-
Notifications
You must be signed in to change notification settings - Fork 72
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Ana Martinez Gomez <[email protected]>
- Loading branch information
Showing
10 changed files
with
835 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,349 @@ | ||
############################################################################### | ||
# Fakenet Configuration | ||
|
||
[FakeNet] | ||
|
||
# Specify whether or not FakeNet should divert traffic. Disable if you want to | ||
# just start listeners and direct traffic manually (e.g. modify DNS server) | ||
DivertTraffic: Yes | ||
|
||
############################################################################### | ||
# Diverter Configuration | ||
|
||
[Diverter] | ||
|
||
# Specify what mode of operation to use. Options: | ||
# SingleHost - manipulate local traffic | ||
# MultiHost - manipulate traffic from foreign hosts | ||
# Auto - Use SingleMode on Windows or use MultiHost on Linux | ||
# | ||
# The current support for these modes on each supported platform is as follows: | ||
# | Windows | Linux | | ||
# -----------+------------+--------------+ | ||
# SingleHost | Functional | Experimental | | ||
# MultiHost | - | Functional | | ||
# NetworkMode: SingleHost | ||
# NetworkMode: MultiHost | ||
NetworkMode: Auto | ||
|
||
# DebugLevel: specify fine-grained debug print flags to enable. Enabling all | ||
# logging when verbose mode is selected results in overwhelming output, hence | ||
# this setting. Valid values (comma-separated) are: | ||
# | ||
# GENPKT Generic packet information | ||
# GENPKTV Packet analysis, displays IP, TCP, UDP fields, very wide output | ||
# CB Diverter packet handler callback start/finish logging | ||
# NONLOC Nonlocal packet verbose logging | ||
# DPF Dynamic port forwarding decisions | ||
# DPFV Dynamic port forwarding table activity | ||
# IPNAT NAT decisions | ||
# MANGLE Packet mangling (modification) activity | ||
# PCAP PCAP writes of original and mangled packets | ||
# IGN Cases where packets are forwarded as is | ||
# FTP FTP-specific logic | ||
# IGN-FTP Cases where packets are forwarded as is due to FTP Active Mode | ||
# MISC Miscellaneous | ||
# NFQUEUE NetfilterQueue activity (Linux only) | ||
# PROCFS Procfs read/write activity (Linux only) | ||
# IPTABLES iptables firewall rule activity (Linux only) | ||
DebugLevel: Off | ||
|
||
# Restrict which interface on which Fakenet-NG will intercept and handle | ||
# packets. Specify (only) one interface and Fakenet-NG will ignore all other | ||
# interfaces. This feature only applies to interfaces on different subnets. | ||
# Specify interface by name only (ex: eth0). To disable, set to "Off". In | ||
# order to run multiple instance of Fakenet-NG on different interfaces within | ||
# the same guest, LinuxFlushIptables must be turned off to avoid the latest | ||
# instance flushing the rules associated with other instances or restoring | ||
# rules to an incorrect state upon exit. | ||
LinuxRestrictInterface: Off | ||
|
||
# Set LinuxFlushIptables to Yes to have the Linux Diverter flush all iptables | ||
# rules before adding its FakeNet-NG-specific rules to iptables. This setting | ||
# also restores rules via `iptables-restore` when it exits, unless its | ||
# termination is interrupted. | ||
LinuxFlushIptables: Yes | ||
|
||
# Incorporated so that users of the binary release may make this work for | ||
# various Linux distros. On Ubuntu, this is `service dns-clean restart`. For | ||
# other distributions, it may be `nscd -I hosts`. Check your manual for | ||
# details. | ||
LinuxFlushDNSCommand: service dns-clean restart | ||
