cloudshellproxy v0.5.10
CloudShell Proxy
Introduction
Nowadays, most cloud computing services provide web-based Shell to manage servers, known as CloudShell.
For stability and security, the CloudShell traffic is routed through the vendor's internal network, rather than a direct connection between the browser and the server.
Using this feature, arbitrary data can be wrapped into CloudShell traffic and communicate with the server over the vendor's internal network for a high-quality or covert channel.
Architecture
There are 3 parts in this project:
browser side (inject.js)
client side (proxy-client)
server side (proxy-server)
Supported Vendors
Vendor | Domain | Last Modified |
---|---|---|
Alibaba Cloud | ecs-workbench.aliyun.com | 2023-03-21 |
Tencent Cloud | orcaterm.cloud.tencent.com | 2023-04-18 |
This idea theoretically supports all CloudShells, but in order to improve performance and stability, each vendor's CloudShell needs to be adapted.
Install
Run on both the client and server:
npm install -g cloudshellproxy
If the server-side Node.js is not global (e.g. installed via nvm), this program must be installed in the CloudShell user environment.
Usage
Client:
cloudshellproxy client --help
The subcommand client
is default and can be omitted.
Server:
cloudshellproxy server --help
The server-side commands are entered automatically and are rarely entered manually.
Demo
Map a local port (2022) to the server port (22):
cloudshellproxy 2022 22
Log in to the CloudShell, open the browser console and run:
import('http://127.0.0.1:10000/inject.js')
The injected js will connect to the proxy-client, send a command to the shell to start the proxy-server, and then bridge the two streams.
Now, connecting to local port 2022 is equivalent to connecting to server port 22.
ssh 127.0.0.1 -p2022
Tip
This program only supports a single connection, if you need more connections, you can use other proxy tools based on this connection.
For example, using the SSH directly:
ssh 127.0.0.1 -p2022 -D12345
In this way, a SOCKS5 service can be created on the local port 12345.
Automation
CloudShell sessions are short-lived and expire after a few hours, so you need to log back in frequently and re-inject code, which can be tedious.
You can consider using automation tools such as WebDriver, puppeteer, playwright, etc., or some browser extensions.
Encoding
Many CloudShells use text format (UTF-8) to communicate with the backend, while our data is binary, so choosing a appropriate encoding can improve transmission efficiency.
encoding | payload | rate | efficiency |
---|---|---|---|
base64 | common text | 3/4 | 75% |
base85 | URI encoded | 4/5 | 80% |
base94 | JSON string | 9/11 | ~81.81% |
base123 | ASCII (-5 chars) | 13/15 | ~86.67% |
base128 | plain text | 7/8 | 87.5% |
Base64 is the safest, but also the least efficient; Base128 is the most efficient, but may be not safe, for example, some CloudShells will confuse \n
and \r\n
and cause errors.
If CloudShell supports compression (e.g. WebSocket service enables the deflate extension), the efficiency will be different. In this case, Base64 is usually better than Base94, because the redundancy of Base64 is more obvious and easier to compress.
The client will use a pre-configured encoding according to different vendors. You can also override the default encoding with the --encoding
option, and customize the code table with the --table
option.
FAQ
A: How can I determine my CloudShell's maximum transfer speed?
Q: You can run cat /dev/zero
or cat /dev/random
in CloudShell
to generate a lot of data, and then watch the incoming traffic in task manager.
A: Why is the data transfer incorrect?
Q: Make sure the client and server are the same version:
cloudshellproxy --version
The encoding implementation may be changed, resulting in data errors.
In addition, the cloud vendor may change the transfer protocol at any time, and if this program is not adapted in time, it may not work.
Warning
This tool is for learning and experimentation only, do not overuse it, or do so at your own risk.
License
MIT
6 months ago
8 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago