Article Excerpt
BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc.
property | value |
tags | c2,github-repo,offensive-tradecraft,tradecraft-tool |
url | |
original_word_count | 423 |
Long Summary
BounceBack is a powerful reverse proxy and WAF (Web Application Firewall) tool designed to hide C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It comes with preconfigured lists of blocked words, blocked and allowed IP addresses, and is highly configurable and customizable. It uses real-time traffic analysis through various filters and their combinations to protect against illegitimate visitors.
The tool has a number of features, such as a boolean-based concatenation of rules to hide infrastructure, an extendable project structure, a massive blacklist of IPv4 pools and ranges, a malleable C2 profile parser, domain fronting support, IP geolocation/reverse lookup data, and the ability to check the IPv4 address of requests against specified regular expressions. It also supports multiple proxies with different filter pipelines at one BounceBack instance, and verbose logging to keep track of all incoming requests and events.
BounceBack currently supports the following filters: boolean-based rules combinations, IP and subnet analysis, IP geolocation fields inspection, reverse lookup domain probe, raw packet regexp matching, malleable C2 profiles traffic validation, and work (or not) hours rule. Custom rules may be easily added.
The tool also supports the following protocols: HTTP(s) for web infrastructure, DNS for DNS tunnels, and raw TCP (with or without tls) and UDP for custom protocols. Custom protocols may be easily added.
Installation is simple - just download the latest release, unzip it, edit the config file, and you're ready to go. If you want to build it from source, install goreleaser and run the command 'goreleaser release --clean --snapshot'.
In conclusion, BounceBack is a powerful reverse proxy and WAF tool designed to protect C2/phishing/etc infrastructure from illegitimate visitors. It comes with a number of features and supports a variety of filters and protocols. Installation is simple and custom rules and protocols may be easily added.
Short Summary
š D00Movenok/BounceBack
šš½ BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. šš½ BounceBack: a reverse proxy and WAF tool to hide C2/phishing infrastructure from blue teams. šš½ Protect against sandboxes, scanners, and illegitimate visitors using real-time traffic analysis. šš½ Customizable tool with preconfigured lists of blocked words and IP addresses. šš½ Features include boolean-based rules, blacklist of IPv4 pools, and domain fronting support. šš½ Supports multiple proxies and verbose logging for easy tracking of requests and events. šš½ Available filters include IP geolocation, reverse domain lookup, and C2 profile parsing. šš½ Works with HTTP(s), DNS, raw TCP, and UDP protocols, with space to add custom protocols. šš½ Simple installation process: download, unzip, edit config file, and quick to go. šš½ Powerful defense against phishing and C2 attacks with the ability to add custom rules. šš½ Overall, BounceBack secures infrastructure, supports various filters and protocols, and is easy to install.
š source link: https://github.com/D00Movenok/BounceBack
š summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/d00movenokbounceback
#BounceBack #ReverseProxy #WAF #InfrastructureProtection #Customizable
