有盆友好奇所谓的网络穿透是怎么做的

然后talk is cheap,please show code

所以只好写个简单且常见的websocket例子,

这里的例子大致是这个原理

浏览器插件(或者其他)首先将正常访问请求 --> 转换为socks5访问 --> 假代理服务器建立websocket链接,然后传输socks5协议数据 --> 允许websocket的网关由于不解析websocket数据而不知道是socks5所以未做拦截 --> 真代理服务器从websocket中解析socks5进行转发处理

代码如下

Socks5 --> websocket 端

internal class Socks5ToWSMiddleware : ITcpProxyMiddleware

{

    private readonly IForwarderHttpClientFactory httpClientFactory;

    private readonly ILoadBalancingPolicyFactory loadBalancing;

    private readonly ProxyLogger logger;

    private readonly TimeProvider timeProvider;

    public Socks5ToWSMiddleware(IForwarderHttpClientFactory httpClientFactory, ILoadBalancingPolicyFactory loadBalancing, ProxyLogger logger, TimeProvider timeProvider)

    {

        this.httpClientFactory = httpClientFactory;

        this.loadBalancing = loadBalancing;

        this.logger = logger;

        this.timeProvider = timeProvider;

    }

    public Task InitAsync(ConnectionContext context, CancellationToken token, TcpDelegate next)

    {

        // 过滤符合的路由配置

        var feature = context.Features.Get<IL4ReverseProxyFeature>();

        if (feature is not null)

        {

            var route = feature.Route;

            if (route is not null && route.Metadata is not null

                && route.Metadata.TryGetValue("socks5ToWS", out var b) && bool.TryParse(b, out var isSocks5) && isSocks5)

            {

                feature.IsDone = true;

                route.ClusterConfig?.InitHttp(httpClientFactory);

                return Proxy(context, feature, token);

            }

        }

        return next(context, token);

    }

    private async Task Proxy(ConnectionContext context, IL4ReverseProxyFeature feature, CancellationToken token)

    { // loadBalancing 选取有效 ip

        var route = feature.Route;

        var cluster = route.ClusterConfig;

        DestinationState selectedDestination;

        if (cluster is null)

        {

            selectedDestination = null;

        }

        else

        {

            selectedDestination = feature.SelectedDestination;

            selectedDestination ??= loadBalancing.PickDestination(feature);

        }

        if (selectedDestination is null)

        {

            logger.NotFoundAvailableUpstream(route.ClusterId);

            Abort(context);

            return;

        }

        selectedDestination.ConcurrencyCounter.Increment();

        try

        {

            await SendAsync(context, feature, selectedDestination, cluster, route.Transformer, token);

            selectedDestination.ReportSuccessed();

        }

        catch

        {

            selectedDestination.ReportFailed();

            throw;

        }

        finally

        {

            selectedDestination.ConcurrencyCounter.Decrement();

        }

    }

    private async Task<ForwarderError> SendAsync(ConnectionContext context, IL4ReverseProxyFeature feature, DestinationState selectedDestination, ClusterConfig? cluster, IHttpTransformer transformer, CancellationToken token)

    {

        // 创建 websocket 请求, 这里为了简单,只创建简单 http1.1 websocket

        var destinationPrefix = selectedDestination.Address;

        if (destinationPrefix is null || destinationPrefix.Length < 8)

        {

            throw new ArgumentException("Invalid destination prefix.", nameof(destinationPrefix));

        }

        var route = feature.Route;

        var requestConfig = cluster.HttpRequest ?? ForwarderRequestConfig.Empty;

        var httpClient = cluster.HttpMessageHandler ?? throw new ArgumentNullException("httpClient");

        var destinationRequest = new HttpRequestMessage();

        destinationRequest.Version = HttpVersion.Version11;

        destinationRequest.VersionPolicy = HttpVersionPolicy.RequestVersionOrLower;

        destinationRequest.Method = HttpMethod.Get;

        destinationRequest.RequestUri ??= new Uri(destinationPrefix, UriKind.Absolute);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Connection, HeaderNames.Upgrade);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Upgrade, HttpForwarder.WebSocketName);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.SecWebSocketVersion, "13");

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.SecWebSocketKey, ProtocolHelper.CreateSecWebSocketKey());

        destinationRequest.Content = new EmptyHttpContent();

        if (!string.IsNullOrWhiteSpace(selectedDestination.Host))

