Published on June 8th, 2015 📆 | 5243 Views ⚑0
Multiplex Various Network Data Flows: SSF
Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer.
Multiplex Various Network Data Flows
The initial aim of SSF was to provide an easy way for users and developers to multiplex and demultiplex various network data flows. It was designed to:
- be cross platform
- be lightweight (preferably standalone)
- be easily extendible
- provide modern (TLS 1.2) secure point-to-point communication with the strongest cipher-suites
- provide high performance communications by using the benefits of modern multi-core / multi-threaded architecture
These requirements excluded SSH which showed limitations on all items (particularly in performance, but also by the lack of server side application on Windows). Classic VPN software was also excluded because the requirement of administrator rights was too limiting.
- One feature which was not present in any another equivalent network tool was UDP forwarding. UDP is nonetheless widely used in real-time services (VoIP, online gaming, …) and for DNS. Therefore, SSF is able to forward both TCP and UDP from the client to the server (options -L and -U) as well as from the server to the client (options -R and -V)
- SSF also allows dynamic port forwarding with a SOCKS server from the client to the server (option -D just like SSH) and from the server to the client (option -F which SSH does not allow)
- The bouncing feature allows to simply forward the traffic from one point to another, through a list of intermediary relay servers
SSF command-line was designed as a drop-in replacement for SSH (on equivalent features, such as port forwarding or SOCKS), so that you can benefit of the performance and security gain with minimal – or even, not a single – update for your scripts and tools.
- Winrar >= 5.2.1 (Third party builds on windows)
- Boost >= 1.56.0
- OpenSSL >= 1.0.2
- Google Test >= 1.7.0
- CMake >= 2.8.11
- nasm (openssl build on windows)
- Perl | Active Perl >= 5.20 (openssl build on windows)
- C++11 compiler (Visual Studio 2013, Clang, g++, etc.)
- STANDARD: the project will be build with standard security features
- FORCE_TCP_ONLY: the project will be built without security features to facilitate debugging
Get SSF here:
Build SSF on Linux
- Go in project directory
- Copy Boost archive in third_party/boost
cp boost_1_XX_Y.tar.bz2 PROJECT_PATH/third_party/boost
- Copy OpenSSL archive in third_party/openssl
cp openssl-1.0.XY.tar.gz PROJECT_PATH/third_party/openssl
- Copy GTest archive in third_party/gtest
cp gtest-1.X.Y.zip PROJECT_PATH/third_party/gtest
- Generate project
mkdir PROJECT_PATH/build cd PROJECT_PATH/build cmake -G "GENERATOR" -DCMAKE_BUILD_TYPE=Release|Debug -DSSF_SECURITY:STRING="STANDARD|FORCE_TCP_ONLY" ../
- Build project
cmake --build PROJECT_PATH/build -- -j
How to use
SSF_<Server|Client>[.exe] [-L loc:ip:dest] [-R rem:ip:dest] [-D port] [-F port] [-U loc:ip:dest] [-V rem:ip:dest] [-b bounce_file] [-c config_file] [-p port] [host]
- host: the IP address or the name of the remote server to connect to.
- -p: port is the port on which to listen (for the server) or to connect (for the client). The default value is 8011.
- -L: TCP port forwarding with loc as the local TCP port, ip and dest as destination toward which the forward should be done from the server.
- -R: TCP remote port forwarding with rem as the TCP port to forward from the remote host, ip and dest as destination toward which the forward should be done from the client.
- -D: open a port (port) on the client to connect to a SOCKS server on the server from the client.
- -F: open a port (port) on the server to connect to a SOCKS server on the client from the server.
- -U: UDP port forwarding with loc as the UDP port to forward from the client, ip and dest as destination toward which the forward should be done from the server.
- -V: UDP remote port forwarding with rem as the UDP port to forward from the server, ip and dest as destination toward which the forward should be done from the client.
- -b: bounce_file is the file containing the list of relays to use.
- -c: config_file is the config file containing configuration for SSF (TLS configuration).
Source && Download