又能通过公网进行ssh连接。

1
2
mkdir -p ~/app/webssh && cd ~/app/webssh && nano docker-compose.yml
sudo docker-compose up -d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
version: '3.3'
services:
webssh:
restart: unless-stopped
environment:
- GIN_MODE=release
- savePass=true
volumes:
- '/etc/localtime:/etc/localtime:ro'
image: jrohy/webssh:latest

networks:
default:
external: true
name: ngpm

反代 webssh:5032

附加 Nexterm

1
2
mkdir -p ~/app/nexterm && cd ~/app/nexterm && nano docker-compose.yml
sudo docker-compose up -d
1
2
3
4
5
6
7
8
9
10
11
12
version: '3.3'
services:
nexterm:
restart: unless-stopped # no,always,on-failure,unless-stopped
volumes:
- ./nexterm:/app/data
image: germannewsmaker/nexterm:latest

networks:
default:
external: true
name: ngpm

  • 第一次访问自动注册管理账号
  • 切记手动开启 2FA

【探索】基于WebSocket的内网穿透工具
https://hexo.limour.top/WebSocket-based-intranet-penetration-tool
Author
Limour
Posted on
November 9, 2023
Updated on
October 23, 2024
Licensed under