New Year's Eve Prank Using SSH Tunnel

On the eve of the New Year, I would like to share with the Habrahabr community a simple joke, which happened to come to mind when working with SSH tunnels.

You can play friends, colleagues, website creators, designers who have not yet finished working on their projects in companies of the corresponding profile.

In particular, if the web studio works with the XAMPP web server, then all sites that are under development and displayed in the browser line on the webmaster’s computer as http: // localhost / new_cool_site can be arranged as subdirectories of any http: domain // mydomain.ru / new_cool_site. It will be especially funny if you choose, for example, kremlin.ru as mydomain.ru . Demonstrating the president’s site with your work in a cafe or even at home with a parallel story about how deeply the administration of the head of state became interested in your work can make a lasting impression on those who are inexperienced in this interviewer.
')
If you are a system administrator, then the same can be shown to your webmasters and designers who will wrestle with how their unfinished works suddenly appeared on the Internet on a foreign domain.

The idea is as follows.

There is a certain computer from which we will fool the interlocutor. Let's say this is a laptop with Wi-Fi access.

A virtual interface is created and raised on this computer using the OpenVPN package, on which the IP address (usually gray) of the remote web server with a 24-bit mask is written.





Next, in the % WINDIR% \ system32 \ drivers \ etc \ hosts file, this IP address (172.16.0.10) is assigned to an arbitrary domain name that comes to your mind, for example kremlin.ru .

In addition, we need root SSH access to the company's router, from which a working computer with an internal web server of the studio can be seen on the local network. Route because we will forward the privileged 80th port.

It remains to run an SSH client on our laptop, for example PuTTY, and create a direct tunnel by connecting to the router with the following settings:


Everything. Now open the site with the domain name registered in the hosts and invite someone to see it.


The tunnel we have raised is a rather rare kind of tunnel according to the extended scheme, which is written off in this article . In 99% of cases, the Source address is the address of the local loop and is not explicitly indicated, so there is not even a space allocated for it in the settings of the tunnel in Putty. But in this case it is different from localhost , so you have to cram it along with the Source port .

I must warn you that the focus will pass only for such sites for which no redirection from IP to the domain name is configured, which is exactly what happens on servers like XAMPP.

Thus, the result is achieved without VPN and DNS server manipulations - just sleight of hand and no fraud.

Postscriptum

Gentlemen
Since the publication of this article, I have noted the extremely negative attitude towards it on the part of professionals.
I ask you to understand with understanding that the audience of the habr readers is much wider than the community of habrazhiteli.
And far from all of the readers had to solve such problems or do it regularly.
Therefore, you really, please do not lyuyuyte.