hrbrmstr's Daily Drop

Share this post

Drop #152 (2022-12-08): More Tunnels Than Torech Ungol

dailyfinds.hrbrmstr.dev

Drop #152 (2022-12-08): More Tunnels Than Torech Ungol

VS Code Remote Tunnels; frp

boB Rudis
Dec 8, 2022
1
Share this post

Drop #152 (2022-12-08): More Tunnels Than Torech Ungol

dailyfinds.hrbrmstr.dev

Microsoft dropped some tunneling, er, goodness? on us today, so we'll cover it and two other tunneling setups you can use to exfiltrate data gain legitimate access to network-restricted services. Just make sure you know what you're doing; otherwise you're leaving a wide open door for folks on Santa’s naughty list.

I covered the ngrok — the tunneler's tunnel — back in April, and you likely already know how to tunnel with SSH, plus you're better off using WireGuard/Tailscale on systems you legitimately control, so only two drops in today's edition.

VS Code Remote Tunnels

red and white tunnel with red carpet
Photo by Jakob Søby on Unsplash

I end up using vim, Sublime Text, RStudio and VS Code on a daily basis (yes, all four). I use each in (mostly) different contexts, but I have to say, Microsoft certainly got something right with VS Code (well, apart from their skeezy telemetry garbage). It's a veritable Swiss Army knife for all thing editor-y.

When they added the ability to auto-ssh into remote systems, it became a bit easier to use than the old rmate hack (that also works with Sublime Text) and sped up some tasks (at least for me). I think it also likely caused a resurgence of the bad practice of connecting directly to production systems, but I have no data to back up that intuition (but, don't do that if you can at all avoid it).

The latest update adds a tunnel command to the code CLI tool, and also provides the functionality right in the VS Code GUI as well. Just do something like:

$ code tunnel --accept-server-license-terms

and you'll be walked through how to enable the tunnel and start accessing your system right from any web browser.

The cyber-portion of me is terrified of this. The coder-portion of me 💙s it.

Microsoft's intro blog covers everything from start to finish in excruciating detail, so no need for a tutorial from me.

I tested it and it works scarily good (it got past Reid’s incredibly effective locked-down macOS config at work, too, so…o_O).

Share

frp

red and white light in tunnel
Photo by Tom Dahm on Unsplash

Frp is a f-ast r-everse p-roxy written in Golang that lets you expose any local network service that's behind a firewall or NAT to the big bad internets. It handles TCP, UDP, HTTP, and HTTPS, and even supports the use of FQDNs! Plus, one can also do some point-to-point tunneling.

You configure it via environment variables or configuration files, and it sports both a dashboard and admin (web) GUI for those who need such pleasantries.

All kinds of authentication support is baked in, as is encryption (which you knew, already, since I mentioned HTTPS in the first ❡), along with the ability to do TCP multiplexing.

It's also a great way to learn about and play with KCP — an implementation of the Automatic Repeat Request (ARQ) protocol [direct PDF].

The feature list is far too long to replicate here, so you can hit the GH page for more information as well as builds for every conceivable system. I feel pretty silly for not covering this before, as it's a very useful tool that has a ton of legitimate (as well as nefarious) uses.

FIN

Of course, the best tunnels are ones dug through 3 foot snow packs (like we had the first year we moved to Maine). ☮

Share this post

Drop #152 (2022-12-08): More Tunnels Than Torech Ungol

dailyfinds.hrbrmstr.dev
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 boB Rudis
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing