Redirectors
Typesâ
- Passthrough: Redirect all traffic from A to B.
- Filtering : Conditionally redirect traffic to different destinations or drop traffic entirely.
- Pseudo-redirectors : Domain fronting/third party C2.
Passthroughâ
Socatâ
Redirecting local port 80 to remote port 80
socat TCP4-LISTEN:80,fork TCP4:<C2_IP>:80
Same redirection but only bind to a specific local interface
socat TCP4-LISTEN:80,bind=<10.10.10.1>,fork TCP4:<C2_IP>:80
iptablesâ
Redirecting local port 80 to distant port 80
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <C2_IP>:80
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD -j ACCEPT
iptables -P FORWARD ACCEPT
sysctl net.ipv4.ip_forward=1
Full TCP relay
iptables -t nat -A PREROUTING -p tcp -i eth0 -j DNAT -d <eth0_IP> --to-destination <FORWARDED_IP>
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j MASQUERADE
sysctl net.ipv4.ip_forward=1
Filteringâ
info
Under construction
Pseudo-redirectorsâ
info
Under construction