Nodejs implements intranet penetration service

Maybe it is difficult for you to find an article on the Internet that explains intranet penetration from a code level. I have searched for it but failed, so I wrote this article.

1. Proxy in LAN

Let’s review the previous article first. How to implement a service proxy within a local area network? Since this is very simple, let's go straight to the code.

const net = require('net')

const proxy = net.createServer(socket => {
  const localServe = new net.Socket()
  localServe.connect(5502, '192.168.31.130') // Service port and IP in the LAN.

  socket.pipe(localServe).pipe(socket)
})

proxy.listen(80)

This is a very simple server-side proxy. The code is simple and clear. If you have any questions, it is probably the pipe here. Let me briefly explain it. The socket is a full-duplex stream, that is, a data stream that can be both readable and writable. In the code, when the socket receives data from the client, it writes the data to the localSever. When the localSever has data, it writes the data to the socket, and the socket then sends the data to the client.

2. Intranet penetration

LAN proxy is simple, but intranet penetration is not so simple. However, it is the core code and requires considerable logical processing. Before implementing it specifically, let's first sort out the intranet penetration.

What is intranet penetration?

Simply put, it is a public network client that can access services within the local area network. For example, services started locally. How does the public network client know the locally started serve? Here we must rely on the public network server. So how does the public network server know about the local service? This requires establishing a socket link between the local and server.

Four roles

Through the above description, we introduce four roles.

1. We name the public network client client.
2. The public network server is named proxyServe because it functions as a proxy.
3. Local service, named localServe.
4. The local socket is long connected to the server. It is the bridge between proxyServe and localServe and is responsible for data transfer. We named it bridge.

Among them, client and localServe do not need our concern, because client can be a browser or other, and localServe is just an ordinary local service. We only need to care about proxyServe and bridge. What we introduce here is still the simplest implementation method, providing a way of thinking and thinking, so let's start with the simplest one.

bridge

We know from the four roles section that bridge is a socket connection with proxyServe and is the transfer of data. Let's look at the code to sort out the ideas.

const net = require('net')

const proxyServe = '10.253.107.245'

const bridge = new net.Socket()
bridge.connect(80, proxyServe, _ => {
  bridge.write('GET /regester?key=sq HTTP/1.1\r\n\r\n')
})

bridge.on('data', data => {
  const localServer = new net.Socket()
  localServer.connect(8088, 'localhost', _ => {
    localServer.write(data)
    localServer.on('data', res => bridge.write(res))
  })
})

The code is clear and readable, even catchy. Import the net library, declare the public network address, create a bridge, connect the bridge to proxyServe, and after success, register the local service with proxyServe. Then, the bridge listens for data, and when a request arrives, creates a connection with the local service. After success, the request data is sent to localServe, and the response data is listened to at the same time, and the response stream is written to the bridge.

There is not much to explain about the rest, after all, this is just sample code. However, there is a section /regester?key=sq in the sample code. This key is very useful. Here key=sq. Then when the role client accesses the local service through the proxy service, this key needs to be added to the path so that the proxyServe can correspond to the bridge and thus correspond to the localServe.

For example: lcoalServe is: http://localhost:8088, rpoxyServe is example.com, and the registered key is sq. Then if you want to access localServe through prxoyServe, you need to write it as follows: example.com/sq. Why write like this? Of course, this is just a definition. After you understand the code in this article, you can modify this convention.

So, let's look at the following key codes:

proxyServe

Although the proxyServe here is a simplified sample code, it is still a bit complicated to explain. If you want to fully understand it and combine it with your own business to make a usable code, you need to put in some effort. Here I split the code into pieces and try to explain it clearly. We give the code blocks names to facilitate explanation.
Code block 1: createServe

The main function of this block is to create a proxy service, establish a socket link with the client and bridge, listen to the data request on the socket, and perform logical processing in the callback function. The specific code is as follows:

const net = require('net')

const bridges = {} // When a bridge establishes a socket connection, it is cached here const clients = {} // When a client establishes a socket connection, it is cached here. For the specific data structure, see the source code net.createServer(socket => {
  socket.on('data', data => {
    const request = data.toString()
    const url = request.match(/.+ (?<url>.+) /)?.groups?.url
    
    if (!url) return

    if (isBridge(url)) {
      regesterBridge(socket, url)
      return
    }

    const { bridge, key } = findBridge(request, url)
    if (!bridge) return

    cacheClientRequest(bridge, key, socket, request, url)

    sendRequestToBridgeByKey(key)
  })
}).listen(80)

Take a look at the code logic in the data monitor:

1. Convert request data into a string.
2. Look for the URL in the request. If the URL is not found, terminate the request directly.
3. Determine whether it is a bridge through the URL. If so, register the bridge. Otherwise, consider it a client request.
4. Check to see if the client request has any registered bridges - remember, this is a proxy service, and if there is no registered bridge, the request is considered invalid.
5. Cache this request.
6. Then send the request to the bridge.

