有盆友好奇所谓的网络穿透是怎么做的

然后talk is cheap,please show code

所以只好写个简单且常见的websocket例子,

这里的例子大致是这个原理

浏览器插件(或者其他)首先将正常访问请求 --> 转换为socks5访问 --> 假代理服务器建立websocket链接,然后传输socks5协议数据 --> 允许websocket的网关由于不解析websocket数据而不知道是socks5所以未做拦截 --> 真代理服务器从websocket中解析socks5进行转发处理

代码如下

Socks5 --> websocket 端

internal class Socks5ToWSMiddleware : ITcpProxyMiddleware

{

    private readonly IForwarderHttpClientFactory httpClientFactory;

    private readonly ILoadBalancingPolicyFactory loadBalancing;

    private readonly ProxyLogger logger;

    private readonly TimeProvider timeProvider;

    public Socks5ToWSMiddleware(IForwarderHttpClientFactory httpClientFactory, ILoadBalancingPolicyFactory loadBalancing, ProxyLogger logger, TimeProvider timeProvider)

    {

        this.httpClientFactory = httpClientFactory;

        this.loadBalancing = loadBalancing;

        this.logger = logger;

        this.timeProvider = timeProvider;

    }

    public Task InitAsync(ConnectionContext context, CancellationToken token, TcpDelegate next)

    {

        // 过滤符合的路由配置

        var feature = context.Features.Get<IL4ReverseProxyFeature>();

        if (feature is not null)

        {

            var route = feature.Route;

            if (route is not null && route.Metadata is not null

                && route.Metadata.TryGetValue("socks5ToWS", out var b) && bool.TryParse(b, out var isSocks5) && isSocks5)

            {

                feature.IsDone = true;

                route.ClusterConfig?.InitHttp(httpClientFactory);

                return Proxy(context, feature, token);

            }

        }

        return next(context, token);

    }

    private async Task Proxy(ConnectionContext context, IL4ReverseProxyFeature feature, CancellationToken token)

    { // loadBalancing 选取有效 ip

        var route = feature.Route;

        var cluster = route.ClusterConfig;

        DestinationState selectedDestination;

        if (cluster is null)

        {

            selectedDestination = null;

        }

        else

        {

            selectedDestination = feature.SelectedDestination;

            selectedDestination ??= loadBalancing.PickDestination(feature);

        }

        if (selectedDestination is null)

        {

            logger.NotFoundAvailableUpstream(route.ClusterId);

            Abort(context);

            return;

        }

        selectedDestination.ConcurrencyCounter.Increment();

        try

        {

            await SendAsync(context, feature, selectedDestination, cluster, route.Transformer, token);

            selectedDestination.ReportSuccessed();

        }

        catch

        {

            selectedDestination.ReportFailed();

            throw;

        }

        finally

        {

            selectedDestination.ConcurrencyCounter.Decrement();

        }

    }

    private async Task<ForwarderError> SendAsync(ConnectionContext context, IL4ReverseProxyFeature feature, DestinationState selectedDestination, ClusterConfig? cluster, IHttpTransformer transformer, CancellationToken token)

    {

        // 创建 websocket 请求, 这里为了简单,只创建简单 http1.1 websocket

        var destinationPrefix = selectedDestination.Address;

        if (destinationPrefix is null || destinationPrefix.Length < 8)

        {

            throw new ArgumentException("Invalid destination prefix.", nameof(destinationPrefix));

        }

        var route = feature.Route;

        var requestConfig = cluster.HttpRequest ?? ForwarderRequestConfig.Empty;

        var httpClient = cluster.HttpMessageHandler ?? throw new ArgumentNullException("httpClient");

        var destinationRequest = new HttpRequestMessage();

        destinationRequest.Version = HttpVersion.Version11;

        destinationRequest.VersionPolicy = HttpVersionPolicy.RequestVersionOrLower;

        destinationRequest.Method = HttpMethod.Get;

        destinationRequest.RequestUri ??= new Uri(destinationPrefix, UriKind.Absolute);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Connection, HeaderNames.Upgrade);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Upgrade, HttpForwarder.WebSocketName);

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.SecWebSocketVersion, "13");

        destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.SecWebSocketKey, ProtocolHelper.CreateSecWebSocketKey());

        destinationRequest.Content = new EmptyHttpContent();

        if (!string.IsNullOrWhiteSpace(selectedDestination.Host))