        {

            destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Host, selectedDestination.Host);

        }

        // 建立websocket 链接,成功则直接 复制原始 req/resp 数据,不做任何而外处理

        var destinationResponse = await httpClient.SendAsync(destinationRequest, token);

        if (destinationResponse.StatusCode == HttpStatusCode.SwitchingProtocols)

        {

            using var destinationStream = await destinationResponse.Content.ReadAsStreamAsync(token);

            var clientStream = new DuplexPipeStreamAdapter<Stream>(null, context.Transport, static i => i);

            var activityCancellationSource = ActivityCancellationTokenSource.Rent(route.Timeout);

            var requestTask = StreamCopier.CopyAsync(isRequest: true, clientStream, destinationStream, StreamCopier.UnknownLength, timeProvider, activityCancellationSource,

                autoFlush: destinationResponse.Version == HttpVersion.Version20, token).AsTask();

            var responseTask = StreamCopier.CopyAsync(isRequest: false, destinationStream, clientStream, StreamCopier.UnknownLength, timeProvider, activityCancellationSource, token).AsTask();

            var task = await Task.WhenAny(requestTask, responseTask);

            await clientStream.DisposeAsync();

            if (task.IsCanceled)

            {

                Abort(context);

                activityCancellationSource.Cancel();

                if (task.Exception is not null)

                {

                    throw task.Exception;

                }

            }

        }

        else

        {

            Abort(context);

            return ForwarderError.UpgradeRequestDestination;

        }

        return ForwarderError.None;

    }

    public Task<ReadOnlyMemory<byte>> OnRequestAsync(ConnectionContext context, ReadOnlyMemory<byte> source, CancellationToken token, TcpProxyDelegate next)

    {

        return next(context, source, token);

    }

    public Task<ReadOnlyMemory<byte>> OnResponseAsync(ConnectionContext context, ReadOnlyMemory<byte> source, CancellationToken token, TcpProxyDelegate next)

    {

        return next(context, source, token);

    }

    private static void Abort(ConnectionContext upstream)

    {

        upstream.Transport.Input.CancelPendingRead();

        upstream.Transport.Output.CancelPendingFlush();

        upstream.Abort();

    }

}

websocket --> Socks5 端

internal class WSToSocks5HttpMiddleware : IMiddleware

{

    private static ReadOnlySpan<byte> EncodedWebSocketKey => "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"u8;

    private WebSocketMiddleware middleware;

    private readonly Socks5Middleware socks5Middleware;

    public WSToSocks5HttpMiddleware(IOptions<WebSocketOptions> options, ILoggerFactory loggerFactory, Socks5Middleware socks5Middleware)

    {

        middleware = new WebSocketMiddleware(Scoks5, options, loggerFactory);

        this.socks5Middleware = socks5Middleware;

    }

    private async Task Scoks5(HttpContext context)

    {

        var upgradeFeature = context.Features.Get<IHttpUpgradeFeature>();

        // 检查是否未正确 websocket 请求

        var f = context.Features.Get<IHttpWebSocketFeature>();

        if (f.IsWebSocketRequest)

        {

            // 返回 websocket 接受信息

            var responseHeaders = context.Response.Headers;

            responseHeaders.Connection = HeaderNames.Upgrade;

            responseHeaders.Upgrade = HttpForwarder.WebSocketName;

            responseHeaders.SecWebSocketAccept = CreateResponseKey(context.Request.Headers.SecWebSocketKey.ToString());

            var stream = await upgradeFeature!.UpgradeAsync(); // Sets status code to 101

            // 建原始 websocket stream 包装成 pipe 方便使用原来的 socks5Middleware 实现

            var memoryPool = context is IMemoryPoolFeature s ? s.MemoryPool : MemoryPool<byte>.Shared;

            StreamPipeReaderOptions readerOptions = new StreamPipeReaderOptions

            (

                pool: memoryPool,

                bufferSize: memoryPool.GetMinimumSegmentSize(),

                minimumReadSize: memoryPool.GetMinimumAllocSize(),

                leaveOpen: true,

                useZeroByteReads: true

            );

            var writerOptions = new StreamPipeWriterOptions

            (

                pool: memoryPool,

                leaveOpen: true

            );

            var input = PipeReader.Create(stream, readerOptions);

            var output = PipeWriter.Create(stream, writerOptions);

            var feature = context.Features.Get<IReverseProxyFeature>();

            var route = feature.Route;

            using var cts = CancellationTokenSourcePool.Default.Rent(route.Timeout);

            var token = cts.Token;

            context.Features.Set<IL4ReverseProxyFeature>(new L4ReverseProxyFeature() { IsDone = true, Route = route });