|
||
# Specify whether or not to save captured traffic. You can also change | ||
# the file prefix for the generated PCAPs. | ||
DumpPackets: Yes | ||
DumpPacketsFilePrefix: packets | ||
|
||
# DHCP server running under VMWare Host-Only networking does not configure | ||
# interface gateway and DNS server. Gateway must be configured to allow | ||
# Windows to attempt to route external traffic so that FakeNet could | ||
# could intercept it. This option will automatically generate and set | ||
# appropriate gateway and DNS addresses to allow normal operation. | ||
FixGateway: Yes | ||
FixDNS: Yes | ||
|
||
# Enable 'ModifyLocalDNS' to statically set DNS server to the local machine. | ||
# Linux: Modifies (and restores) /etc/resolv.conf on Linux to make this an | ||
# ephemeral change. | ||
ModifyLocalDNS: Yes | ||
|
||
# Enable 'StopDNSService' to stop Windows DNS client to see the actual | ||
# processes resolving domains. This is a no-op on Linux, until such time as DNS | ||
# caching is observed to interfere with finding the pid associated with a DNS | ||
# request. | ||
StopDNSService: Yes | ||
|
||
# Enable 'RedirectAllTraffic' to optionally divert traffic going to ports not | ||
# specifically listed in one of the listeners below. 'DefaultTCPListener' and | ||
# 'DefaultUDPListener' will handle TCP and UDP traffic going to unspecified ports. | ||
# | ||
# NOTE: Setting default UDP listener will intercept all DNS traffic unless you | ||
# enable a dedicated UDP port 53 DNS listener or add UDP port 53 to the | ||
# 'BlackListPortsUDP' below so that system's default DNS server is used instead. | ||
|
||
RedirectAllTraffic: Yes | ||
DefaultTCPListener: ProxyTCPListener | ||
DefaultUDPListener: ProxyUDPListener | ||
|
||
# Specify TCP and UDP ports to ignore when diverting packets. | ||
# For example, you may want to avoid diverting UDP port 53 (DNS) traffic | ||
# when trying to intercept a specific process while allowing the rest to | ||
# function normally | ||
# | ||
# NOTE: This setting is only honored when 'RedirectAllTraffic' is enabled. | ||
|
||
BlackListPortsTCP: 139 | ||
BlackListPortsUDP: 67, 68, 137, 138, 443, 1900, 5355, 53 | ||
|
||
# Specify processes to ignore when diverting traffic. Windows example used | ||
# here. | ||
ProcessBlackList: internet_detector.exe | ||
|
||
# Specify processes to consider when diverting traffic (others will be | ||
# ignored). Linux examples used here. | ||
# ProcessWhiteList: wget, nc | ||
|
||
# Specify hosts to ignore when diverting traffic. | ||
# HostBlackList: 6.6.6.6 | ||
|
||
############################################################################### | ||
# Listener Configuration | ||
# | ||
# Listener configuration consists of generic settings used by the diverter which | ||
# are the same for all listeners and listener specific settings. | ||
# | ||
# NOTE: Listener section names will be used for logging. | ||
# | ||
# NOTE: Settings labels are not case-sensitive. | ||
# | ||
# The following settings are available for all listeners: | ||
# * Enabled - specify whether or not the listener is enabled. | ||
# * Port - TCP or UDP port to listen on. | ||
# * Protocol - TCP or UDP | ||
# * Listener - Listener name to handle traffic. | ||
# * ProcessWhiteList - Only traffic from these processes will be modified | ||
# and the rest will simply be forwarded. | ||
