XFLTReaT is an open-source Python based tunnelling framework that helps you to create a tunnel between two (or more) computers on different channels/protocols. Although the name of the project correlates with the word “exfiltrate”, the framework is more about tunnelling than exfiltration. The main use-case for it is to create a full Internet Protocols v4 (IPv4) based tunnel between the end points, that can be used as a communications channel to send IP packets back and forth.
The tool is built on the client-server architecture, so at least two computers are needed to set up the environment. The server side can offer different protocols that can be used for tunnelling. The client chooses a protocol that is offered by the server and available on the client network (for example: allowed on the firewall or not restricted by an active network device), and attempts to create a communications channel or tunnel with the server. If the process succeeds, the specified protocols will be used to tunnel data over the network.
+ SOCKS v4, 4a, 5
+ HTTP CONNECT
+ SCTP (by Darren Martyn @info_dox)
+ DNS (A/CNAME, PRIVATE, NULL) – Proof of Concept
+ RDP (Windows only)
If you want to:
– get unrestricted Internet access from restricted networks
– exfiltrate data over a noisy side channel
– use a custom protocol to tunnel data
Then this could be your ultimate tool.
Dependencies and OS Support Platform:
+ Python 2.7.x
+ All Operating System Support
Use and Download:
git clone https://github.com/earthquake/XFLTReaT && cd XFLTReaT
git checkout next-version
pip install -r requirements_linux.txt (linux)
pip install -r requirements_mac.txt (MacOS)
pip install -r requirements_win.txt (windows)
python xfltreat.py --server
The tool is not yet production grade, edge cases (and not that edge cases) are might not handled very well. There can be security issues in the code that has not been fixed. In case you manage to identify any, please contact me in private or create an issue on the Github page. Mail: xfltreat at rycon.hu