            // socks5Middleware 进行转发

            await socks5Middleware.Proxy(new WebSocketConnection(context.Features)

            {

                Transport = new WebSocketDuplexPipe() { Input = input, Output = output },

                ConnectionId = context.Connection.Id,

                Items = context.Items,

            }, null, token);

        }

        else

        {

            context.Response.StatusCode = StatusCodes.Status400BadRequest;

        }

    }

    public static string CreateResponseKey(string requestKey)

    {

        // "The value of this header field is constructed by concatenating /key/, defined above in step 4

        // in Section 4.2.2, with the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11", taking the SHA-1 hash of

        // this concatenated value to obtain a 20-byte value and base64-encoding"

        // https://tools.ietf.org/html/rfc6455#section-4.2.2

        // requestKey is already verified to be small (24 bytes) by 'IsRequestKeyValid()' and everything is 1:1 mapping to UTF8 bytes

        // so this can be hardcoded to 60 bytes for the requestKey + static websocket string

        Span<byte> mergedBytes = stackalloc byte[60];

        Encoding.UTF8.GetBytes(requestKey, mergedBytes);

        EncodedWebSocketKey.CopyTo(mergedBytes[24..]);

        Span<byte> hashedBytes = stackalloc byte[20];

        var written = SHA1.HashData(mergedBytes, hashedBytes);

        if (written != 20)

        {

            throw new InvalidOperationException("Could not compute the hash for the 'Sec-WebSocket-Accept' header.");

        }

        return Convert.ToBase64String(hashedBytes);

    }

    public Task InvokeAsync(HttpContext context, RequestDelegate next)

    {

       // 过滤符合的路由配置

        var feature = context.Features.Get<IReverseProxyFeature>();

        if (feature is not null)

        {

            var route = feature.Route;

            if (route is not null && route.Metadata is not null

                && route.Metadata.TryGetValue("WSToSocks5", out var b) && bool.TryParse(b, out var isSocks5) && isSocks5)

            {

                // 这里偷个懒,利用现成的 WebSocketMiddleware 检查 websocket 请求,

                return middleware.Invoke(context);

            }

        }

        return next(context);

    }

}

internal class WebSocketConnection : ConnectionContext

{

    public WebSocketConnection(IFeatureCollection features)

    {

        this.features = features;

    }

    public override IDuplexPipe Transport { get; set; }

    public override string ConnectionId { get; set; }

    private IFeatureCollection features;

    public override IFeatureCollection Features => features;

    public override IDictionary<object, object?> Items { get; set; }

}

internal class WebSocketDuplexPipe : IDuplexPipe

{

    public PipeReader Input { get; set; }

    public PipeWriter Output { get; set; }

}

所以利用 websocket 伪装的例子大致就是这样就可以完成 tcp的 socks5 处理了 udp我就不来了

最后有兴趣的同学给 L4/L7的代理 VKProxy点个赞呗 (暂时没有使用文档,等啥时候有空把配置ui站点完成了再来吧)

如何使用 websocket 完成 socks5 网络穿透的更多相关文章

  1. n2n网络穿透内网

    目录 前言 配置 网络拓扑: 公网服务器的配置 公司电脑的配置 家里笔记本的配置 注意事项 使用n2n网络 n2n的各edge之间传输数据 补充:NAT类型 后记 前言 在家里的时候比较经常需要对公司 ...

  2. nat网络穿透整理笔记(思维导图)

    mindmanger整理的,关于Nat穿透,图片太小,可以点击放大,单独看图片.

  3. WebSocket协议中文版

    WebSocket协议中文版 摘要 WebSocket协议实现在受控环境中运行不受信任代码的一个客户端到一个从该代码已经选择加入通信的远程主机之间的全双工通信.用于这个安全模型是通常由web浏览器使用 ...

  4. Issue 7: 网络in action

    网络运维基础 基础参数 配置:IP,子网掩码,网关,dns服务器,dhcp服务器 基础应用 在网关设置上搭建VPN组网 改host文件 单台主机原则上只能配置一个网关 协议 协议是全球都遵守的一套编码 ...

