banner
keney

keney

remain optimistic
twitter
HomeArchivesAboutportfolios

frp-0.59 - User Guide

#frp40
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document provides a tutorial on using the frp (Fast Reverse Proxy) version 0.59.0 for setting up secure remote access and internal network penetration. It begins by discussing the need for a self-built internal network penetration tool, highlighting the transition from an older version to 0.59.0 for improved security. The tutorial covers downloading the necessary files, configuring the server and client, and setting up both point-to-point and secure exposure services. ### Key Steps: 1. **Preparation**: - Download frp from official sources and alternative links. - Note that the Linux version may trigger antivirus warnings on Windows. 2. **Server Configuration**: - Upload and extract the Linux version. - Modify the `frps.toml` file to set the binding port. - Install `systemd` and create a service file for frp. - Start, stop, and enable the frp service to run on boot. 3. **Client Configuration**: - Set up the client on the target machine by modifying the `frpc.toml` file with the server's IP and port. - Use the command line to start the frp client. - For remote access, use the Windows Remote Desktop tool with the specified local port. 4. **Point-to-Point Access**: - Similar configuration steps are followed for setting up point-to-point access, ensuring the correct secret keys are used for security. 5. **Auto-Start Configuration**: - Create a batch file to run the frp client on startup and place it in the Windows startup directory. This tutorial emphasizes security best practices, such as avoiding default ports and using secret keys for access control.

Background#

Currently, I need to use a self-built intranet penetration tool, so I chose frp. There are many versions of frp; I previously used frp_0.51.2_windows_386, and now I have upgraded to frp_0.59.0_windows_amd64. The main functions of this frp include point-to-point intranet penetration (p2p), securely exposing intranet services, and using the server as a proxy for penetration. I plan to use point-to-point or secure exposure service methods. Previously, I always used the server proxy method for intranet penetration, which directly exposed my machine to the public internet, making it very unsafe. Once, when I checked the server logs, I found many requests to the port exposed by my server, realizing that I might have been targeted, so I changed to another port. Now, with heightened security awareness, I will switch to point-to-point or secure exposure methods to prevent attackers from scanning and invading. It is recommended not to use the default ports provided by the service and to modify them yourself.

Currently, the uses include: remote connection to Windows computers, web services exposed on the public internet.

I. Preparation#

Official download link: https://github.com/fatedier/frp/releases/tag/v0.59.0

Here I provide two download links:

123 Cloud: https://www.123pan.com/s/tB5A-psnYd.html? Extraction code: TA7T

Lanzou Cloud: https://nxg.lanzoul.com/b03ivhzl1i Password: 7ijd

frp_0.59.0_linux_amd64.tar.gz ====》 For uploading to the Linux server

frp_0.59.0_windows_amd64.zip ====》 For starting on Windows locally

Note: Downloading the Linux version may trigger a virus alert on Windows systems; you can allow (exclude) the download directory in the settings to proceed with the download and upload it to the server.
Downloading from the official website will also trigger a virus alert; you can verify this yourself.

II. Configure the Server#

2.1 Upload frp and configure frp#

First, upload the frp_0.59.0_linux_amd64.tar.gz compressed package to a custom directory; here I take the /root/frp directory as an example:

tar -zxvf frp_0.59.0_linux_amd64.tar.gz

Location: /root/frp/frp_0.59.0_linux_amd64

Modify the frps.toml configuration port:

bindPort = 7002

At this point, the service configuration is complete.

2.2 Install systemd#

yum install systemd

2.3 Create and edit the frps.service file (using vim editor)#

vim /etc/systemd/system/frps-59.service

2.4 Write the content#

[Unit]
# Service name, customizable
Description = frp_0.59.0_linux_amd64 server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# Command to start frps, modify to your frps installation path
ExecStart =/root/frp/frp_0.59.0_linux_amd64/frps -c /root/frp/frp_0.59.0_linux_amd64/frps.toml

[Install]
WantedBy = multi-user.target

Note: /root/frp/frp_0.59.0_linux_amd64/frps corresponds to the frps file, which is the file you uploaded to the server and extracted.

