iptables - port spoof / local port forward
来源:互联网 发布:优化探究同步导学案 编辑:程序博客网 时间:2024/05/29 07:15
PORT SPOOF
Enable IP forward and redirect destination port to another one.
root@kali:~# sysctl net.ipv4.ip_forward=1root@kali:~# iptables -t nat -A PREROUTING -p tcp --destination 192.168.1.107 ! --dport 22 -j REDIRECT --to-ports 4444
Clone portspoof source from github, and compile it.
root@kali:~# git clone http://github.com/drk1wi/portspoofroot@kali:~# cd portspoof/root@kali:~/portspoof# ./configureroot@kali:~/portspoof# make && make install
Start a port listener for tcp stream. TCP stream will reply by Portspoof, and you can control it manually.
root@kali:~/portspoof# portspoof -v -p 4444root@kali:~/portspoof# portspoof -p 4444 -s /usr/local/etc/portspoof_signatures -c /usr/local/etc/portspoof.conf -l portspoof-4444.log-> Using user defined signature file /usr/local/etc/portspoof_signatures-> Using user defined configuration file /usr/local/etc/portspoof.conf-> Using log file portspoof-4444.log-> Binding to port: 4444
Redirect Multi PORTs
root@kali:~# iptables -t nat -A PREROUTING -p tcp --destination 192.168.1.107 ! --dport 22 -j REDIRECT --to-ports 4444root@kali:~/portspoof# iptables -t nat -A PREROUTING -p tcp --destination 192.168.1.107--dport 22:100 -j REDIRECT --to-ports 4444root@kali:~/portspoof# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1:65535 -j REDIRECT --to-ports 4444
Local Port Forward
Transform port 8080 to 8888 on local machine, please modify the ip address yourself.
root:not/ # sysctl net.ipv4.ip_forward=1root:not/ # iptables -t nat -A PREROUTING -p tcp --destination 192.168.1.108 --dport 8080 -j DNAT --to-destination 192.168.1.108:8888root:not/ # iptables -t nat -A OUTPUT -p tcp --destination 127.0.0.1 --dport 8080 -j DNAT --to-destination 127.0.0.1:8888root:not/ # iptables -t nat -A OUTPUT -p tcp --destination 192.168.1.108 --dport 8080 -j DNAT --to-destination 127.0.0.1:8888root:not/ # iptables -t nat -L -n -v --line-number
IP SOURCE ADDRESS SPOOF
Replace ip source address with 8.8.8.8.
root:not/ # iptables -t nat -A POSTROUTING -p tcp --destination 192.168.1.107 --dport 4444 -j SNAT --to-source 8.8.8.8
Please run wireshark or tcpdump, and start packet sniffer. Packets detail as follow:
No. Time Source Destination Protocol Length Info 1 0.000000000 8.8.8.8 192.168.1.107 TCP 74 58188 > krb524 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=3660674 TSecr=0 WS=128Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0Ethernet II, Src: fe:41:d0:17:09:ce (fe:41:d0:17:09:ce), Dst: CadmusCo_12:a1:ba (08:00:27:12:a1:ba)Internet Protocol Version 4, Src: 8.8.8.8 (8.8.8.8), Dst: 192.168.1.107 (192.168.1.107)Transmission Control Protocol, Src Port: 58188 (58188), Dst Port: krb524 (4444), Seq: 0, Len: 0No. Time Source Destination Protocol Length Info 2 0.000064000 192.168.1.107 8.8.8.8 TCP 74 krb524 > 58188 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=993617 TSecr=3660674 WS=1024Frame 2: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0Ethernet II, Src: CadmusCo_12:a1:ba (08:00:27:12:a1:ba), Dst: 80:89:17:7d:a1:20 (80:89:17:7d:a1:20)Internet Protocol Version 4, Src: 192.168.1.107 (192.168.1.107), Dst: 8.8.8.8 (8.8.8.8)Transmission Control Protocol, Src Port: krb524 (4444), Dst Port: 58188 (58188), Seq: 0, Ack: 1, Len: 0
You can see that ip source address was replaced with 8.8.8.8.
References
http://portspoof.org/http://github.com/drk1wi/portspoof/http://www.thegeekstuff.com/2011/06/iptables-rules-examples/http://resources.infosecinstitute.com/fool-network-hunters-hackers/http://www.freebuf.com/articles/network/34225.html
0 0
- iptables - port spoof / local port forward
- Forward a TCP port to another IP or port using NAT with Iptables
- Port forward 功能测试
- android adb port forward
- ubuntu RDP port forward
- linux ssh port forward
- linux Local Port Range
- Remote/Local port scanned
- iptables remote port forwarding
- port
- port
- port
- port
- Linux Port Forward Setting on Fedora15
- lantern and gfw.press's local port
- Linux iptables setup port 80/9080/9443
- Port Forwarding & Port Triggering
- Port Forwarding & Port Triggering
- nodeJs安装过程及问题
- WebBrowser与IE的关系,如何设置WebBrowser工作在IE9模式下?
- 使用 MethodInvokingJobDetailFactoryBean(任务调度框架 其中一种方法)
- 黑马程序员 JAVA基础学习笔记 内部类等
- web:初识http协议(待补充)
- iptables - port spoof / local port forward
- OpenDPI-1.3.0源代码分析
- oracle sql plus 提交数据
- debug 自定义, Linux下串口读写
- 欢迎使用CSDN-markdown编辑器
- 从线程说起,从线程结束
- 鸡啄米vc++2010系列43(MFC常用类:定时器Timer)
- Unix网络编程学习笔记之第2章 TCP和UDP
- edm经验1