Combining the code and logic, you should be able to understand it, but you may have questions about 5. Let's sort them out one by one.

Code block 2: isBridge

The method to determine whether it is a bridge registration request is very simple. However, for real business, more precise data may be defined.

function isBridge (url) {
  return url.startsWith('/regester?')
}

Code block three: regesterBridge
Simple, look at the code and explain:

function regesterBridge (socket, url) {
  const key = url.match(/(^|&|\?)key=(?<key>[^&]*)(&|$)/)?.groups?.key
  bridges[key] = socket
  socket.removeAllListeners('data')
}

1. Find the key of the bridge to be registered through the URL.
2. Cache the socket connection.
3. Remove the data monitoring of the bridge - In code block 1, each socket has a default data monitoring callback function. If it is not removed, subsequent data will be confused.

Code block 4: findBridge

When the logic reaches code block 4, it means that this is already a client request. Then, it is necessary to find the corresponding bridge first. If there is no bridge, it is necessary to register the bridge first, and then the user needs to initiate the client request later. The code is as follows:

function findBridge (request, url) {
  let key = url.match(/\/(?<key>[^\/\?]*)(\/|\?|$)/)?.groups?.key
  let bridge = bridges[key]
  if (bridge) return { bridge, key }

  const referer = request.match(/\r\nReferer: (?<referer>.+)\r\n/)?.groups?.referer
  if (!referer) return {}

  key = referer.split('//')[1].split('/')[1]
  bridge = bridges[key]
  if (bridge) return { bridge, key }

  return {}
}

• Match the key of the bridge to be proxied from the URL, and return the corresponding bridge and key if found.
• If it is not found, then look for it in the referer in the request header. If it is found, the bridge and key are returned.
• None of them can be found. We know that this request will be terminated in code block 1.

Code Block 5: cacheClientRequest

The code execution here indicates that it is already a client request. We first cache this request. When caching, we also cache the bridge and key bindings corresponding to the request to facilitate subsequent operations.

Why cache client requests?

In the current solution, we hope that both requests and responses are ordered in pairs. We know that network transmission is fragmented. At present, if we do not control the request and response in pairs and order at the application layer, it will cause confusion between data packets. This is the current situation. If there is a better solution later, we can trust the TCP/IP layer instead of forcing the request and response of data to be in order at the application layer.
After explaining the reasons, let's first look at the cache code, which is relatively simple here. The complexity lies in taking out the requests one by one and returning the entire response in order.

function cacheClientRequest (bridge, key, socket, request, url) {
  if (clients[key]) {
    clients[key].requests.push({bridge, key, socket, request, url})
  } else {
    clients[key] = {}
    clients[key].requests = [{bridge, key, socket, request, url}]
  }
}

We first determine whether there is already a client request cache under the key corresponding to the bridge. If so, we push it in.

If not, we create an object and initialize this request.

The next step is the most complicated one, which is to take out the request cache, send it to the bridge, and listen to the response of the bridge until the current response ends. Then, delete the data monitoring of the bridge, try to take out the next request, and repeat the above actions until all requests from the client are processed.

Code block six: sendRequestToBridgeByKey

At the end of code block five, a summary description of the block is given. You can understand it a little bit first, and then look at the following code, because there will be some response integrity judgments in the code. If you remove these, the code will be easier to understand. In the whole solution, we did not process the request integrity because a request is basically within the size of a data packet, unless it is a file upload interface, which we will not process for now. Otherwise, the code will be more complicated.

function sendRequestToBridgeByKey (key) {
  const client = clients[key]
  if (client.isSending) return

  const requests = client.requests
  if (requests.length <= 0) return

  client.isSending = true
  client.contentLength = 0
  client.received = 0

  const {bridge, socket, request, url} = requests.shift()

  const newUrl = url.replace(key, '')
  const newRequest = request.replace(url, newUrl)

  bridge.write(newRequest)
  bridge.on('data', data => {
    const response = data.toString()

    let code = response.match(/^HTTP[S]*\/[1-9].[0-9] (?<code>[0-9]{3}).*\r\n/)?.groups?.code
    if (code) {
      code = parseInt(code)
      if (code === 200) {
        let contentLength = response.match(/\r\nContent-Length: (?<contentLength>.+)\r\n/)?.groups?.contentLength
        if (contentLength) {
          contentLength = parseInt(contentLength)
          client.contentLength = contentLength
          client.received = Buffer.from(response.split('\r\n\r\n')[1]).length
        }
      } else {
        socket.write(data)
        client.isSending = false
        bridge.removeAllListeners('data')
        sendRequestToBridgeByKey(key)
        return
      }
    } else {
      client.received += data.length
    }

    socket.write(data)

    if (client.contentLength <= client.received) {
      client.isSending = false
      bridge.removeAllListeners('data')
      sendRequestToBridgeByKey(key)
    }
  })
}

Take out the client corresponding to the bridge key from clients.
Determine whether the client has a request being sent. If so, terminate the execution. If not, continue.
Determine whether there is a request under the client. If yes, continue; if not, terminate the execution.
Take the first one from the queue, which contains the requested socket and the cached bridge.
Replace the agreed data and send the final request data to the bridge.
Listen for data responses from the bridge.