        {

            destinationRequest.Headers.TryAddWithoutValidation(HeaderNames.Host, selectedDestination.Host);

        }

        // 建立websocket 链接,成功则直接 复制原始 req/resp 数据,不做任何而外处理

        var destinationResponse = await httpClient.SendAsync(destinationRequest, token);

        if (destinationResponse.StatusCode == HttpStatusCode.SwitchingProtocols)

        {

            using var destinationStream = await destinationResponse.Content.ReadAsStreamAsync(token);

            var clientStream = new DuplexPipeStreamAdapter<Stream>(null, context.Transport, static i => i);

            var activityCancellationSource = ActivityCancellationTokenSource.Rent(route.Timeout);

            var requestTask = StreamCopier.CopyAsync(isRequest: true, clientStream, destinationStream, StreamCopier.UnknownLength, timeProvider, activityCancellationSource,

                autoFlush: destinationResponse.Version == HttpVersion.Version20, token).AsTask();

            var responseTask = StreamCopier.CopyAsync(isRequest: false, destinationStream, clientStream, StreamCopier.UnknownLength, timeProvider, activityCancellationSource, token).AsTask();

            var task = await Task.WhenAny(requestTask, responseTask);

            await clientStream.DisposeAsync();

            if (task.IsCanceled)

            {

                Abort(context);

                activityCancellationSource.Cancel();

                if (task.Exception is not null)

                {

                    throw task.Exception;

                }

            }

        }

        else

        {

            Abort(context);

            return ForwarderError.UpgradeRequestDestination;

        }

        return ForwarderError.None;

    }

    public Task<ReadOnlyMemory<byte>> OnRequestAsync(ConnectionContext context, ReadOnlyMemory<byte> source, CancellationToken token, TcpProxyDelegate next)

    {

        return next(context, source, token);

    }

    public Task<ReadOnlyMemory<byte>> OnResponseAsync(ConnectionContext context, ReadOnlyMemory<byte> source, CancellationToken token, TcpProxyDelegate next)

    {

        return next(context, source, token);

    }

    private static void Abort(ConnectionContext upstream)

    {

        upstream.Transport.Input.CancelPendingRead();

        upstream.Transport.Output.CancelPendingFlush();

        upstream.Abort();

    }

}

websocket --> Socks5 端

internal class WSToSocks5HttpMiddleware : IMiddleware

{

    private static ReadOnlySpan<byte> EncodedWebSocketKey => "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"u8;

    private WebSocketMiddleware middleware;

    private readonly Socks5Middleware socks5Middleware;

    public WSToSocks5HttpMiddleware(IOptions<WebSocketOptions> options, ILoggerFactory loggerFactory, Socks5Middleware socks5Middleware)

    {

        middleware = new WebSocketMiddleware(Scoks5, options, loggerFactory);

        this.socks5Middleware = socks5Middleware;

    }

    private async Task Scoks5(HttpContext context)

    {

        var upgradeFeature = context.Features.Get<IHttpUpgradeFeature>();

        // 检查是否未正确 websocket 请求

        var f = context.Features.Get<IHttpWebSocketFeature>();

        if (f.IsWebSocketRequest)

        {

            // 返回 websocket 接受信息

            var responseHeaders = context.Response.Headers;

            responseHeaders.Connection = HeaderNames.Upgrade;

            responseHeaders.Upgrade = HttpForwarder.WebSocketName;

            responseHeaders.SecWebSocketAccept = CreateResponseKey(context.Request.Headers.SecWebSocketKey.ToString());

            var stream = await upgradeFeature!.UpgradeAsync(); // Sets status code to 101

            // 建原始 websocket stream 包装成 pipe 方便使用原来的 socks5Middleware 实现

            var memoryPool = context is IMemoryPoolFeature s ? s.MemoryPool : MemoryPool<byte>.Shared;

            StreamPipeReaderOptions readerOptions = new StreamPipeReaderOptions

            (

                pool: memoryPool,

                bufferSize: memoryPool.GetMinimumSegmentSize(),

                minimumReadSize: memoryPool.GetMinimumAllocSize(),

                leaveOpen: true,

                useZeroByteReads: true

            );

            var writerOptions = new StreamPipeWriterOptions

            (

                pool: memoryPool,

                leaveOpen: true

            );

            var input = PipeReader.Create(stream, readerOptions);

            var output = PipeWriter.Create(stream, writerOptions);

            var feature = context.Features.Get<IReverseProxyFeature>();

            var route = feature.Route;

            using var cts = CancellationTokenSourcePool.Default.Rent(route.Timeout);

            var token = cts.Token;

            context.Features.Set<IL4ReverseProxyFeature>(new L4ReverseProxyFeature() { IsDone = true, Route = route });

