Hands-On Penetration Testing on Windows
上QQ阅读APP看书,第一时间看更新

Living in an IPv4 world – creating a local 4-to-6 proxy for your tools

There's a tool included with Kali that can be thought of as netcat on steroids: socat. This tool can do many things and we just don't have enough room to go over it all here, but its ability to relay from IPv4 to IPv6 environments is especially useful. We've seen tools designed for IPv6, but we will occasionally find ourselves stuck needing a particular IPv4 tool's functionality to talk to IPv6 hosts. Enter the socat proxy.

The concept and setup is simple: we set up an IPv4 listener that then forwards them over IPv6 to a host where our sneaky evil bank website is waiting on port 80:

Everything happens in the background at this point, so you won't see anything in the terminal. No news is good news with a socat proxy; if there's a problem, it'll let you know. Let's take a look at these options:

  • TCP4-LISTEN:8080 tells socat to listen for TCP connections over IPv4 and defines the local listening port, in this case 8080.
  • reuseaddr is needed for heavy-duty testing by allowing more than one concurrent connection.
  • fork refers to forking a child process each time a new connection comes through the pipe, used in tandem with reuseaddr.
  • TCP6: comes after the space that tells socat what we're going to do with the traffic received on the listener side of the command; it says to send the traffic over to port 80 of a TCP target over IPv6. Note that we need brackets here as the colon is used in both command syntax and IPv6 addresses, so this prevents confusion.

Just as an example, I fire up the curl command and point it at the local listener on port 8080, and I pull back the website waiting at the IPv6 address on port 80:

As you can see, the target and port have to be defined for socat.  You know what would be really useful? A Python script that prompts for a host and port number and configures socat automatically. Something to consider for later.