As per the test.py script, when RedirectAllTraffic option is disabled in the configs, the TCP socket requests to arbitrary host (e.g. - 8.8.8.8) and named host (e.g. - does-not-exist-amirite.fireeye.com) at a bound port should NOT be intercepted. In other words, the RawTCPListener should not respond to the TCP requests with host 8.8.8.8 or does-not-exist-amirite.fireeye.com for port 1337, when RedirectAllTraffic is disabled.
But in multihost operation mode, FakeNet on Linux responds to TCP traffic with arbitrary host or named host in bound port. Note that this behavior is only with multihost operation mode. In singlehost mode, FakeNet does not respond to arbitrary/named hosts in bound port.
Steps to reproduce
[ ] Setup multihost operation mode for FakeNet-NG. (I will be assuming FakeNet runs on Linux and traffic is initiated on Windows)
[ ] Set RedirectAllTraffic setting to No in fakenet/configs/default.ini on the Linux machine.
[ ] Start a FakeNet session on Linux machine.
[ ] On windows, use ncat 8.8.8.8 1337 to make TCP request to arbitrary host under bound port.
[ ] Upon execution, type any message and verify the same message is logged back from the server to console.
[ ] On windows, use ncat does-not-exist-amirite.fireeye.com 1337 to make TCP request to named host under bound port.
[ ] Upon execution, type any message and verify the same message is logged back from the server to console.
Additional Info
Found this while testing #163
Tested on latest commit ac33a706274d3e567080d261f7886fd472378ffa
OS versions:
Linux - Ubuntu 20.04 LTS
Windows - MSEdge Win 10
Both systems are Virtual Machines used on VirtualBox
Used Host-only network adapters in both machines for communication
Bug
As per the test.py script, when RedirectAllTraffic option is disabled in the configs, the TCP socket requests to arbitrary host (e.g. -
8.8.8.8
) and named host (e.g. -does-not-exist-amirite.fireeye.com
) at a bound port should NOT be intercepted. In other words, the RawTCPListener should not respond to the TCP requests with host8.8.8.8
ordoes-not-exist-amirite.fireeye.com
for port 1337, when RedirectAllTraffic is disabled.But in multihost operation mode, FakeNet on Linux responds to TCP traffic with arbitrary host or named host in bound port. Note that this behavior is only with multihost operation mode. In singlehost mode, FakeNet does not respond to arbitrary/named hosts in bound port.
Steps to reproduce
RedirectAllTraffic
setting toNo
infakenet/configs/default.ini
on the Linux machine.ncat 8.8.8.8 1337
to make TCP request to arbitrary host under bound port.ncat does-not-exist-amirite.fireeye.com 1337
to make TCP request to named host under bound port.Additional Info