-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The project's method outdated #10
Comments
Not all NATs do this, but yes, more are port munging these days (however it's much less likely for UDP). If one of the NATs is doing this and the other isn't, you can use the birthday paradox to get a 99% chance of packet exchange in ~533 packets (actually less by if you know the port range the opposing side will use). |
I'm not too sure if it is possible to to "proxy" through CGNAT (carrier grade NAT), but its getting more and more common here in Europe, so it would be a great thing to add. |
I think the best way to f*ck any nat would be to use webrtc think about it. |
@bauen1 can you share the specific elements of CGNAT that you found are specifically difficult to bypass? |
@Zibri Agreed -- though it's less the protocols and more the fact that you can induce a browser to perform actions on behalf of the client. STUN+TURN+ICE have some useful properties that can be used to perform fun and bad things to a victim; I'll be releasing a tool shortly :) |
I'm not entirely sure what didn't work since I tested this a long time ago, but if you ping me in a few days, I should have some time to look at it again (more closely) |
What I would do is this: Example: anyone else >>> turn server port XXXX >>> connects to 10.0.0.5 port YYY contact me privately at zibri AT zibri DOT org.. so I can give you some relay servers easily :D |
what tool? |
what tool ? |
@samyk any news on this tool? :) |
Ping! |
@Gustavo6046 @master-hax @tlsalex @Zibri Sorry for the late reply, the tool was NAT Slipstreaming: https://samy.pl/slipstream/ |
Oh, that is perfectly fine, don't sweat! :) I can't wait to see how this unrolls now. |
Most NAT would change source port to another number, while by monitoring data out NAT we can watch that. So to get the real source port out NAT, we need a third server to monitor that, maybe like N2N does.
The text was updated successfully, but these errors were encountered: