Remember to use FRP once to complete the whole process of penetration of intranet server

Time:2021-5-9

Write on the front

Because before intranet penetration has been usedngrok, usedngrokThe latest version of 1. X1.7.1, and1.7.1There is a serious memory leak, and 1. X is no longer under maintenance,ngrok 2.xIt is no longer open source, so consider changing an intranet penetration tool.

1、 Business scenarios

EquipmentAs follows:

  • One alicloud server (Windows Server 2012) and public IP.
  • Three intranet servers, including two windows servers and one CentOS.
  • A first level domain name, which has been resolved to the public IP.

demand: you can access the data of three intranet deployment through domain name or IPhttpService, remote desktop or Internet service that can communicate with three intranet through domain name or IPSSH

2、 Whyfrp

  • Open source, frequent maintenance.
  • Support TCP, UDP, HTTP, HTTPS, STCP and other protocols.
  • GoLangThe development occupies less memory and the agent is stable.
  • Configuration is simple and convenient, user-defined plug-in configuration and plug-in development of their own business needs.
  • It provides many functions such as safely exposing intranet services, encryption and compression, optional KCP protocol for underlying communication, port reuse, load balancing, health check, URL routing, range port mapping, request header processing and so on.

Remember to use FRP once to complete the whole process of penetration of intranet server

Before the first time, you can also view the status of FRP and the display of agent statistics through the browser. On the proxy server, you can access the visual dashboard of each agent status in the browser.

Remember to use FRP once to complete the whole process of penetration of intranet server

Intranet penetration server can view the penetration status, dynamic online configuration, hot update configuration function.

Remember to use FRP once to complete the whole process of penetration of intranet server

3、 Server configuration

1. Open the port of the cloud server

Log in to the alicloud service platform, enter the instance security group, and open the ports required by the penetration agent. First, open the ports as follows:

  • Open TCP port, 7000 to 7010 port, 7000 port isfrpThe default port of proxy communication on the server side is port 7001 to 7010, which can act as the port of TCP application of intranet server. If it is not enough, the port can continue to be extended.
  • Open the TCP port, 7080 and 7443 port to facilitate HTTP and HTTPS proxy. Because the 80 and 443 ports of the cloud server have been occupied by other applications, the name suffix 80 and 443 is convenient for memory maintenance.
  • Open UDP port and 7001 port. If necessary, point-to-point intranet penetration can be opened.

The above ports are not specified and can be configured flexibly.

2. Downloadfrp

get intofrpGitHub releases address, view the latest version, the above has provided the common operating system architecture compiled package, download the corresponding version of the cloud server system.

You can also download the source code and install itGoLangEnvironment for their own compilation.

Remember to use FRP once to complete the whole process of penetration of intranet server

3. Configurationfrps

After downloading, unzip and open the folder, find the frps.ini file to configure the server-side proxy rules. The file at the beginning of FRPC will not be used on the proxy server, but will be used on the intranet server.

The basic contents of frps.ini configuration are as follows:

[common]
#Setting address and communication port
bind_addr = 0.0.0.0
bind_port = 7000

#Set default UDP port
bind_udp_port = 7001

#Monitor port 7080 and 7443 for HTTP and HTTPS proxy. The HTTP and HTTPS ports can be set as the same
vhost_http_port = 7080
vhost_https_port = 7443

#Set and view the service address and port of dashboard_ Addr is not set. It is the same as bind by default_ Addr, if you don't set the dashboard_ Port will not open this service
dashboard_addr = 0.0.0.0
dashboard_port = 7500

#Set the login account and password of the dashboard service. If it is not set, the default is admin
dashboard_user = admin
dashboard_pwd = admin

#Set the domain name of the cloud server to facilitate the simple configuration. The proxy services can be accessed through the subdomain name
subdomain_host = example.com

#Set token, try to configure more complex, configuration FRPC will use
token = 123456789

#Set log file record path
log_file = ./logs/frps.log
#Set the logging level, including trace, debug, info, warn and error
log_level = info
#Set the maximum number of days for logging
log_max_days = 1

4. Start upfrps

start-upfrpsThe service is very simple. Enter the following command to start the proxy server.

