DYNAMICPROXY
DYNAMICPROXY creates a dynamic TCP proxy which can perform a man-in-the-middle attack and log traffic crossing the Packet Squrirel in NAT mode.
A standard TCP proxy requires prior knowledge of the original destination of the traffic. Proxies created with DYNAMICPROXY automatically derive the destination and are able to log traffic to and from multiple remote TCP services.
Limitations
The DYNAMICPROXY tool is able to log the content of TCP streams passing through the Packet Squirrel in NAT configurations. Because of how the process works, it is not possible in the BRIDGE or TRANSPARENT configurations.
Only one instance of DYNAMICPROXY may be running at once. To capture from multiple ports simultaneously, specify all the ports on a single command.
Options
The DYNAMICPROXY command expects several options:
Direction
DYNAMICPROXY logs the contents of TCP streams; they can be logged as CLIENT (the device connecting to the target service via the Packet Squirrel), SERVER (the responses from the server to the client) or ANY (both sides of the stream logged to independent files).
Filename prefix
Streams will be saved to multiple files based on the filename prefix. Since streams can be very large, and the Packet Squirrel has limited internal storage, the file prefix should always be on the USB external storage.
Files are saved as [prefix]_[timestamp]_[server ip]_[server port]_[client ip]_[client port].stream
For example a file prefix of /usb/printer/printjob_ will save streams as /usr/printer/printjob_[timestamp]_[server ip]_[server port]_[client ip]_[client port].stream
The exact content of the filenames is often unimportant, but necessary as many streams can occur at the same time.
Ports
DYNAMICPROXY can intercept streams on multiple TCP ports simultaneously. To intercept streams on multiple ports, list all the ports as a single command.
Examples
The DYNAMICPROXY command can be used as part of a payload to capture data to external USB storage:
Last updated