How to use frp for network penetration

date
May 10, 2022
slug
6ce3c566265825849e9e4e7a5470ed54
status
Published
tags
Howto
summary
type
Post

frp

frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the Internet. As of now, it supports TCP and UDP, as well as HTTP and HTTPS protocols, where requests can be forwarded to internal services by domain name.
All you need is just a VPS with public ip adress.

frp server config

  1. Check out the server architecture.
      2. arch
  1. Download the compatible version of frp.
      2. https://github.com/fatedier/frp/releases/tag/v0.44.0
  1. Decompress it and cd
      2. tar -zxvf
  1. modify frps.ini
      2. vim frps.ini
      [common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = password
vhost_http_port = 8080
vhost_https_port = 10443
  1. Use systemd to control frps and configure boot-up on Linux systems.
      • Creat and edit frps.service file.
          • $ vim /etc/systemd/system/frps.service
          Write in content.
          [Unit]
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# modify to your frps path
ExecStart = /path/to/frps -c /path/to/frps.ini

[Install]
WantedBy = multi-user.target
      • Use command of systemd to control frps
          • systemctl start frps
systemctl stop frps
systemctl restart frps
systemctl status frps
      • Configure frps to boot autostart.
          • systemctl enable frps

frp client config

GitHub - fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. - GitHub - fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
GitHub - fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
https://github.com/fatedier/frp#access-your-computer-in-lan-by-ssh
GitHub - fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • Access your computer in LAN by SSH
  • Visit your web service in LAN by custom domains
[common]
server_addr = ********
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

[vnc]
type = tcp
local_ip = 127.0.0.1
local_port = 5900
remote_port = 35900
use_encryption = true
use_compression = true

[qinglong]
type = http
local_port = 5700
custom_domains = ***.***.***

[webDAV]
type = http
local_port = 9290
custom_domains = ***.***.***

[transmission]
type = http
local_port = 9091
custom_domains = ***.***.***

Use supervisor to control frpc and configure boot-up on Linux systems.

  • Install supervisor with brew and make it atuo-start
      • brew install supervisor
brew services restart supervisor
  • Create supervisor configuration floder.
      • mkdir /usr/local/etc/supervisor.d
  • Create and edit frpc.ini file.
      • [program:frpc]
command = /path/to/frpc -c /path/to/frpc.ini
autostart = true
  • Use command of supervisor to control frpc
      • supervisorctl reload
supervisorctl stop frpc
supervisorctl status
 
Related links:

© 2PoL 2020 - 2025