./frps -c ./frps.ini

5. WillfrpsConfigure as a system service

If the server is a Windows system, it is recommended to usewinswTools willfrpsConfigured as a system service.

  • downloadWinSW.exe or WinSW.zip, change the name of winsw.exe to frps-service.exe
  • Write frps-service.xml configuration file

    <service>
     <id>frps</id>
     <name>frps</name>
     <description>frps</description>
     <logmode>roll</logmode>
     <depend></depend>
     <executable>path/frps.exe</executable>
     <arguments>-c frps.ini</arguments>
     <delayedAutoStart/>
     <onfailure action="restart" delay="20 sec"/>
    </service>
  • installfrpsTo system servicesfrps-service install
  • Start the servicefrps-service start

If the server is a Linux system, download thefrpIt is already provided under the SYSTEMd directory of the decompression directoryfrps Files configured as system services.

4、 Client configuration

1. Downloadfrp

get intofrpGitHub releases address, view the latest version that has been compiled, and download the version of the corresponding agent system.

2. Configurationfrpc

After downloading, unzip and open the folder, find the frpc.ini file to configure the server proxy rules. Similarly, the file beginning with FRPs will not be used on the intranet server.

The basic content of frpc.ini configuration is as follows:

[common]
#IP address of cloud server and communication port set in FRPs
server_addr = x.x.x.x
server_port = 7000

#The authorization token is the same as the FRPs configuration
token = 123456789

#Set log file record path
log_file = ./logs/frps.log
#Set the logging level, including trace, debug, info, warn and error
log_level = info
#Set the maximum number of days for logging
log_max_days = 1

#Set the hot update service that can be configured in the browser
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin

#TCP range 7001-7010

#RDP, remote desktop, windows RDP default port is 3389, the protocol is TCP
[rdp]
type = tcp
local_ip = 127.0.0.1           
local_port = 3389
remote_port = 7001
subdomain = rdp

#SMB, the protocol used by windows file sharing, the default port number is 445 and the protocol is TCP. This rule can realize remote file access.
#[smb]
#type = tcp
#local_ip = 127.0.0.1
#local_port = 445
#remote_port = 7002

#Proxy native SSH
#[ssh]
#type = tcp
#local_ip = 127.0.0.1
#local_port = 22
#remote_port = 7003

#Set the proxy for the local port 80 HTTP service
#Subdomains that can be configured in FRPs_ Host domain name
#Visit test.example.com and HTTP proxy port, namely http://test.example.com :7080
[web_test]
type = http
local_port = 80
subdomain = test

4. Start upfrpc

start-upfrpcServices and servicesfrpssimilar.

./frpc -c ./frpc.ini

In the end, you can access and test the remote connection, SSH, web services, etc.

5. WillfrpcConfigure as a system service

It will not be repeated here, and the configuration will be changedfrpsThe configuration is similar to the system service.

4、 HTTPS configuration

There are two main ways to configure HTTP service of Intranet penetration as HTTPS

  1. adoptfrpcOfhttps2httpThe plug-in enables the local HTTP service with HTTPS, which is more convenient and simple to configure the services that need HTTPS controllably. However, if there are many services that need to be penetrated by HTTPS in each internal and external server, it is necessary to generate and configure a certificate for each penetration service, which is more cumbersome.
  2. Through the generation of Pan domain name certificate, nginx is configured on the external server to forward the web services penetrated from the internal network.

This paper mainly introduces the second way to configure HTTPS

  • Generate pan domain name certificate
  • Configure nginx
  • Certificate update

reference material

Original starting addresshttps://github.com/liuvigongzuoshi/blog