• Get the response code
  • If the response is 200, we get the content length from it. If it has, we do some initialization operations for this request. Set the request length. Set the length of the request that has been sent.
  • If it is not 200, we send the data to the client, end the request, remove the data monitoring, and recursively call sendRequestToBridgeByKey
• If no code is obtained, we assume that this response is not the first one, so its length is added to the sent field.
• We then send this data to the client.
• Then determine whether the length of the response is consistent with the length of the data that has been sent. If they are consistent, set the client's data sending status to false, remove the data monitoring, and recursively call sendRequestToBridgeByKey.

At this point, the core code logic has been completed.

Summarize

After understanding this set of codes, you can expand on it and enrich the code for your own use. After understanding this set of codes, can you think of other usage scenarios for it? Can this idea also be used in remote control? If you want to control the client, you can look for inspiration from this code.
This set of codes may be difficult. You may need to know everything about TCP/IP, as well as HTTP, some key request headers, and some key response information. Of course, the more you know about HTTP, the better.
If you have anything to communicate, please leave a message.

proxyServe source code

const net = require('net')

const bridges = {}
const clients = {}

net.createServer(socket => {
  socket.on('data', data => {
    const request = data.toString()
    const url = request.match(/.+ (?<url>.+) /)?.groups?.url
    
    if (!url) return

    if (isBridge(url)) {
      regesterBridge(socket, url)
      return
    }

    const { bridge, key } = findBridge(request, url)
    if (!bridge) return

    cacheClientRequest(bridge, key, socket, request, url)

    sendRequestToBridgeByKey(key)
  })
}).listen(80)

function isBridge (url) {
  return url.startsWith('/regester?')
}

function regesterBridge (socket, url) {
  const key = url.match(/(^|&|\?)key=(?<key>[^&]*)(&|$)/)?.groups?.key
  bridges[key] = socket
  socket.removeAllListeners('data')
}

function findBridge (request, url) {
  let key = url.match(/\/(?<key>[^\/\?]*)(\/|\?|$)/)?.groups?.key
  let bridge = bridges[key]
  if (bridge) return { bridge, key }

  const referer = request.match(/\r\nReferer: (?<referer>.+)\r\n/)?.groups?.referer
  if (!referer) return {}

  key = referer.split('//')[1].split('/')[1]
  bridge = bridges[key]
  if (bridge) return { bridge, key }

  return {}
}

function cacheClientRequest (bridge, key, socket, request, url) {
  if (clients[key]) {
    clients[key].requests.push({bridge, key, socket, request, url})
  } else {
    clients[key] = {}
    clients[key].requests = [{bridge, key, socket, request, url}]
  }
}

function sendRequestToBridgeByKey (key) {
  const client = clients[key]
  if (client.isSending) return

  const requests = client.requests
  if (requests.length <= 0) return

  client.isSending = true
  client.contentLength = 0
  client.received = 0

  const {bridge, socket, request, url} = requests.shift()

  const newUrl = url.replace(key, '')
  const newRequest = request.replace(url, newUrl)

  bridge.write(newRequest)
  bridge.on('data', data => {
    const response = data.toString()

    let code = response.match(/^HTTP[S]*\/[1-9].[0-9] (?<code>[0-9]{3}).*\r\n/)?.groups?.code
    if (code) {
      code = parseInt(code)
      if (code === 200) {
        let contentLength = response.match(/\r\nContent-Length: (?<contentLength>.+)\r\n/)?.groups?.contentLength
        if (contentLength) {
          contentLength = parseInt(contentLength)
          client.contentLength = contentLength
          client.received = Buffer.from(response.split('\r\n\r\n')[1]).length
        }
      } else {
        socket.write(data)
        client.isSending = false
        bridge.removeAllListeners('data')
        sendRequestToBridgeByKey(key)
        return
      }
    } else {
      client.received += data.length
    }

    socket.write(data)

    if (client.contentLength <= client.received) {
      client.isSending = false
      bridge.removeAllListeners('data')
      sendRequestToBridgeByKey(key)
    }
  })
}

This is the end of this article about Nodejs implementing intranet penetration service. For more relevant Node intranet penetration content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!