Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nettitude/SharpSocks
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
https://github.com/nettitude/SharpSocks
Last synced: about 2 months ago
JSON representation
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
- Host: GitHub
- URL: https://github.com/nettitude/SharpSocks
- Owner: nettitude
- License: bsd-3-clause
- Created: 2017-11-10T13:29:08.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2023-03-15T19:19:30.000Z (over 1 year ago)
- Last Synced: 2024-04-24T13:19:13.076Z (5 months ago)
- Language: C#
- Size: 1.1 MB
- Stars: 471
- Watchers: 62
- Forks: 86
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - nettitude/SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell (C# #)
README
# SharpSocks
Tunnellable HTTP/HTTPS socks4a proxy written in C#.
## Usage
### Server
.NET Core Project with builds for Windows, Linux, and Docker support.
Once the implant side connects and establishes the tunnel, the SOCKS server open on the socks port (43334 by default.)
```
Usage: [options]
Options:
-?|-h|--help Show help information.
-s|--socksserveruri IP:Port for SOCKS to listen on, default is *:43334
-c|--cmdid Command Channel Identifier, needs to be shared with the server
-l|--httpserveruri Uri to listen on, default is http://127.0.0.1:8081
-k|--encryptionkey The encryption key used to secure comms
-sc|--sessioncookie The name of the cookie to pass the session identifier
-pc|--payloadcookie The name of the cookie to pass smaller requests through
-st|--socketTimeout How long should SOCKS sockets be held open for, default is 30s
-v|--verbose Verbose error logging
-p|--pfxpassword Password to the PFX certificate if using HTTPS
```
### TLS
If using HTTPS you will want to replace SharpSocks.pfx with a new certificate, you do this manually or using `New-Cert.ps1`.
This will prompt you for a password for the PFX file which will need to be passed to SharpSocks with the `-p` option.
### Client (Implant side)
.NET 4.0 project for running on the target (such as in memory in a PoshC2 implant) which tunnels the traffic to the server.
```
SharpSocks Proxy Client
=======================
--use-proxy Use proxy server (for system proxy set this and
leave -m blank)
-m, --proxy=VALUE Proxy Url in format http://: (use-
proxy is implied)
-u, --username=VALUE Web proxy username
-d, --domain=VALUE Web proxy domain
-p, --password=VALUE Web proxy password
-k, --encryption-key=VALUE The encryption key, leave blank to be asked
-c, --cmd-id=VALUE Command Channel Id (required)
-b, --beacon=VALUE Beacon time in (ms)
-s, --server-uri=VALUE Uri of the server, default is http://127.0.-
0.1:8081
--url1=VALUE pages/2019/stats.php
--url2=VALUE web/v10/2/admin.asp
--session-cookie=VALUE The name of the cookie to pass the session
identifier
--payload-cookie=VALUE The name of the cookie to pass smaller requests
through
--user-agent=VALUE The User Agent to be sent in any web request
--df=VALUE The actual Host header to be sent if using
domain fronting
-h, -?, --help
-v, --verbose
-r, --read-time=VALUE The time between SOCKS proxy reads, default 500ms
-a, --standalone Standalone mode, do not return on the main thread
```
### Apache Rewrite Rule (C2 proxy)
If using a C2 proxy you can achieve TLS termination and route the traffic for the SOCKS URLs to the server running locally.
```
Define SharpSocks 127.0.0.1:49031
RewriteRule ^/sharpsocks1/(.*) http://${SharpSocks} [NC,L,P]
RewriteRule ^/sharpsocks2/(.*) http://${SharpSocks} [NC,L,P]
```