Easily deploy redirectors through AWS, manage DNS entries and route outgoing traffic
Features:
- Route an internet-exposed AWS node to a C&C for specific ports
- Route an operator computer traffic to internet through an AWS node
- Start/Stop AWS instances
- Renew/Associate/Dissociate Elastic IPs to AWS instances
- Manage DNS entries
To list the current configuration:
./redinfra.py --show-config
To apply the routing (after you checked the config):
./redinfra.py --apply
./redinfra.py --list-dns
./redinfra.py --new-dns <domain> <ip>
./redinfra.py --remove-dns <domain> <ip>
./redinfra.py --list-aws
./redinfra.py --start-aws <aws-instance>
./redinfra.py --stop-aws <aws-instance>
./redinfra.py --list-elastic-ips
./redinfra.py --associate-ip <elastic-ip> <aws-instance>
./redinfra.py --associate-ip <elastic-ip>
./redinfra.py --renew-ip <elastic-ip>
Current routing can be listed with
./redinfra.py --list-routing
./redinfra.py --set-routing <aws_instance> <c&c_local_ip> 80,443
# Check the config
./redinfra.py --show-config
# Apply the config
./redinfra.py --apply
./redinfra.py --set-routing <aws_instance> <attacker_host_local_ip> ''
# Check the config
./redinfra.py --show-config
# Apply the config
./redinfra.py --apply
The attacker host default route must be the router
Remember to disable IPv6
Connect to the routing server
Clone the redinfra project
git clone https://github.com/hegusung/redinfra
cd redinfra
pip3 install -r requirements.txt
Clone and setup the openvpn-install project
git clone https://github.com/angristan/openvpn-install.git
cd openvpn-install
./openvpn-install.sh
- Edit the /etc/openvpn/server.conf
- Add "client-to-client" to the configuration
- Change "dev tun" to "dev tap"
- Remove the following line : 'push "redirect-gateway def1 bypass-dhcp"'
To prevent connections from the VPN to the router
iptables -A INPUT -s 192.168.56.0/24 -j DROP
Execute the following and follow the instructions
./openvpn-install.sh
- Go to your AWS interface > Identity and Access Management (IAM) > Access management > Users
- Select the user to to connect to AWS using the API
- Go to the "Security credentials" tab > Access keys section
- Generate an access key
- Put this access key in the redinfra.cfg file (create this file from the redinfra.cfg.sample)
- Go to your AWS interface > Route 53 > Hosted zone
- Click on "Create hosted zone"
- Fill the information and "Create hosted zone"
- Go to your AWS interface > EC2
- Select the desired region (top-right corner)
- Make sure the region is provided in the redinfra.cfg file so the script can find the instance
- Go to Instances > Instances
- Create an instance by clicking on "Launch instances" (top-right corner)
- Once the instance is created, click on it
- Go to Security tab and set the firewall parameters, generally you need the following
- Inbound rules:
- port 22, to connect to the instance and configure it later on
- the port to be redirected to the C&C, if any
- Outbound rules:
- All port to 0.0.0.0/0
- Inbound rules:
- Go to your AWS interface > EC2
- Select the desired region (top-right corner)
- Make sure the region is provided in the redinfra.cfg file so the script can find the instance
- Go to Network & Security > Elastic IPs
- Create an instance by clicking on "Allocate Elastic IP address" (top-right corner)
- Allocate the Elastic IP to the instance
Transfer the Openvpn from the Router to the EC2 instance
scp -i aws_ssh_key.pem Node.ovpn ec2-user@<aws_public_ip>:.
Connect to the EC2 using the SSH key
ssh -i aws_ssh_key.pem ec2-user@<aws_public_ip>
Install openvpn in the EC2 instance
# Install EC2 extensions
amazon-linux-extras install epel
yum update
# Install OpenVPN
yum install openvpn
Edit the Openvpn config file
- change "dev tun" to "dev tap"
Copy the configuration
sudo cp Node.ovpn /etc/openvpn/client/Node.conf
Start OpenVPN service
systemctl start openvpn-client@Node
systemctl enable openvpn-client@Node
Connect to the router, setup the VPN IP of the newly generated EC2 instance with the following command:
./redinfra.py --set-vpn-ip <aws_instance> <vpn_ip>
Save the given router IP, it will be useful for after... (on the instance config)
VPN config can be listed with:
./redinfra.py --list-vpn-ip
Execute the following commands
echo 1 >/proc/sys/net/ipv4/ip_forward
# Make this persistent, edit the /etc/sysctl.d/00-defaults.conf file:
net.ipv4.ip_forward = 1
# setup iptables
iptables -F FORWARD
iptables -t nat -A POSTROUTING -s <ip_vpn_router> -j MASQUERADE
iptables -t nat -A PREROUTING -d <ip_local_aws> -p tcp ! --dport 22 -j DNAT --to-destination <ip_vpn_router_given> # usually the ip + 100 given when saving the AWS VPN IP in redinfra.py
# Make this persistent
yum install iptables-services -y
systemctl enable iptables
systemctl start iptables
service iptables save