search

doxx / darkflare

DarkFlare Firewall Piercing (TCP over CDN)
935 stars 51 forks source link

The service failed to start when i use the comman line #8

Open senggai opened 4 days ago

senggai commented 4 days ago

i had update all file and add cloudflare ssl config

HTTPS Server (recommended for production)

./darkflare-server -o https://0.0.0.0:443 -d localhost:22 -c /path/to/cert.pem -k /path/to/key.pem

return

root@test0:~# ./darkflare-server-linux-amd64 -o -d localhost:22 -c /root/cert.pem -k /root/key.pem flag provided but not defined: -c DarkFlare Server - TCP-over-CDN tunnel server component (c) 2024 Barrett Lyon - blyon@blyon.com

Usage: ./darkflare-server-linux-amd64 [options]

Options: -p Port to listen on (default: 8080) -d Destination address in host:port format Example: localhost:22 for SSH forwarding

-a Application mode: launches a command instead of forwarding Example: 'sshd -i' or 'pppd noauth' Note: Cannot be used with -d flag

-debug Enable debug logging -o Allow direct connections without Cloudflare headers Warning: Not recommended for production use

Examples: SSH forwarding: ./darkflare-server-linux-amd64 -d localhost:22 -p 8080

Run SSH daemon directly: ./darkflare-server-linux-amd64 -a "sshd -i" -p 8080

Debug mode with direct access: ./darkflare-server-linux-amd64 -d localhost:22 -p 8080 -debug -o

For more information: https://github.com/blyon/darkflare

doxx commented 4 days ago

I think you might have the wrong version. I made a bunch of changes today. Download HEAD from git to see if that fixes it.

senggai commented 4 days ago

I think you might have the wrong version. I made a bunch of changes today. Download HEAD from git to see if that fixes it.

i rebuild the go file and update the server file return

root@test0:~# ./darkflare-server-linux-amd64 -o https://0.0.0.0:443 -d localhost:22 -c /root/cert.pem -k /root/key.pem -debug 2024/11/27 22:09:48 DarkFlare server running on https://0.0.0.0:443 2024/11/27 22:09:48 Successfully loaded certificate from /root/cert.pem and key from /root/key.pem 2024/11/27 22:09:48 Starting HTTPS server on 0.0.0.0:443 2024/11/27 22:09:48 TLS Configuration: 2024/11/27 22:09:48 Minimum Version: 303 2024/11/27 22:09:48 Maximum Version: 304 2024/11/27 22:09:48 Certificates Loaded: 1 2024/11/27 22:09:48 Listening Address: 0.0.0.0:443 2024/11/27 22:09:48 Supported Protocols: [h2 http/1.1]

but the cloudflare page shows Web server is down

senggai commented 4 days ago

I think you might have the wrong version. I made a bunch of changes today. Download HEAD from git to see if that fixes it.

