Pentest Tools

Published on June 8th, 2015 📆 | 5204 Views ⚑

0

Multiplex Various Network Data Flows: SSF


iSpeech

Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer.

 

Multiplex Various Network Data Flows

[adsense size='1']

The initial aim of SSF was to provide an easy way for users and developers to multiplex and demultiplex various network data flows. It was designed to:

  • be cross platform
  • be lightweight (preferably standalone)
  • be easily extendible
  • provide modern (TLS 1.2) secure point-to-point communication with the strongest cipher-suites
  • provide high performance communications by using the benefits of modern multi-core / multi-threaded architecture

These requirements excluded SSH which showed limitations on all items (particularly in performance, but also by the lack of server side application on Windows). Classic VPN software was also excluded because the requirement of administrator rights was too limiting.

[adsense size='1']

Specific features

  • One feature which was not present in any another equivalent network tool was UDP forwarding. UDP is nonetheless widely used in real-time services (VoIP, online gaming, …) and for DNS. Therefore, SSF is able to forward both TCP and UDP from the client to the server (options -L and -U) as well as from the server to the client (options -R and -V)
  • SSF also allows dynamic port forwarding with a SOCKS server from the client to the server (option -D just like SSH) and from the server to the client (option -F which SSH does not allow)
  • The bouncing feature allows to simply forward the traffic from one point to another, through a list of intermediary relay servers

 

SSF command-line was designed as a drop-in replacement for SSH (on equivalent features, such as port forwarding or SOCKS), so that you can benefit of the performance and security gain with minimal – or even, not a single – update for your scripts and tools.

[adsense size='1']

Requirements

  • Winrar >= 5.2.1 (Third party builds on windows)
  • Boost >= 1.56.0
  • OpenSSL >= 1.0.2
  • Google Test >= 1.7.0
  • CMake >= 2.8.11
  • nasm (openssl build on windows)
  • Perl | Active Perl >= 5.20 (openssl build on windows)
  • C++11 compiler (Visual Studio 2013, Clang, g++, etc.)

SSF_SECURITY:

  • STANDARD: the project will be build with standard security features
  • FORCE_TCP_ONLY: the project will be built without security features to facilitate debugging

 





Get SSF here:

https://github.com/securesocketfunneling/ssf.git

 

Build SSF on Linux

  • Go in project directory
cd PROJECT_PATH
cp boost_1_XX_Y.tar.bz2 PROJECT_PATH/third_party/boost
cp openssl-1.0.XY.tar.gz PROJECT_PATH/third_party/openssl
cp gtest-1.X.Y.zip PROJECT_PATH/third_party/gtest
  • Generate project
mkdir PROJECT_PATH/build
cd PROJECT_PATH/build
cmake -G "GENERATOR" -DCMAKE_BUILD_TYPE=Release|Debug -DSSF_SECURITY:STRING="STANDARD|FORCE_TCP_ONLY" ../
  • Build project
cmake --build PROJECT_PATH/build -- -j

[adsense size='1']

How to use

Command line

SSF_<Server|Client>[.exe] [-L loc:ip:dest] [-R rem:ip:dest] [-D port] [-F port] [-U loc:ip:dest] [-V rem:ip:dest] [-b bounce_file] [-c config_file] [-p port] [host]
  • host: the IP address or the name of the remote server to connect to.
  • -p: port is the port on which to listen (for the server) or to connect (for the client). The default value is 8011.
  • -L: TCP port forwarding with loc as the local TCP port, ip and dest as destination toward which the forward should be done from the server.
  • -R: TCP remote port forwarding with rem as the TCP port to forward from the remote host, ip and dest as destination toward which the forward should be done from the client.
  • -D: open a port (port) on the client to connect to a SOCKS server on the server from the client.
  • -F: open a port (port) on the server to connect to a SOCKS server on the client from the server.
  • -U: UDP port forwarding with loc as the UDP port to forward from the client, ip and dest as destination toward which the forward should be done from the server.
  • -V: UDP remote port forwarding with rem as the UDP port to forward from the server, ip and dest as destination toward which the forward should be done from the client.
  • -b: bounce_file is the file containing the list of relays to use.
  • -c: config_file is the config file containing configuration for SSF (TLS configuration).

 

 

 

Source && Download

 

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