• Stars
    star
    472
  • Rank 93,034 (Top 2 %)
  • Language
    C#
  • License
    BSD 3-Clause "New...
  • Created about 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell

SharpSocks

SharpSocksServer

Tunnellable HTTP/HTTPS socks4a proxy written in C#.

Usage

Server

.NET Core Project with builds for Windows, Linux, and Docker support. Once the implant side connects and establishes the tunnel, the SOCKS server open on the socks port (43334 by default.)

Usage:  [options]

Options:
  -?|-h|--help         Show help information.
  -s|--socksserveruri  IP:Port for SOCKS to listen on, default is *:43334
  -c|--cmdid           Command Channel Identifier, needs to be shared with the server
  -l|--httpserveruri   Uri to listen on, default is http://127.0.0.1:8081
  -k|--encryptionkey   The encryption key used to secure comms
  -sc|--sessioncookie  The name of the cookie to pass the session identifier
  -pc|--payloadcookie  The name of the cookie to pass smaller requests through
  -st|--socketTimeout  How long should SOCKS sockets be held open for, default is 30s
  -v|--verbose         Verbose error logging
  -p|--pfxpassword     Password to the PFX certificate if using HTTPS

TLS

If using HTTPS you will want to replace SharpSocks.pfx with a new certificate, you do this manually or using New-Cert.ps1. This will prompt you for a password for the PFX file which will need to be passed to SharpSocks with the -p option.

Client (Implant side)

.NET 4.0 project for running on the target (such as in memory in a PoshC2 implant) which tunnels the traffic to the server.

SharpSocks Proxy Client
=======================

      --use-proxy            Use proxy server (for system proxy set this and
                               leave -m blank)
  -m, --proxy=VALUE          Proxy Url in format http://<server>:<port> (use-
                               proxy is implied)
  -u, --username=VALUE       Web proxy username
  -d, --domain=VALUE         Web proxy domain
  -p, --password=VALUE       Web proxy password
  -k, --encryption-key=VALUE The encryption key, leave blank to be asked
  -c, --cmd-id=VALUE         Command Channel Id (required)
  -b, --beacon=VALUE         Beacon time in (ms)
  -s, --server-uri=VALUE     Uri of the server, default is http://127.0.-
                               0.1:8081
      --url1=VALUE           pages/2019/stats.php
      --url2=VALUE           web/v10/2/admin.asp
      --session-cookie=VALUE The name of the cookie to pass the session
                               identifier
      --payload-cookie=VALUE The name of the cookie to pass smaller requests
                               through
      --user-agent=VALUE     The User Agent to be sent in any web request
      --df=VALUE             The actual Host header to be sent if using
                               domain fronting
  -h, -?, --help
  -v, --verbose
  -r, --read-time=VALUE      The time between SOCKS proxy reads, default 500ms
  -a, --standalone           Standalone mode, do not return on the main thread

Apache Rewrite Rule (C2 proxy)

If using a C2 proxy you can achieve TLS termination and route the traffic for the SOCKS URLs to the server running locally.

Define SharpSocks 127.0.0.1:49031
RewriteRule ^/sharpsocks1/(.*) http://${SharpSocks} [NC,L,P]
RewriteRule ^/sharpsocks2/(.*) http://${SharpSocks} [NC,L,P]

More Repositories

1

PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
PowerShell
1,767
star
2

xss_payloads

Exploitation for XSS
PHP
697
star
3

PoshC2_Old

Powershell C2 Server and Implants
PowerShell
574
star
4

SharpWSUS

C#
429
star
5

RunPE

C# Reflective loader for unmanaged binaries.
C#
416
star
6

SimplePELoader

In-Memory PE Loader
C++
366
star
7

Prowl

Python
275
star
8

ETWHash

C# POC to extract NetNTLMv1/v2 hashes from ETW provider
C#
248
star
9

MalSCCM

C#
241
star
10

scrounger

Mobile application testing toolkit
Python
237
star
11

ShellcodeMutator

Python
232
star
12

Aladdin

C#
212
star
13

Tartarus-TpAllocInject

C++
172
star
14

RunOF

C#
138
star
15

Invoke-PowerThIEf

The PowerThIEf, an Internet Explorer Post Exploitation library
PowerShell
130
star
16

DLLInjection

DLL Injection Library & Tools
C++
70
star
17

SharpConflux

C#
63
star
18

zeropress

A dumb script for finding dumb coding errors in WordPress plugins
Python
55
star
19

CVE-2024-20356

This is a proof of concept for CVE-2024-20356, a Command Injection vulnerability in Cisco's CIMC.
Python
47
star
20

CVE-2024-25153

Proof-of-concept exploit for CVE-2024-25153.
Python
43
star
21

defensive-scripts

Defence Against the Dark Arts
34
star
22

InlineFunctionHooking

Windows Inline function hooking library targeted at MSVC
C
28
star
23

pwnlyoffice

Exploit ONLYOFFICE Implementations
JavaScript
24
star
24

PoshC2_IOCs

A list of IOCs applicable to PoshC2
YARA
23
star
25

SyscallsExtractor

C#
23
star
26

logparser

SQL scripts for querying event logs
21
star
27

yasha

Python
18
star
28

metasploit-modules

Modules created by Nettitude for Metasploit
Ruby
12
star
29

hyperv-driver-thread-detection-poc

hyperv-driver-thread-detection-poc
C#
11
star
30

PoshC2_Shellcode

Supporting projects for PoshC2
C
11
star
31

CVE-2022-23253-PoC

CVE-2022-23253 PoC
Python
5
star
32

PoshC2_Linux_Implant

C
4
star
33

PBind

PBind payloads for PoshC2
C#
2
star
34

secure-development-training

PHP
2
star
35

PoshC2_Core

C#
1
star
36

FComm

FComm payloads for PoshC2
C#
1
star