root@test0:~# ./darkflare-server -o https://0.0.0.0:443 -d localhost:22 -c /root/cert.pem -k /root/key.pem -debug 2024/11/27 22:15:01 DarkFlare server running on https://0.0.0.0:443 2024/11/27 22:15:01 Successfully loaded certificate from /root/cert.pem and key from /root/key.pem 2024/11/27 22:15:01 Starting HTTPS server on 0.0.0.0:443 2024/11/27 22:15:01 TLS Configuration: 2024/11/27 22:15:01 Minimum Version: 303 2024/11/27 22:15:01 Maximum Version: 304 2024/11/27 22:15:01 Certificates Loaded: 1 2024/11/27 22:15:01 Listening Address: 0.0.0.0:443 2024/11/27 22:15:01 Supported Protocols: [h2 http/1.1] 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58816 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58816 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [772 771] 2024/11/27 22:20:14 Supported Ciphers: [4866 4867 4865 49196 49200 159 52393 52392 52394 49195 49199 158 49188 49192 107 49187 49191 103 49162 49172 57 49161 49171 51 157 156 61 60 53 47 255] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveID(30) CurveP521 CurveP384 CurveID(256) CurveID(257) CurveID(258) CurveID(259) CurveID(260)] 2024/11/27 22:20:14 Supported Points: [0 1 2] 2024/11/27 22:20:14 ALPN Protocols: [] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 2024/11/27 22:20:14 TLS Connection State: 2024/11/27 22:20:14 Version: 0x304 2024/11/27 22:20:14 HandshakeComplete: false 2024/11/27 22:20:14 CipherSuite: 0x1303 2024/11/27 22:20:14 NegotiatedProtocol: 2024/11/27 22:20:14 ServerName: 107.148.223.167 2024/11/27 22:20:14 Connection state changed to active from 209.38.132.6:58816 2024/11/27 22:20:14 Request: GET / from 2024/11/27 22:20:14 Headers: map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate] Accept-Language:[en-US,en;q=0.9] Cache-Control:[no-cache] Pragma:[no-cache] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36]] 2024/11/27 22:20:14 Connection state changed to idle from 209.38.132.6:58816 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58816 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58830 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58830 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [22 51 103 49310 49314 158 57 107 49311 49315 159 69 190 136 196 154 49160 49161 49187 49324 49326 49195 49162 49188 49325 49327 49196 49266 49267 52393 4866 4865 52244 49159 49170 49171 49191 49199 49172 49192 49200 49248 49249 49270 49271 52392 4869 4868 4867 52243 49169 10 47 60 49308 49312 156 53 61 49309 49313 157 65 186 132 192 7 4 5] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [hq h2c h2 spdy/3 spdy/2 spdy/1 http/1.1 http/1.0 http/0.9] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58830: EOF 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58830 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58846 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58846 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [769 770 771] 2024/11/27 22:20:14 Supported Ciphers: [5 4 7 192 132 186 65 157 49313 49309 61 53 156 49312 49308 60 47 10 49169 52243 4867 4868 4869 52392 49271 49270 49249 49248 49200 49192 49172 49199 49191 49171 49170 49159 52244 4865 4866 52393 49267 49266 49196 49327 49325 49188 49162 49195 49326 49324 49187 49161 49160 154 196 136 190 69 159 49315 49311 107 57 158 49314 49310 103 51 22] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 http/1.1 spdy/1 spdy/2 spdy/3 h2 h2c hq] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58846: read tcp 107.148.223.167:443->209.38.132.6:58846: read: connection reset by peer 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58846 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58860 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58860 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [49170 49159 52244 4865 4866 52393 49267 49266 49196 49327 49325 49188 49162 49195 49326 49324 49187 49161 49160 154 196 136 190 69 159 49315 49311 107 57 158 49314 49310 103 51 22] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 http/1.1 spdy/1 spdy/2 spdy/3 h2 h2c hq] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58860: tls: no cipher suite supported by both client and server 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58860 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58862 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58862 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [49171 49191 49199 49172 49192 49200 49248 49249 49270 49271 52392 4869 4868 4867 52243 49169 10 47 60 49308 49312 156 53 61 49309 49313 157 65 186 132 192 7 4 5] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq] [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58862: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq]) 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58862 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58864 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58864 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [60138 49170 49171 49159 49191 52244 49199 4865 49172 4866 49192 52393 49200 49267 49248 49266 49249 49196 49270 49327 49271 49325 52392 49188 4869 49162 4868 49195 4867 49326 52243 49324 49169 49187 10 49161 47 49160 60 154 49308 196 49312 136 156 190 53 69 61 159 49309 49315 49313 49311 157 107 65 57 186 158 132 49314 192 49310 7 103 4 51 5 22] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9] [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58864: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9]) 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58864 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58872 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58872 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [770 769] 2024/11/27 22:20:14 Supported Ciphers: [22 51 103 49310 49314 158 57 107 49311 49315 159 69 190 136 196 154 49160 49161 49187 49324 49326 49195 49162 49188 49325 49327 49196 49266 49267 52393 4866 4865 52244 49159 49170 49171 49191 49199 49172 49192 49200 49248 49249 49270 49271 52392 4869 4868 4867 52243 49169 10 47 60 49308 49312 156 53 61 49309 49313 157 65 186 132 192 7 4 5] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 http/1.1 spdy/1 spdy/2 spdy/3 h2 h2c hq] [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58872: tls: client offered only