cloudshellproxy v0.5.10

CloudShell Proxy

Introduction

Nowadays, most cloud computing services provide web-based Shell to manage servers, known as CloudShell.

For stability and security, the CloudShell traffic is routed through the vendor's internal network, rather than a direct connection between the browser and the server.

Using this feature, arbitrary data can be wrapped into CloudShell traffic and communicate with the server over the vendor's internal network for a high-quality or covert channel.

Architecture

There are 3 parts in this project:

• browser side (inject.js)

• client side (proxy-client)

• server side (proxy-server)

Supported Vendors

This idea theoretically supports all CloudShells, but in order to improve performance and stability, each vendor's CloudShell needs to be adapted.

Install

Run on both the client and server:

npm install -g cloudshellproxy

If the server-side Node.js is not global (e.g. installed via nvm), this program must be installed in the CloudShell user environment.

Usage

Client:

cloudshellproxy client --help

The subcommand client is default and can be omitted.

Server:

cloudshellproxy server --help

The server-side commands are entered automatically and are rarely entered manually.

Demo

Map a local port (2022) to the server port (22):

cloudshellproxy 2022 22

Log in to the CloudShell, open the browser console and run:

import('http://127.0.0.1:10000/inject.js')

The injected js will connect to the proxy-client, send a command to the shell to start the proxy-server, and then bridge the two streams.

Now, connecting to local port 2022 is equivalent to connecting to server port 22.

ssh 127.0.0.1 -p2022

Tip

This program only supports a single connection, if you need more connections, you can use other proxy tools based on this connection.

For example, using the SSH directly:

ssh 127.0.0.1 -p2022 -D12345

In this way, a SOCKS5 service can be created on the local port 12345.

Automation

CloudShell sessions are short-lived and expire after a few hours, so you need to log back in frequently and re-inject code, which can be tedious.

You can consider using automation tools such as WebDriver, puppeteer, playwright, etc., or some browser extensions.

Encoding

Many CloudShells use text format (UTF-8) to communicate with the backend, while our data is binary, so choosing a appropriate encoding can improve transmission efficiency.

Base64 is the safest, but also the least efficient; Base128 is the most efficient, but may be not safe, for example, some CloudShells will confuse \n and \r\n and cause errors.

If CloudShell supports compression (e.g. WebSocket service enables the deflate extension), the efficiency will be different. In this case, Base64 is usually better than Base94, because the redundancy of Base64 is more obvious and easier to compress.

The client will use a pre-configured encoding according to different vendors. You can also override the default encoding with the --encoding option, and customize the code table with the --table option.

FAQ

A: How can I determine my CloudShell's maximum transfer speed?

Q: You can run cat /dev/zero or cat /dev/random in CloudShell to generate a lot of data, and then watch the incoming traffic in task manager.

A: Why is the data transfer incorrect?

Q: Make sure the client and server are the same version:

cloudshellproxy --version

The encoding implementation may be changed, resulting in data errors.

In addition, the cloud vendor may change the transfer protocol at any time, and if this program is not adapted in time, it may not work.

Warning

This tool is for learning and experimentation only, do not overuse it, or do so at your own risk.

License

MIT