# 第九十九课：HTTP隧道Tunna第三季

**Tunna简介：**

Tunna1.1 是 secforce 在2014年11月出品的一款基于HTTP隧道工具。其中v1.1中支持了SOCKS4a。

Tunna演示稿：\
<https://drive.google.com/open?id=1PpB8_ks93isCaQMEUFf_cNvbDsBcsWzE>

Github：\
<https://github.com/SECFORCE/Tunna>

**攻击机：**\
192.168.1.5 Debian\
192.168.1.4 Windows 7

**靶机：**\
192.168.1.119 Windows 2003

**安装：**

```bash
root@John:~# git clone https://github.com/SECFORCE/Tunna.git
Cloning into 'Tunna'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 156 (delta 0), reused 2 (delta 0), pack‐reused 150
Receiving objects: 100% (156/156), 8.93 MiB | 25.00 KiB/s, done.
Resolving deltas: 100% (84/84), done.
```

![](/files/-LZPe3IDqvDKh1kD0Dt8)

**靶机执行：**

以aspx为demo。

![](/files/-LZPe3IGfcHVhnaP8WqY)

**攻击机执行：**

```python
python proxy.py ‐u http://192.168.1.119/conn.aspx ‐l 1234 ‐r 3389 ‐s ‐ v
```

![](/files/-LZPe3IKJr4VbjSFU5ox)

![](/files/-LZPe3INvBPmgKTSvVgV)

## 附录：

**解决：**&#x47;eneral Exception: \[Errno 104] Connection reset by peer

```bash
[+] Spawning keep‐alive thread
[‐] Keep‐alive thread not required
[+] Checking for proxy: False
```

连接后，出现

```bash
General Exception: [Errno 104] Connection reset by peer
```

等待出现：**无法验证此远程计算机的身份，是否仍要连接？**

再次运行，在点击是(Y)

```bash
python proxy.py ‐u http://192.168.1.119/conn.aspx ‐l 1234 ‐r 3389 ‐s ‐ v
```

![](/files/-LZPe3IQzUcKnYmZBuN8)

![](/files/-LZPe3ISMibZ7aQBb-Tc)

![](/files/-LZPe3IU1y3czJ5NScCg)

**如果：没有出现“无法验证此远程计算机的身份，是否仍要连接？”**

注册表键值： HKEY\_CURRENT\_USER\Software\Microsoft\Terminal Server Client\Servers 删除对应IP键值即可。

非常遗憾的是，Tunna对PHP的支持并不是太友好。

> Micropoor


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/contents-1/91-100/99http-sui-dao-tunna-di-san-ji.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.