# * ProcessBlackList - Traffic from all but these processes will be simply forwarded | ||
# and the rest will be modified as needed. | ||
# * HostWhiteList - Only traffic to these hosts will be modified and | ||
# the rest will be simply forwarded. | ||
# * HostBlackList - Traffic to these hosts will be simply forwarded | ||
# and the rest will be modified as needed. | ||
# * ExecuteCmd - Execute command on the first connection packet. This is feature is useful | ||
# for extending FakeNet-NG's functionality (e.g. launch a debugger on the | ||
# connecting pid to help with unpacking and decoding.) | ||
# | ||
# The following format string variables are made available: | ||
# * {pid} - process id | ||
# * {procname} - process executable name | ||
# * {src_addr} - source address | ||
# * {src_port} - source port | ||
# * {dst_addr} - destination address | ||
# * {dst_port} - destination port | ||
# | ||
# Listener entry which does not specify a specific listener service | ||
# will still redirect all packets to the local machine on the specified port and | ||
# subject to all the filters (processes, hosts, etc.). However, you must set-up a | ||
# third party service (e.g. proxy servers) to accept these connections. This feature can be | ||
# used to provide FakeNet-NG's passive traffic diverting and filtering capabilities to other | ||
# applications. | ||
# | ||
# Listener specific settings: | ||
# | ||
# * Timeout - Set connection timeout for any listeners that support | ||
# TCP connections (e.g. RawListener, DNSListener, HTTPListener | ||
# SMTPListener). | ||
# * UseSSL - Enable SSL support on the listener (RawListener, HTTPListener) | ||
# * Webroot - Set webroot path for HTTPListener. | ||
# * DumpHTTPPosts - Store HTTP Post requests for the HTTPListener. | ||
# * DumpHTTPPostsFilePrefix - File prefix for the stored HTTP Post requests used by the HTTPListener. | ||
# * TFTPFilePrefix - File prefix for the stored tftp uploads used by the TFTPListener. | ||
# * DNSResponse - IP address to respond with for A record DNS queries. (DNSListener) | ||
# * NXDomains - A number of DNS requests to ignore to let the malware cycle through | ||
# all of the backup C2 servers. (DNSListener) | ||
# * Banner - FTPListener, IRCListener: FTP or IRC banner to display. | ||
# Valid settings are any banner string, or !<key> where | ||
# <key> is a valid key in the BANNERS dictionary within | ||
# FTPListener.py or IRCListener.py, or !random to | ||
# randomize among the banners in the BANNERS dictionary. | ||
# The default value if none is specified is !generic, | ||
# which selects the banner in the BANNERS dictionary going | ||
# by that key. Banner string may specify the following | ||
# escapes/insertions: | ||
# {servername} - ServerName setting value | ||
# {tz} - Time zone, currently hard-coded to 'UTC' | ||
# * ServerName - FTPListener, IRCListener: FTP or IRC server name for | ||
# insertion into selected default banners or into a | ||
# user-specified banner string. Valid settings are any | ||
# hostname string, !hostname to insert the actual hostname | ||
# of the system, or !random to generate a random hostname | ||
# between 1 and 15 characters (inclusive). | ||
|
||
[ProxyTCPListener] | ||
Enabled: True | ||
Protocol: TCP | ||
Listener: ProxyListener | ||
Port: 38926 | ||
Listeners: HTTPListener, RawListener, FTPListener, DNSListener, POPListener, SMTPListener, TFTPListener, IRCListener | ||
Hidden: False | ||
|
||
[ProxyUDPListener] | ||
Enabled: True | ||