            // socks5Middleware 进行转发

            await socks5Middleware.Proxy(new WebSocketConnection(context.Features)

            {

                Transport = new WebSocketDuplexPipe() { Input = input, Output = output },

                ConnectionId = context.Connection.Id,

                Items = context.Items,

            }, null, token);

        }

        else

        {

            context.Response.StatusCode = StatusCodes.Status400BadRequest;

        }

    }

    public static string CreateResponseKey(string requestKey)

    {

        // "The value of this header field is constructed by concatenating /key/, defined above in step 4

        // in Section 4.2.2, with the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11", taking the SHA-1 hash of

        // this concatenated value to obtain a 20-byte value and base64-encoding"

        // https://tools.ietf.org/html/rfc6455#section-4.2.2

        // requestKey is already verified to be small (24 bytes) by 'IsRequestKeyValid()' and everything is 1:1 mapping to UTF8 bytes

        // so this can be hardcoded to 60 bytes for the requestKey + static websocket string

        Span<byte> mergedBytes = stackalloc byte[60];

        Encoding.UTF8.GetBytes(requestKey, mergedBytes);

        EncodedWebSocketKey.CopyTo(mergedBytes[24..]);

        Span<byte> hashedBytes = stackalloc byte[20];

        var written = SHA1.HashData(mergedBytes, hashedBytes);

        if (written != 20)

        {

            throw new InvalidOperationException("Could not compute the hash for the 'Sec-WebSocket-Accept' header.");

        }

        return Convert.ToBase64String(hashedBytes);

    }

    public Task InvokeAsync(HttpContext context, RequestDelegate next)

    {

       // 过滤符合的路由配置

        var feature = context.Features.Get<IReverseProxyFeature>();

        if (feature is not null)

        {

            var route = feature.Route;

            if (route is not null && route.Metadata is not null

                && route.Metadata.TryGetValue("WSToSocks5", out var b) && bool.TryParse(b, out var isSocks5) && isSocks5)

            {

                // 这里偷个懒,利用现成的 WebSocketMiddleware 检查 websocket 请求,

                return middleware.Invoke(context);

            }

        }

        return next(context);

    }

}

internal class WebSocketConnection : ConnectionContext

{

    public WebSocketConnection(IFeatureCollection features)

    {

        this.features = features;

    }

    public override IDuplexPipe Transport { get; set; }

    public override string ConnectionId { get; set; }

    private IFeatureCollection features;

    public override IFeatureCollection Features => features;

    public override IDictionary<object, object?> Items { get; set; }

}

internal class WebSocketDuplexPipe : IDuplexPipe

{

    public PipeReader Input { get; set; }

    public PipeWriter Output { get; set; }

}

所以利用 websocket 伪装的例子大致就是这样就可以完成 tcp的 socks5 处理了 udp我就不来了

最后有兴趣的同学给 L4/L7的代理 VKProxy点个赞呗 (暂时没有使用文档,等啥时候有空把配置ui站点完成了再来吧)

如何使用 websocket 完成 socks5 网络穿透的更多相关文章

  1. n2n网络穿透内网

    目录 前言 配置 网络拓扑: 公网服务器的配置 公司电脑的配置 家里笔记本的配置 注意事项 使用n2n网络 n2n的各edge之间传输数据 补充:NAT类型 后记 前言 在家里的时候比较经常需要对公司 ...

  2. nat网络穿透整理笔记(思维导图)

    mindmanger整理的,关于Nat穿透,图片太小,可以点击放大,单独看图片.

  3. WebSocket协议中文版

    WebSocket协议中文版 摘要 WebSocket协议实现在受控环境中运行不受信任代码的一个客户端到一个从该代码已经选择加入通信的远程主机之间的全双工通信.用于这个安全模型是通常由web浏览器使用 ...

  4. Issue 7: 网络in action

    网络运维基础 基础参数 配置:IP,子网掩码,网关,dns服务器,dhcp服务器 基础应用 在网关设置上搭建VPN组网 改host文件 单台主机原则上只能配置一个网关 协议 协议是全球都遵守的一套编码 ...

