Open hplc opened 7 years ago
samyk
commented
7 years ago Not all NATs do this, but yes, more are port munging these days (however it's much less likely for UDP). If one of the NATs is doing this and the other isn't, you can use the birthday paradox to get a 99% chance of packet exchange in ~533 packets (actually less by if you know the port range the opposing side will use).
bauen1
commented
7 years ago I'm not too sure if it is possible to to "proxy" through CGNAT (carrier grade NAT), but its getting more and more common here in Europe, so it would be a great thing to add.
Zibri
commented
5 years ago I think the best way to f*ck any nat would be to use webrtc think about it.
samyk
commented
5 years ago @bauen1 can you share the specific elements of CGNAT that you found are specifically difficult to bypass?
samyk
commented
5 years ago @Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
bauen1
commented
5 years ago I'm not entirely sure what didn't work since I tested this a long time ago, but if you ping me in a few days, I should have some time to look at it again (more closely)
Zibri
commented
5 years ago @Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
What I would do is this: command line utility that connects to a TURNS relay and opens a listening port for anything
Example: 10.0.05 >>> turn server >> map port YYY to XXXX
anyone else >>> turn server port XXXX >>> connects to 10.0.0.5 port YYY
contact me privately at zibri AT zibri DOT org.. so I can give you some relay servers easily :D
Zibri
commented
4 years ago @Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
what tool?
tlsalex
commented
4 years ago what tool ?
master-hax
commented
4 years ago @Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :)
@samyk any news on this tool? :)
wallabra
commented
3 years ago I'm not entirely sure what didn't work since I tested this a long time ago, but if you ping me in a few days, I should have some time to look at it again (more closely)
Ping!
samyk
commented
3 years ago @Gustavo6046 @master-hax @tlsalex @Zibri Sorry for the late reply, the tool was NAT Slipstreaming: https://samy.pl/slipstream/
wallabra
commented
3 years ago Oh, that is perfectly fine, don't sweat! :)
I can't wait to see how this unrolls now.
Most NAT would change source port to another number, while by monitoring data out NAT we can watch that. So to get the real source port out NAT, we need a third server to monitor that, maybe like N2N does.