BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc.
BounceBack is a powerful reverse proxy and WAF (Web Application Firewall) tool designed to hide C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It comes with preconfigured lists of blocked words, blocked and allowed IP addresses, and is highly configurable and customizable. It uses real-time traffic analysis through various filters and their combinations to protect against illegitimate visitors.
The tool has a number of features, such as a boolean-based concatenation of rules to hide infrastructure, an extendable project structure, a massive blacklist of IPv4 pools and ranges, a malleable C2 profile parser, domain fronting support, IP geolocation/reverse lookup data, and the ability to check the IPv4 address of requests against specified regular expressions. It also supports multiple proxies with different filter pipelines at one BounceBack instance, and verbose logging to keep track of all incoming requests and events.
BounceBack currently supports the following filters: boolean-based rules combinations, IP and subnet analysis, IP geolocation fields inspection, reverse lookup domain probe, raw packet regexp matching, malleable C2 profiles traffic validation, and work (or not) hours rule. Custom rules may be easily added.
The tool also supports the following protocols: HTTP(s) for web infrastructure, DNS for DNS tunnels, and raw TCP (with or without tls) and UDP for custom protocols. Custom protocols may be easily added.
Installation is simple - just download the latest release, unzip it, edit the config file, and you're ready to go. If you want to build it from source, install goreleaser and run the command 'goreleaser release --clean --snapshot'.
In conclusion, BounceBack is a powerful reverse proxy and WAF tool designed to protect C2/phishing/etc infrastructure from illegitimate visitors. It comes with a number of features and supports a variety of filters and protocols. Installation is simple and custom rules and protocols may be easily added.
👉🏽 BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. 👉🏽 BounceBack: a reverse proxy and WAF tool to hide C2/phishing infrastructure from blue teams. 👉🏽 Protect against sandboxes, scanners, and illegitimate visitors using real-time traffic analysis. 👉🏽 Customizable tool with preconfigured lists of blocked words and IP addresses. 👉🏽 Features include boolean-based rules, blacklist of IPv4 pools, and domain fronting support. 👉🏽 Supports multiple proxies and verbose logging for easy tracking of requests and events. 👉🏽 Available filters include IP geolocation, reverse domain lookup, and C2 profile parsing. 👉🏽 Works with HTTP(s), DNS, raw TCP, and UDP protocols, with space to add custom protocols. 👉🏽 Simple installation process: download, unzip, edit config file, and quick to go. 👉🏽 Powerful defense against phishing and C2 attacks with the ability to add custom rules. 👉🏽 Overall, BounceBack secures infrastructure, supports various filters and protocols, and is easy to install.
🔗 source link: https://github.com/D00Movenok/BounceBack
🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/d00movenokbounceback
#BounceBack #ReverseProxy #WAF #InfrastructureProtection #Customizable