Skip to content

The framework

Balazs Bucsay edited this page Dec 25, 2017 · 9 revisions

Introduction

This project is an open-source Python based tunnelling framework that helps you create a tunnel between two (or more) computer on different channels/protocols. Although the name of the project correlates with the word "exfiltrate", the framework is more about tunnelling than exfiltration. The main use-case for it is to create a full Internet Protocol (IPv4) based tunnel between the end points that can be used as a communication channel to send IP packets back and forth.

The tool is built on the client-server architecture, so at least two computers are needed to set up the environment. The server side can offer different protocols that can be used for tunnelling. The client chooses a protocol that is offered by the server and available on the client network (for example: allowed on the firewall or not restricted by an active network device), and attempts to create a communication channel or tunnel with the server. If the process succeed, the specified protocol will be used to tunnel data over the network.

What's new about this

There is nothing new about tunnelling, there are and were loads of tools on the Internet that can be used, but exactly this was the issue. Each and every tool was designed to do tunnelling over a specific protocol and that it is. In every cases there were some issues like:

  • No Portability
  • No Modularity
  • No Automation
  • No Support or it was End of Life product
  • No Documentation
  • Hard to configure

This project aims to change the landscape of tunnelling, by developing a framework that fixes these issues.

Framework

By aiming to change this, XFLTReaT works as a framework. It supports multiple protocols (not just only one) and unifies the interface for all tunnelling modules. It is possible to create new tunnel modules for protocols with ease.
The framework makes it easier for everybody who wants to do tunnelling, because:

  • It is easy to install and configure (still a basic understanding is needed)
  • The dependencies are kept low
  • Unified tunnelling interface is developed for creating modules
  • Uses only one interface for all traffic
  • Handles multiple client
  • Modular authentication support (needs some improvements)
  • Modular encryption support (will be introduced later)
  • Python based and OOP
  • Check functionality to map out the network (see below)

Modes of operation

Server

default mode, --server btw, runs all the modules enabled

Check

--check, connects to the server on each enabled modules, sends challenge, receives results, red or green

Client

--client, only one module MUST be enabled. Creates a tunnel over the enabled protocol.

Unified modul interface

Under development, see development article. Creates a skeleton for modules that is used by the framework. Variants: RDP, SSL, OOB

One interface to rule them all

it is good because easier to handle as an admin. elegant, clever.

XFLTReaT wiki pages

Clone this wiki locally