↕️🤫 Stealth redirector for your red team operation security.
BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from illegitimate visitors.
The tool is distributed with preconfigured lists of blocked words, blocked and allowed IP addresses.
For more information on tool usage, you may visit project's wiki.
The main idea of rules is how BounceBack matches traffic. The tool currently supports the following rule types:
Custom rules may be easily added, just register your RuleBaseCreator or RuleWrapperCreator. See already created RuleBaseCreators and RuleWrapperCreators
Rules configuration page may be found here.
The proxies section is used to configure where to listen and proxy traffic, which protocol to use and how to chain rules together for traffic filtering. At the moment, BounceBack supports the following protocols:
Custom protocols may be easily added, just register your new type in manager. Example proxy realizations may be found here.
Proxies configuration page may be found here.
Just download latest release from release page, unzip it, edit config file and go on.
If you want to build it from source, clone it (don't forget about GitLFS), install goreleaser and run:
goreleaser release --clean --snapshot
(Optionally) Update banned_ips.txt
list:
bash scripts/collect_banned_ips.sh > data/banned_ips.txt
Modify config.yml
for your needs. Configure rules to match traffic, proxies to analyze traffic using rules and globals for deep rules configuration.
Run BounceBack:
./bounceback
Usage of BounceBack: \ -c, --config string Path to the config file in YAML format (default "config.yml") \ -l, --log string Path to the log file (default "bounceback.log") \ -v, --verbose count Verbose logging (0 = info, 1 = debug, 2+ = trace)