This article assumes that the reader already knows the network-related cognitive penetration.
Perhaps you used the peanut shells, frp, ngrok, teamviewer etc. penetrating tool, give you about today is smarGate (https://github.com/lazy-luo/smarGate)
1. What samrGate that?
The official name "mobile gateway", will be exposed as needed through the mobile phone network client server located within the network.
It has the following characteristics:
safety
- Traditional products usually penetrate directly access the entrance to the definition of a public server, like putting their own security door into a public place, even if it takes the key, but also difficult to prevent superb locksmith skills.
- smarGate practice is to carry a security door, self-controlled, want to share words are simple access wifi or let others access your mobile hotspot on OK.
- SSL encryption used for data transmission, prevent information leakage
Expansibility
- Based on the network segment agent, it can be used with a number of tools to achieve a variety of network service capabilities (telnet, ssh, http service, network cameras, remote desktop, etc.)
- For geeks, you can access the network services (rpc) custom
Convenience
- Mobile client configuration that
- The ability to dynamically increase and decrease service
2, samrGate What technical characteristics?
- Support agents to penetrate
- The official provided free proxy server
- If they have a cloud server (includes a public network IP), the user can customize own proxy, proxy_server and mounted on the proxy server. All data transfers take proxy server configured by the user (in order to prevent the middleman ***, proxy server requires the user to generate a self-signed certificate)
- Support p2p channel
using TCP protocol p2p penetration, enhance the security of
IPv6-point
Note: Not all networks support p2p, depending on the type of NAT at both ends
3, smartGate use
a, to end the official website to download the app and the appropriate server (server running on your private network host, network disk description file has links)
Since the home server is raspberry pie, so download arm version of the server
b, using the app client registered users, corresponding to the user to remember the "service ID" (Please fill in all, not a Chinese, to ensure the successful registration)
c, the service ID to configure your server configuration file
First, extract the server package (I put the / server directory, server.crt and server.key to generate their own certificate and private key, no certificate may be)
Configuration files are as follows (own just to have a cloud Ali ECS machine, 1c 2G 1M configuration, outside the network ip, so put each private agent configuration into):
d, start the server
e, log onto mobile app, set the desired network services
Taiwan notebook at home with windows, network ip is 192.168.3.11, open Remote Desktop Services, and therefore configure a Remote Desktop service penetration, mobile local port 3389 --- "mapped to network windows laptop (192.168.3.11) 3389 port, another way of raspberry Pi open ssh service, local phone port 10022.
f, using a mobile phone or computer to access the configuration services
Mobile terminal using the service (configure remote desktop, point to localhost):
Log in Microsoft Remote Desktop:
Try again ssh service:
Configuration:
connection succeeded:
important:
Android client needs permission:
1. Background execute permissions (If not, then the app into the background will be disconnected)
2, network access (basic rights)
Phone settings (Android):
1, is provided -> and Wireless Network -> the WLAN -> holding connector system sleep "allowed" (Otherwise, the system will be disconnected sleep)
2, provided -> Wireless and network -> Mobile Network -> Advanced -> always maintain a data connection "allow"
Detailed configuration, see the official website Description