unsupported versions: [302 301] 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58872 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58886 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58886 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [772 771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [22 51 103 49310 49314 158 57 107 49311 49315 159 69 190 136 196 154 49160 49161 49187 49324 49326 49195 49162 49188 49325 49327 49196 49266 49267 52393 4866 4865 52244 49159 49170 49171 49191 49199 49172 49192 49200 49248 49249 49270 49271 52392 4869 4868 4867 52243 49169 10 47 60 49308 49312 156 53 61 49309 49313 157 65 186 132 192 7 4 5] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [hq h2c h2 spdy/3 spdy/2 spdy/1 http/1.1 http/1.0 http/0.9] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 2024/11/27 22:20:14 TLS Connection State: 2024/11/27 22:20:14 Version: 0x304 2024/11/27 22:20:14 HandshakeComplete: false 2024/11/27 22:20:14 CipherSuite: 0x1303 2024/11/27 22:20:14 NegotiatedProtocol: h2 2024/11/27 22:20:14 ServerName: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58886: read tcp 107.148.223.167:443->209.38.132.6:58886: read: connection reset by peer 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58886 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58888 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58888 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [769 770 771 772] 2024/11/27 22:20:14 Supported Ciphers: [5 4 7 192 132 186 65 157 49313 49309 61 53 156 49312 49308 60 47 10 49169 52243 4867 4868 4869 52392 49271 49270 49249 49248 49200 49192 49172 49199 49191 49171 49170 49159 52244 4865 4866 52393 49267 49266 49196 49327 49325 49188 49162 49195 49326 49324 49187 49161 49160 154 196 136 190 69 159 49315 49311 107 57 158 49314 49310 103 51 22] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 http/1.1 spdy/1 spdy/2 spdy/3 h2 h2c hq] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58888: EOF 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58888 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58894 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58894 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [769 770 771 772] 2024/11/27 22:20:14 Supported Ciphers: [22 51 103 49310 49314 158 57 107 49311 49315 159 69 190 136 196 154 49160 49161 49187 49324 49326 49195 49162 49188 49325 49327 49196 49266 49267 52393 52244 49159 49170 49171 49191 49199 49172 49192 49200 49248 49249 49270 49271 52392 52243 49169 10 47 60 49308 49312 156 53 61 49309 49313 157 65 186 132 192 7 4 5] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [http/0.9 http/1.0 http/1.1 spdy/1 spdy/2 spdy/3 h2 h2c hq] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58894: EOF 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58894 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58896 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58896 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [39578 772 771 770 769] 2024/11/27 22:20:14 Supported Ciphers: [23130 49170 49171 49159 49191 52244 49199 4865 49172 4866 49192 52393 49200 49267 49248 49266 49249 49196 49270 49327 49271 49325 52392 49188 4869 49162 4868 49195 4867 49326 52243 49324 49169 49187 10 49161 47 49160 60 154 49308 196 49312 136 156 190 53 69 61 159 49309 49315 49313 49311 157 107 65 57 186 158 132 49314 192 49310 7 103 4 51 5 22] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveP384 CurveP521] 2024/11/27 22:20:14 Supported Points: [0] 2024/11/27 22:20:14 ALPN Protocols: [hq h2c h2 spdy/3 spdy/2 spdy/1 http/1.1 http/1.0 http/0.9] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 2024/11/27 22:20:14 TLS Connection State: 2024/11/27 22:20:14 Version: 0x304 2024/11/27 22:20:14 HandshakeComplete: false 2024/11/27 22:20:14 CipherSuite: 0x1303 2024/11/27 22:20:14 NegotiatedProtocol: h2 2024/11/27 22:20:14 ServerName: 107.148.223.167 [HTTPS] 2024/11/27 22:20:14 http: TLS handshake error from 209.38.132.6:58896: read tcp 107.148.223.167:443->209.38.132.6:58896: read: connection reset by peer 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58896 2024/11/27 22:20:14 Connection state changed to new from 209.38.132.6:58908 2024/11/27 22:20:14 TLS Handshake Details: 2024/11/27 22:20:14 Client Address: 209.38.132.6:58908 2024/11/27 22:20:14 Server Name: 107.148.223.167 2024/11/27 22:20:14 Supported Versions: [772 771] 2024/11/27 22:20:14 Supported Ciphers: [4866 4867 4865 49196 49200 159 52393 52392 52394 49195 49199 158 49188 49192 107 49187 49191 103 49162 49172 57 49161 49171 51 157 156 61 60 53 47 255] 2024/11/27 22:20:14 Supported Curves: [X25519 CurveP256 CurveID(30) CurveP521 CurveP384 CurveID(256) CurveID(257) CurveID(258) CurveID(259) CurveID(260)] 2024/11/27 22:20:14 Supported Points: [0 1 2] 2024/11/27 22:20:14 ALPN Protocols: [] 2024/11/27 22:20:14 Client requesting certificate for server name: 107.148.223.167 2024/11/27 22:20:14 TLS Connection State: 2024/11/27 22:20:14 Version: 0x304 2024/11/27 22:20:14 HandshakeComplete: false 2024/11/27 22:20:14 CipherSuite: 0x1303 2024/11/27 22:20:14 NegotiatedProtocol: 2024/11/27 22:20:14 ServerName: 107.148.223.167 2024/11/27 22:20:14 Connection state changed to active from 209.38.132.6:58908 2024/11/27 22:20:14 Request: GET /favicon.ico from 2024/11/27 22:20:14 Headers: map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9] Accept-Encoding:[gzip, deflate] Accept-Language:[en-US,en;q=0.9] Cache-Control:[no-cache] Pragma:[no-cache] Referer:[https://107.148.223.167/] User-Agent:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36]] 2024/11/27 22:20:14 Connection state changed to idle from 209.38.132.6:58908 2024/11/27 22:20:14 Connection state changed to closed from 209.38.132.6:58908

doxx commented 3 days ago

Did you start this server with -o origin mode on a web server that already had web services? This might be a bunch of non-cloudflare traffic. You may want to try to run it on a unique IP that's not busy or change the binding port to something like 4443 and then create a origin rule in Cloudflare to shunt the traffic from 443 to 4443. Maybe try that.

doxx commented 3 days ago

Also you can test in -allow-direct mode and don't use SSL to test client and server first to verify that works.