> For the complete documentation index, see [llms.txt](https://docs.redteamleaders.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.redteamleaders.com/red-team-infrastructure/command-and-control/c2-redirectors-part.1.md). # C2 Redirectors Part.1 ## Red Team Redirectors Guide ### Introduction This guide explores the concept, implementation, and operational security benefits of using redirectors in red team engagements. Redirectors are pivotal in obscuring the point of origin of attacks, thereby shielding critical infrastructure and complicating the efforts of blue team defenders and threat hunters. ### Chapter 1: Understanding Redirectors #### 1.1 What is a Redirector? A redirector functions as a proxy that listens for incoming connections and forwards them to a specified host and port. This technique is crucial for protecting the location of your Command and Control (C2) servers by ensuring that only the redirector's IP is exposed to potential defenders. #### 1.2 Why Use Redirectors? * **OpSec Security:** Redirectors enhance operational security by masking the traffic's origin, making it harder for defenders to trace back to the C2 server. * **Flexibility:** Redirectors allow for dynamic changes in infrastructure without altering the implant or the core C2 server. * **Resilience:** If a redirector is detected and blocked, new ones can be easily set up without compromising the C2 server. ### Chapter 2: Configuring Redirectors #### 2.1 Basic Configuration Example of a simple redirector setup: * **C2 Server:** Kali Linux at 1.1.1.1 * **Redirector:** Ubuntu server at 1.1.1.2 * **Target:** Windows 11 at 1.2.2.2 **Steps:** 1. **Kali Linux (C2 Server):** * Configure the listener for the C2 agent to connect back to the redirector’s IP and designated port (e.g., 443 for HTTPS). 2. **Ubuntu (Redirector):** * Use `socat` to forward incoming traffic: ```bash sudo socat TCP4-LISTEN:443,fork TCP4:1.1.1.1:443 ``` * This command makes the Ubuntu server listen on port 443 and forward all connections to the C2 server. 3. **Target Machine:** * Execute the agent. The traffic from this machine will appear to be directed only to the redirector. #### 2.2 Advanced Techniques * **Domain Fronting:** Utilize legitimate domain names to camouflage C2 traffic. * **SSL/TLS Bumping:** Encrypt traffic between the redirector and C2 to prevent content inspection. * **Balancing Load Among Multiple Redirectors:** Use DNS round-robin or other load balancing techniques to distribute traffic among multiple redirectors. ### Chapter 3: Tools and Resources #### 3.1 Socat A versatile utility that allows for complex forwarding setups, including TCP and UDP traffic. #### 3.2 Cloudflare Configuration Leveraging Cloudflare can provide additional anonymity and security features. More details can be found in the following articles: * [Configuring Cloudflare for Redirection](https://lnkd.in/dF6in5eF) * [Advanced Redirection Techniques](https://lnkd.in/dCUBHjWP) #### 3.3 Redirect Rules An essential tool for managing complex redirector setups, allowing for flexible traffic management based on rules: * [Redirect Rules Tool](https://lnkd.in/d6QhYaDY) ### Conclusion Redirectors are a foundational element of sophisticated red team operations, providing both security and resilience to your C2 infrastructure. By effectively using redirectors, teams can maintain the upper hand in engagements by staying hidden and adaptable. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.redteamleaders.com/red-team-infrastructure/command-and-control/c2-redirectors-part.1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.