The above three steps can refer to: https://gofrp.org/docs/setup/systemd/

Then refresh:

systemctl daemon-reload
# If the above command does not take effect, try the following command
systemctl daemon-reexec

2.5 Start and stop commands#

If you do not have root administrator privileges, you need to use sudo; if you have administrator privileges, you can directly use the command without sudo, just systemctl start frps-59


# Start frp
sudo systemctl start frps-59
# Stop frp
sudo systemctl stop frps-59
# Restart frp
sudo systemctl restart frps-59
# Check frp status
sudo systemctl status frps-59

Set to start automatically on boot:

sudo systemctl enable frps-59

III. Configure the Client#

Secure Exposure Service#

  1. Target machine (the machine to be accessed)

Extract the frp_0.59.0_windows_amd64.zip file:

Location: D:\programTool\frp\frp_0.59.0_windows_amd64

Modify the frpc.toml configuration:

serverAddr = "Public IP address of the server"
serverPort = 7002

[[proxies]]
name = "rdp_stcp_test"
type = "stcp"
# Only users with the same secretKey set here can access this service
secretKey = "7G5Y2QW9X312PYWQWE67"
localIP = "127.0.0.1"
localPort = 3389

This is the target machine to be accessed.

cmd start command:

.\frpc.exe -c .\frpc.toml
  1. Visitor machine

Extract the frp_0.59.0_windows_amd64.zip file:

Location: D:\tool\technology\frp\frp_0.59.0_windows_amd64

Modify the frpc.toml configuration:

serverAddr = "101.133.238.75"
serverPort = 7002

[[visitors]]
name = "rdp_stcp_visitor"
type = "stcp"
# Name of the stcp proxy to access
serverName = "rdp_stcp_test"
# Only users with the same secretKey set here can access this service
secretKey = "7G5Y2QW9X312PYWQWE67"
bindAddr = "127.0.0.1"
bindPort = 7003

This is the visitor machine, which accesses the previously configured machine.

cmd start command:

.\frpc.exe -c .\frpc.toml

The visitor machine connects to the target machine

Use the built-in remote connection tool in Windows: 127.0.0.1:7003, enter the computer username and password to access the target machine.

Point-to-Point Access Service#

  1. Target machine (the machine to be accessed)
    Location: D:\programTool\frp\frp_0.59.0_windows_amd64

Modify the frpc.toml configuration:

serverAddr = "Public IP address of the server"
serverPort = 7002

[[proxies]]
name = "p2p_rdp_test"
type = "xtcp"
# Only users with the shared secretKey consistent with the server can access this service
secretKey = "AAAA5Y2QW9X312PYWQWE67"
localIP = "127.0.0.1"
localPort = 3389
  1. Visitor machine:

Location: D:\tool\technology\frp\frp_0.59.0_windows_amd64

Modify the frpc.toml configuration:

serverAddr = "101.133.238.75"
serverPort = 7002

[[visitors]]
name = "p2p_rdp_visitor"
type = "xtcp"
# Name of the P2P proxy to access
serverName = "p2p_rdp_test"
secretKey = "AAAA5Y2QW9X312PYWQWE67"
# Bind local port to access SSH service
bindAddr = "127.0.0.1"
bindPort = 7004
# Set to true if you need to keep the tunnel open automatically
keepTunnelOpen = true

This is the visitor machine, which accesses the previously configured machine.

cmd start command:

.\frpc.exe -c .\frpc.toml

The visitor machine connects to the target machine

Use the built-in remote connection tool in Windows: 127.0.0.1:7004, enter the computer username and password to access the target machine.

Windows Auto-Start Configuration#

Create in D:\programTool\frp\frp_0.59.0_windows_amd64 and D:\tool\technology\frp\frp_0.59.0_windows_amd64 directories.

Method 1:#

frpc-start.bat

@echo off
:home
frpc -c frpc.toml
goto home

Then place this frp-start.bat shortcut in the Windows startup directory.

This script can display the console window, which is not very elegant.

Method 2:#

frpc-start.bat

@echo off
if "%1" == "h" goto begin
mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
:begin
REM
cd D:\programTool\frp\frp_0.59.0_windows_amd64
frpc -c frpc.ini
exit

The frp client is relatively stable; using method two is sufficient. If it is unstable, you can also choose method one.

Method 3#

frpc-start.bat

Can keep trying to connect

@echo off
if "%1" == "h" goto begin
mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
:begin
REM
:home
frpc -c frpc.toml
goto home

This frpc-start.bat script should be placed in the D:\programTool\frp\frp_0.59.0_windows_amd64 directory.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.