Comments (13)
Not all NATs do this, but yes, more are port munging these days (however it's much less likely for UDP). If one of the NATs is doing this and the other isn't, you can use the birthday paradox to get a 99% chance of packet exchange in ~533 packets (actually less by if you know the port range the opposing side will use).
from pwnat.
I'm not too sure if it is possible to to "proxy" through CGNAT (carrier grade NAT), but its getting more and more common here in Europe, so it would be a great thing to add.
from pwnat.
@Gustavo6046 @master-hax @tlsalex @Zibri Sorry for the late reply, the tool was NAT Slipstreaming: https://samy.pl/slipstream/
from pwnat.
what tool ?
from pwnat.
I think the best way to f*ck any nat would be to use webrtc think about it.
from pwnat.
@bauen1 can you share the specific elements of CGNAT that you found are specifically difficult to bypass?
from pwnat.
@Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
from pwnat.
I'm not entirely sure what didn't work since I tested this a long time ago, but if you ping me in a few days, I should have some time to look at it again (more closely)
from pwnat.
@Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
What I would do is this:
command line utility that connects to a TURNS relay and opens a listening port for anything
Example:
10.0.05 >>> turn server >> map port YYY to XXXX
anyone else >>> turn server port XXXX >>> connects to 10.0.0.5 port YYY
contact me privately at zibri AT zibri DOT org.. so I can give you some relay servers easily :D
from pwnat.
@Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
what tool?
from pwnat.
@Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
@samyk any news on this tool? :)
from pwnat.
I'm not entirely sure what didn't work since I tested this a long time ago, but if you ping me in a few days, I should have some time to look at it again (more closely)
Ping!
from pwnat.
Oh, that is perfectly fine, don't sweat! :)
I can't wait to see how this unrolls now.
from pwnat.
Related Issues (20)
- [GENERAL QUESTION] how to penetrate symmetric NATs
- Couldn't create privileged icmp/raw socket: Operation not permitted HOT 1
- Will this work behind a Carrier Grade NAT (CGNAT)
- What license is pwnat under? HOT 4
- it does not work on different networks.
- Does pwnat still work? HOT 7
- how much is the success rate of pwnat's hole punching In the case of stun only?
- What protocols does pwnat support? HOT 1
- manpage HOT 4
- Cross compiling for OpenWRT or generic mips
- segmentation fault HOT 3
- Failed to send ICMP packet: Invalid argument
- Unable to cross compile on Linux HOT 4
- Create 'obj' directory during make HOT 3
- A full guide for pwnat for establishing an ssh tunnel. HOT 1
- Not working under my ISP network HOT 1
- If I can use icmp package to send messages? HOT 2
- how we can build in Windows OS ?
- Wireguard?
- Rewrite in C# Unity and use it on andriod
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pwnat.