概念验证 HTTP 到 HTTP 隧道?

tag-icon tag-icon stunnel
概念验证 HTTP 到 HTTP 隧道?

与此类似简单的概念验证隧道配置,除了我的应该更简单,因为我不需要任何 HTTPS 或 SSL。

我需要配置代理stunnel来自 VPS 上的自定义端口的 HTTP 请求,以便http://84.33.37.101/,一个简单的 HTTP IPv4 镜像页面。

我的/etc/stunnel/stunnel.conf

; It is recommended to drop root privileges if stunnel is started by root
setuid = stunnel4
setgid = stunnel4

; PID file is created inside the chroot jail (if enabled)
pid = /var/run/stunnel/stunnel.pid

; Debugging stuff (may be useful for troubleshooting)
foreground = yes
debug = debug
output = /var/log/stunnel4/stunnel.log

; Test
[http-test]
client = yes
accept = 48080
connect = 84.33.37.101:80

当我http://MY-VPS-IP:48080通过浏览器访问时,我得到:

2023.10.13 14:29:33 LOG7[ui]: Clients allowed=500
2023.10.13 14:29:33 LOG5[ui]: stunnel 5.39 on x86_64-pc-linux-gnu platform
2023.10.13 14:29:33 LOG5[ui]: Compiled with OpenSSL 1.1.0c  10 Nov 2016
2023.10.13 14:29:33 LOG5[ui]: Running  with OpenSSL 1.1.0l  10 Sep 2019
2023.10.13 14:29:33 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
2023.10.13 14:29:33 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2023.10.13 14:29:33 LOG7[ui]: errno: (*__errno_location ())
2023.10.13 14:29:33 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
2023.10.13 14:29:33 LOG5[ui]: UTF-8 byte order mark detected
2023.10.13 14:29:33 LOG5[ui]: FIPS mode disabled
2023.10.13 14:29:33 LOG7[ui]: Compression disabled
2023.10.13 14:29:33 LOG7[ui]: Snagged 64 random bytes from /root/.rnd
2023.10.13 14:29:33 LOG7[ui]: Wrote 1024 new random bytes to /root/.rnd
2023.10.13 14:29:33 LOG7[ui]: PRNG seeded successfully
2023.10.13 14:29:33 LOG6[ui]: Initializing service [http-test]
2023.10.13 14:29:33 LOG7[ui]: No certificate or private key specified
2023.10.13 14:29:33 LOG4[ui]: Service [http-test] needs authentication to prevent MITM attacks
2023.10.13 14:29:33 LOG7[ui]: TLS options: 0x02020004 (+0x02000000, -0x00000000)
2023.10.13 14:29:33 LOG5[ui]: Configuration successful
2023.10.13 14:29:33 LOG7[ui]: Listening file descriptor created (FD=7)
2023.10.13 14:29:33 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2023.10.13 14:29:33 LOG7[ui]: Service [http-test] (FD=7) bound to 0.0.0.0:48080
2023.10.13 14:29:33 LOG7[cron]: Cron thread initialized
2023.10.13 14:29:33 LOG6[cron]: Executing cron jobs
2023.10.13 14:29:33 LOG6[cron]: Cron jobs completed in 0 seconds
2023.10.13 14:29:33 LOG7[cron]: Waiting 86400 seconds
2023.10.13 14:29:33 LOG7[ui]: Created pid file /var/run/stunnel/stunnel.pid
2023.10.13 14:30:04 LOG7[ui]: Found 1 ready file descriptor(s)
2023.10.13 14:30:04 LOG7[ui]: FD=4 events=0x2001 revents=0x0
2023.10.13 14:30:04 LOG7[ui]: FD=7 events=0x2001 revents=0x1
2023.10.13 14:30:04 LOG7[ui]: Service [http-test] accepted (FD=3) from MY-PC-IP:49897
2023.10.13 14:30:04 LOG7[0]: Service [http-test] started
2023.10.13 14:30:04 LOG7[0]: Option TCP_NODELAY set on local socket
2023.10.13 14:30:04 LOG5[0]: Service [http-test] accepted connection from MY-PC:49897
2023.10.13 14:30:04 LOG6[0]: s_connect: connecting 84.33.37.101:80
2023.10.13 14:30:04 LOG7[0]: s_connect: s_poll_wait 84.33.37.101:80: waiting 10 seconds
2023.10.13 14:30:04 LOG5[0]: s_connect: connected 84.33.37.101:80
2023.10.13 14:30:04 LOG5[0]: Service [http-test] connected remote server from MY-VPS-IP:36584
2023.10.13 14:30:04 LOG7[0]: Option TCP_NODELAY set on remote socket
2023.10.13 14:30:04 LOG7[0]: Remote descriptor (FD=9) initialized
2023.10.13 14:30:04 LOG6[0]: SNI: sending servername: 84.33.37.101
2023.10.13 14:30:04 LOG6[0]: Peer certificate not required
2023.10.13 14:30:04 LOG7[0]: TLS state (connect): before SSL initialization
2023.10.13 14:30:04 LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
2023.10.13 14:30:04 LOG3[0]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2023.10.13 14:30:04 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2023.10.13 14:30:04 LOG7[0]: Deallocating application specific data for addr index
2023.10.13 14:30:04 LOG7[0]: Remote descriptor (FD=9) closed
2023.10.13 14:30:04 LOG7[0]: Local descriptor (FD=3) closed
2023.10.13 14:30:04 LOG7[0]: Service [http-test] finished (0 left)

我的配置中没有提到 SSL 或 443,那么为什么stunnel它一直出现?有什么方法可以禁用它吗?

更新型多巴胺我尝试对我的其他 VPS 进行此操作,并在其 Apache Web 服务器日志中看到以下内容:

MY-VPS-IP - - [13/Oct/2023:12:13:24 +0000] "\x16\x03\x01" 400 512 "-" "-"

根据我的 Apache 日志中的 HTTP 请求“\x80z\x01\x03\x01”,”似乎有人试图通过 SSL 连接到非 SSL 端口“。

相关内容