  5. 在线聊天室的实现(1)--websocket协议和javascript版的api

    前言: 大家刚学socket编程的时候, 往往以聊天室作为学习DEMO, 实现简单且上手容易. 该Demo被不同语言实现和演绎, 网上相关资料亦不胜枚举. 以至于很多技术书籍在讲解网络相关的编程时, ...

  6. Unity3d 网络编程(二)(Unity3d内建网络各项參数介绍)

    这里是全部Unity3d在网络中能用到相关的类及方法.纵观參数功能, Unity3d来写一个手游是不二的选择: RPC 能够传递的參数 int float string NetworkPlayer N ...

  7. C#(SuperWebSocket)与websocket通信

    原文:C#(SuperWebSocket)与websocket通信 客户端代码 点击可以查看一些关于websocket的介绍 <!DOCTYPE html> <html> &l ...

  8. WebSocket学习笔记——无痛入门

    WebSocket学习笔记——无痛入门 标签: websocket 2014-04-09 22:05 4987人阅读 评论(1) 收藏 举报  分类: 物联网学习笔记(37)  版权声明:本文为博主原 ...

  9. WebSocket抓包分析

    转载自:https://www.cnblogs.com/songwenjie/p/8575579.html Chrome控制台 (1)F12进入控制台,点击Network,选中ws栏,注意选中Filt ...

  10. 爬取实时变化的 WebSocket 数据(转载)

    本文转自:https://mp.weixin.qq.com/s/fuS3uDvAWOQBQNetLqzO-g 一.前言 作为一名爬虫工程师,在工作中常常会遇到爬取实时数据的需求,比如体育赛事实时数据. ...

随机推荐

  1. QT5笔记:6. QT 与 C++

    QT 对标准的C++进行了扩展,引入了一些新的概念和功能 QT 的元对象编译器(Meta-Object Compiler, MOC)是一个预处理器,它预处理QT项目,先将QT的一些特性代码转换为标准的 ...

  2. docker - [15] springboot微服务打包docker镜像

    步骤: 1.构建Springboot项目 2.打包应用 3.编写dockerfile 4.构建docker镜像 5.发布运行 一.构建Springboot项目 (1)创建一个SpringBoot(以下 ...

  3. Oracle - [03] 存储过程

    一.什么是存储过程 存储过程是一种数据库对象,是一种存储在数据库中的可执行程序,是一些经过编写.编译而存在数据库中的SQL语句集. 二.创建存储过程的语法 create or replace proc ...

  4. new vue 实例发生了什么呢?

    前言 最近全面栽进vue源码解析中,将出一系列的学习笔记 以及个人的一些总结 第一步准备工作 到GitHub上下载vue的源码(巧妇难为无米之炊) 用自己喜欢的编辑器打开源码 vue主要源码資源在sr ...

  5. AI回答(deepseek):vue3制作手机屏网站

    使用 Vue 3 制作一个适合手机屏幕的网站(移动端网站)是一个非常常见的需求.以下是一个完整的指南,帮助你从零开始构建一个移动端优化的 Vue 3 项目. 1. 创建 Vue 3 项目 使用 Vit ...

  6. antd vue 嵌套表格之实现每次展开一行

    在项目中遇到一个需求,就是使用嵌套子表格时,每次只展示一行,且展开一行另一行收起,直接上代码吧,顺便记录一下 这里需要注意,我们要在外层table组件添加如图三个属性,缺一不可,咳咳,不用杠我那个&l ...

  7. Caddy web服务器

    caddy 中文文档:https://caddy2.dengxiaolong.com/docs/ 常用命令 命令 描述 caddy run 启动Caddy服务器 caddy reload 重载Cadd ...

  8. 无人机 offboard 控制

    博客地址:https://www.cnblogs.com/zylyehuo/ 参考 https://space.bilibili.com/393165606/channel/collectiondet ...

  9. Swarm集群部署、集群架构、集群管理 、服务管理

    一.部署swarm集群 #docker swarm简介 Docker Swarm 和 Docker Compose 一样,都是 Docker 官方容器编排项目,但不同的是,Docker Compose ...

  10. 深入掌握FastAPI与OpenAPI规范的高级适配技巧

    title: 深入掌握FastAPI与OpenAPI规范的高级适配技巧 date: 2025/03/30 01:16:11 updated: 2025/03/30 01:16:11 author: c ...