Protecting infrastructure from cyber attacks is becoming increasingly important. Especially for C2/Phishing systems, anonymity and security are key factors to maintain operations. BounceBack β a powerful and flexible reverse proxy β is designed to meet this need. With high customization, smart filtering system and WAF integration, BounceBack is the optimal solution to protect your infrastructure from surveillance and attacks.
Join the channel Telegram belong to AnonyViet π Link π |
Introducing BounceBack
BounceBack is a powerful reverse proxy, highly customizable and flexible in configuration, integrating WAF (Web Application Firewall) function to help hide your C2/phishing infrastructure from the security team's eyes (blue). team), sandbox, scanning tools, etc. It uses real-time traffic analysis through many filters to prevent illegal access.
The tool is delivered with a list of blocked words, blocked IP addresses, and preconfigured permissions. For more information on how to use the tool, you can visit the project's wiki below:
See more: De digger: Tool to find other people's files on Google Drive
Outstanding features of BounceBack
BounceBack possesses many superior features to help protect your infrastructure effectively:
- Highly customizable and flexible filtering system: With the ability to combine boolean-based rules (and, or, not), BounceBack can hide your infrastructure from even the most critical eyes of your security team. .
- Easily extensible project structure: Everyone can add their own C2 rules, increasing flexibility and customization.
- Massive IP blacklist integration: This list includes IP ranges and IPv4 pools known to be relevant to IT security vendors, combined with IP filtering to prevent them from using/downgrading attacks. your floor.
- Malleable C2 Configuration Analyzer: BounceBack can validate incoming HTTP(s) traffic against Malleable configuration and reject invalid packets.
- Domain Fronting support: This feature helps you hide your infrastructure more effectively.
- Check IP geolocation: BounceBack can check the request's IPv4 address against IP geo/reverse lookup data and compare it with specified regular expressions to rule out connections from Outside companies, countries, cities, domains, etc. are allowed.
- Uptime Filter: All incoming requests can be allowed/disallowed for any time period, so you can configure uptime filters.
- Multiple proxy support: BounceBack supports multiple proxies with different filtering pipelines on the same instance.
- Detailed logging mechanism: Allows you to track all incoming requests and events to analyze security team behavior and debug incidents.
Mechanism of action of the rule
The main idea of ββthe rules is how BounceBack matches traffic. The tool currently supports the following rule types:
- Boolean-based rule combination (and, or, not)
- Analyze IP and subnet
- Check the IP geolocation fields
- Reverse domain lookup
- Raw package regular expression matching
- Malleable C2 configuration traffic authentication
- Working (or non-working) hour rules
- Custom Rules: Custom rules can be easily added by registering RuleBaseCreator or RuleWrapperCreator your. See the RuleBaseCreator and RuleWrapperCreator already created in the project.
You can find the rules configuration page HERE
Proxy configuration and supported protocols
The proxy section is used to configure where to listen and proxy traffic, what protocols to use, and how to bind rules together to filter traffic. Currently, BounceBack supports the following protocols:
- HTTP(s): For your web infrastructure.
- DNS: For your DNS tunnels.
- Raw TCP (with or without tls) and UDP: For custom protocols.
- Custom Protocols: Custom protocols can be easily added by registering your new type in management program. You can find examples of proxies here.
You can find the proxy configuration page at this page.
Instructions for installing BounceBack
Method 1: Install from release
Download the latest release from this page > Extract folder > Edit configuration file > Launch BounceBack.
Method 2: Install from source code
Clone the project (don't forget GitLFS) > Settings goreleaser > Run command:
goreleaser release --clean --snapshot
How to use BounceBack
Step 1 (optional): Update banned_ips.txt list:
list:bash scripts/collect_banned_ips.sh > data/banned_ips.txt
Step 2: Edit config.yml for your needs: Configure rules to match traffic, proxies to analyze traffic using rules, and global variables for in-depth rule configuration.
Step 3: Run BounceBack: ./bounceback
Command line options:
- -c, βconfig string: Path to the configuration file in YAML format (default is βconfig.ymlβ).
- -l, βlog string: Path to the log file (default is βbounceback.logβ).
- -v, βverbose count: Log details (0 = info, 1 = debug, 2+ = trace).
See more: DNS Spy: Tool to analyze DNS of any Domain
Conclusion
BounceBack is a flexible tool that helps protect C2/phishing infrastructure. With its highly customizable, flexible filtering system and support for a wide range of protocols, BounceBack is an ideal choice to enhance the security of your system.