Protocol: UDP | ||
Listener: ProxyListener | ||
Port: 38926 | ||
Listeners: RawListener, DNSListener, TFTPListener, FTPListener | ||
Hidden: False | ||
|
||
[Forwarder] | ||
Enabled: False | ||
Port: 8080 | ||
Protocol: TCP | ||
ProcessWhiteList: chrome.exe | ||
Hidden: False | ||
|
||
[RawTCPListener] | ||
Enabled: True | ||
Port: 1337 | ||
Protocol: TCP | ||
Listener: RawListener | ||
UseSSL: No | ||
Timeout: 10 | ||
Hidden: False | ||
# To read about customizing responses, see docs/CustomResponse.md | ||
# Custom: sample_custom_response.ini | ||
|
||
[RawUDPListener] | ||
Enabled: True | ||
Port: 1337 | ||
Protocol: UDP | ||
Listener: RawListener | ||
UseSSL: No | ||
Timeout: 10 | ||
Hidden: False | ||
# To read about customizing responses, see docs/CustomResponse.md | ||
# Custom: sample_custom_response.ini | ||
|
||
[FilteredListener] | ||
Enabled: False | ||
Port: 31337 | ||
Protocol: TCP | ||
Listener: RawListener | ||
UseSSL: No | ||
Timeout: 10 | ||
ProcessWhiteList: ncat.exe, nc.exe | ||
HostBlackList: 5.5.5.5 | ||
Hidden: False | ||
|
||
[DNS Server] | ||
Enabled: True | ||
Port: 53 | ||
Protocol: UDP | ||
Listener: DNSListener | ||
ResponseA: 192.0.2.123 | ||
ResponseMX: mail.evil2.com | ||
ResponseTXT: FAKENET | ||
NXDomains: 0 | ||
Hidden: False | ||
|
||
[HTTPListener80] | ||
Enabled: True | ||
Port: 80 | ||
Protocol: TCP | ||
Listener: HTTPListener | ||
UseSSL: No | ||
Webroot: defaultFiles/ | ||
Timeout: 10 | ||
DumpHTTPPosts: Yes | ||
DumpHTTPPostsFilePrefix: http | ||
Hidden: False | ||
# To read about customizing responses, see docs/CustomResponse.md | ||
# Custom: sample_custom_response.ini | ||
|
||
[HTTPListener443] | ||
Enabled: True | ||
Port: 443 | ||
Protocol: TCP | ||
Listener: HTTPListener | ||
UseSSL: Yes | ||
Webroot: defaultFiles/ | ||
Timeout: 10 | ||
DumpHTTPPosts: Yes | ||
DumpHTTPPostsFilePrefix: http | ||
Hidden: False | ||
|
||
[SMTPListener] | ||
Enabled: True | ||
Port: 25 | ||
Protocol: TCP | ||
Listener: SMTPListener | ||
UseSSL: No | ||
Hidden: False | ||
|
||
[FTPListener21] | ||
Enabled: True | ||
Port: 21 | ||
Protocol: TCP | ||
Listener: FTPListener | ||
UseSSL: No | ||
FTProot: defaultFiles/ | ||
PasvPorts: 60000-60010 | ||
Hidden: False | ||
Banner: !generic | ||
ServerName: !gethostname | ||
|
||
[FTPListenerPASV] | ||
Enabled: True | ||
Port: 60000-60010 | ||
Protocol: TCP | ||
Hidden: False | ||
|
||
[IRCServer] | ||
Enabled: True | ||
Port: 6667 | ||
Protocol: TCP | ||
Listener: IRCListener | ||
UseSSL: No | ||
Banner: !generic | ||
ServerName: !gethostname | ||
Timeout: 30 | ||
Hidden: False | ||
|
||
[TFTPListener] | ||
Enabled: True | ||
Port: 69 | ||
Protocol: UDP | ||
Listener: TFTPListener | ||
TFTPRoot: defaultFiles/ | ||
Hidden: False | ||
TFTPFilePrefix: tftp | ||
|
||
[POPServer] | ||
Enabled: True | ||
Port: 110 | ||
Protocol: TCP | ||
Listener: POPListener | ||
UseSSL: No | ||
Hidden: False | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
<metadata> | ||
<id>internet_detector.vm</id> | ||
<version>1.0.0</version> | ||
<authors>Elliot Chernofsky and Ana Martinez Gomez</authors> | ||
<description>Tool that changes the background and a taskbar icon if it detects internet connectivity</description> | ||
<dependencies> | ||
<dependency id="common.vm" version="0.0.0.20240821" /> | ||
<dependency id="libraries.python3.vm" version="0.0.0.20240726" /> | ||
<dependency id="fakenet-ng.vm" version="3.2.0.20240902" /> | ||
</dependencies> | ||
</metadata> | ||
</package> |
Oops, something went wrong.