Skip to content

Agent Side Proxy and Port Mapping

Jump to bottom Edit New page
jm33-m0 edited this page Oct 22, 2024 · 5 revisions

Socks5 Proxy Server

How it works

You can launch a SOCKS5 proxy server on the agent side with randomly generated username and password, then map its port back to the Control Center (CC). Suppose your CC can be reached via the IP address 1.2.3.4, the resulting proxy configuration URL would be:

socks5://username:password@1.2.3.4:port

You can then use this proxy to access network resources on the agent side.

How to use it

  1. Type use run_proxy.
  2. Set the port you want (e.g., 8080).
  3. Type run. The agent will send back the generated username and password.
  4. Now, you can use the proxy with the URL format: socks5://username:password@1.2.3.4:8080.

If DNS over HTTPS (DoH) is enabled, the SOCKS5 server on the agent side will use it to resolve domain names.

TCP/UDP Port Forwarding/Mapping

Map Agent-Side Port to C2 Side

To map a port from the agent side to the C2 side:

  1. Type use port_fwd.
  2. Set the protocol to tcp or udp (Note: udp is currently not supported for reverse port mapping).
  3. Set the destination address in the format ip:port.
  4. Specify a port that emp3r0r listens to on the localhost.

Map C2-Side Port to Agent Side

To reverse the direction of port mapping (from C2 to agent):

  1. Type set switch reverse to change the direction.
  2. Configure other necessary options as required.
Add a custom footer
Add a custom sidebar
Clone this wiki locally