  5. 在线聊天室的实现(1)--websocket协议和javascript版的api

    前言: 大家刚学socket编程的时候, 往往以聊天室作为学习DEMO, 实现简单且上手容易. 该Demo被不同语言实现和演绎, 网上相关资料亦不胜枚举. 以至于很多技术书籍在讲解网络相关的编程时, ...

  6. Unity3d 网络编程(二)(Unity3d内建网络各项參数介绍)

    这里是全部Unity3d在网络中能用到相关的类及方法.纵观參数功能, Unity3d来写一个手游是不二的选择: RPC 能够传递的參数 int float string NetworkPlayer N ...

  7. C#(SuperWebSocket)与websocket通信

    原文:C#(SuperWebSocket)与websocket通信 客户端代码 点击可以查看一些关于websocket的介绍 <!DOCTYPE html> <html> &l ...

  8. WebSocket学习笔记——无痛入门

    WebSocket学习笔记——无痛入门 标签: websocket 2014-04-09 22:05 4987人阅读 评论(1) 收藏 举报  分类: 物联网学习笔记(37)  版权声明:本文为博主原 ...

  9. WebSocket抓包分析

    转载自:https://www.cnblogs.com/songwenjie/p/8575579.html Chrome控制台 (1)F12进入控制台,点击Network,选中ws栏,注意选中Filt ...

  10. 爬取实时变化的 WebSocket 数据(转载)

    本文转自:https://mp.weixin.qq.com/s/fuS3uDvAWOQBQNetLqzO-g 一.前言 作为一名爬虫工程师,在工作中常常会遇到爬取实时数据的需求,比如体育赛事实时数据. ...

随机推荐

  1. Linux目录管理命令

    1. pwd :显示当前所在目录的路径 1.1 语法格式 pwd #直接按回车键 1.2 实践案例 案例:查看当前所在目录路径 [root@yyds ~]# pwd /root --->显示的是 ...

  2. vue element 动态增加表单并进行表单验证

    表单验证:需要注意的一点是: 普通表单验证单项依靠的是prop-而动态生成的表单要用:prop 书写的语法是:prop="'moreNotifyObject.' + index +'.not ...

  3. 【Blender】杂项笔记

    [Blender]杂项笔记 空间坐标系 Blender 中的轴向: Y 轴向前(前视图看向的方向就是前方,其默认向 Y 轴看) Z 轴向上 保持轴向导出到 Unity 时(包括直接保存.导出 FBX ...

  4. Shell - [01] 概述

    一.shell是什么 Shell 是一个命令解释器,接收应用程序/用户命令去调用操作系统内核. Shell 是一个功能强大的编程语言,易编写.易调试.灵活性强. 二.shell的解析器有哪些 [roo ...

  5. spark-shell启动报错

    Spark On Hive 配置步骤在Spark客户端安装包下的conf目录中创建文件hive-site.xml,配置hive的metastore路径 <configuration> &l ...

  6. Scala面向对象之创建对象,重载构造方法,继承抽象类实现接口

    package com.wyh.day01 object ScalaClass { def main(args: Array[String]): Unit = { val student = new ...

  7. Abaqus Matrix Genrate 分析 | 输出总体刚度

    引言 abaqus 可以输出模型的刚度/质量/阻尼/载荷矩阵等: 输出单元刚度矩阵 输出范围可以是一个单元,也可以是多个单元 输出总体刚度矩阵 输出的数据是整个模型的刚度矩阵,或者是某一特定区域的总体 ...

  8. 【ABAQUS 二次开发笔记】读入TXT分析结果&输出csv文件

    abaqus分析之后,很多结果可以输出dat,msg,sta等文件中.可以用记事本.notpad++.editplus等软件打开编辑. 但是往往无法直接用excel.origin等软件打开,比如对结构 ...

  9. Java工程师应该掌握的知识

    https://pan.baidu.com/s/1pXKwwVwE_g9RhjGrbABcUAydvn 以Java工程师应该掌握的知识,按重要程度排出六个梯度: 第一梯度:计算机组成原理.数据结构和算 ...

  10. [每日算法 - 华为机试] leetcode53 :最大子数组和 「算法中的哲学」

    入口 53. 最大子数组和https://leetcode.cn/problems/maximum-subarray/ 题目描述 给你一个整数数组 nums ,请你找出一个具有最大和的连续子数组(子数 ...