This project is an open-source Python-based tunneling framework that helps you to create a tunnel between two (or more) computers on different channels/protocols. Although the name of the project correlates with the word “exfiltrate”, the framework is more about tunneling than exfiltration. The main use-case for it is to create a full Internet Protocol v4 (IPv4) based tunnel between the endpoints, that can be used as a communication channel to send IP packets back and forth.
The tool is built on the client-server architecture, so at least two computers are needed to set up the environment. The server side can offer different protocols that can be used for tunneling. The client chooses a protocol that is offered by the server and available on the client network (for example: allowed on the firewall or not restricted by an active network device), and attempts to create a communication channel or tunnel with the server. If the process succeeds, the specified protocol will be used to tunnel data over the network.
By aiming to change this, XFLTReaT works as a framework. It supports multiple protocols (not just only one) and unifies the interface for all tunneling modules. It is possible to create new tunnel modules for protocols with ease.
Also, the framework makes tunneling easier for everybody, because:
- It is easy to install and configure (still a basic understanding is needed)
- The dependencies are kept low
- Unified tunneling interface is developed for creating modules
- Uses only one interface for all traffic
- Handles multiple clients
- Modular authentication support
- Modular encryption support
- Python-based and OOP
- Check functionality to map out the network
- SOCKS v4, 4a, 5
- HTTP CONNECT
- DNS (A/CNAME, PRIVATE, NULL) – Proof of Concept
All basic functionalities are part of the framework now.
- Multi-operating system support (Linux, Mac, Windows)
- Encryption modules
- Authentication modules
- Error handling added for many cases
- Extra functionalities like split tunneling or dependency ignorance added
- 8+1 working modules
- And much other cool stuff inside.
At the moment there are two different branches of the framework. The master branch is a somewhat stable version (v0.1) without the DNS module. The other branch is called next-version and that has the newer version (v0.2), which includes DNS support for a few records (A/CNAME, PRIVATE, NULL). This branch has not been tested thoroughly yet, please respect that before making an opinion about the source code and framework.
To have a somewhat stable release (without DNS), please use:
# git clone https://github.com/earthquake/xfltreat/
To get the DNS support from the next version branch (which was not tested thoroughly, please keep that in mind):
# git clone https://github.com/earthquake/xfltreat/ # cd xfltreat # git checkout -b next-version v0.2
To configure DNS please check the DNS_notes.md.
- # git clone https://github.com/earthquake/xfltreat/
- # pip install -r requirements.txt
- edit xfltreat.conf
- # server side: python xfltreat.py
- # client side: python xfltreat.py –client
Set up your Linux box as a server
Enable IP forwarding as root by using either:
# sysctl -w net.ipv4.ip_forward=1
# echo 1 > /proc/sys/net/ipv4/ip_forward
then set up iptables to do the NAT’ing for you:
# iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
a few things to note
- python 2.7
- Linux only
- root privs needed
side notes to expand
- server and check functionality can handle all modules enabled in the config.
- client should have only one enabled.
The tool is not yet production grade, edge cases (and not that edge cases) are might not be handled very well. There can be security issues in the code that has not been fixed. In case you manage to identify any, please contact me in private or create an issue on the Github page. Mail: xfltreat at rycon.hu
Copyright (c) 2017 Balazs Bucsay