mhzed/wstunnel

wstunnel quits if invalid protocol passed

Closed this issue · 3 comments

If anything other than "tunnel-protocol" is requested, the server prints an error to the console, and quits. This represents at best, an instability, and at worst a vector for a DOS attack.

Any possibility the server could reject the invalid connection, and then keep running, so existing users are not dropped?

mhzed commented

Most invalid payload should be rejected with http 400 error, but I have never tried an exhaustive random attack. If you can post a payload that causes server to quit, then I can take a deeper look.

Can reproduce it like this:

wstunnel -s 0.0.0.0:8080 -t google.com:80

Then simply type this in Chrome inspector:
var ws = new WebSocket('ws://serverip:8080/','test');

If 'test' is anything but 'tunnel-protocol', the server dies:

[Dec 23 2018 03:12:15.866 GMT+0000] Client 96.39.161.102 establishing ws tunnel to google.com:80
/usr/local/lib/node_modules/wstunnel/node_modules/websocket/lib/WebSocketRequest.js:289
throw new Error('Specified protocol was not requested by the client.');
^

Error: Specified protocol was not requested by the client.
at WebSocketRequest.accept (/usr/local/lib/node_modules/wstunnel/node_modules/websocket/lib/WebSocketRequest.js:289:19)
at Socket.net.connect (/usr/local/lib/node_modules/wstunnel/lib/WstServer.js:52:34)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:106:13)
at Socket.emit (events.js:208:7)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1173:10)

mhzed commented

Fixed in version 1.2.7.