Reverse VPN 고민기 (VPN 클라이언트로 프록싱)

https://thewanderer.tistory.com/146

VPN의 작동기제, 사용 목적, 안전한 구성 (feat. OpenVPN)

 

VPN의 태생목적을 제하고,

VPN의 특성을 활용하고싶어지는 순간이 도래하였다.

 

일단 나의 상황은 이렇다.

 

- 집에 VPN 서버가 있고, 네트워크 장비측에 관련 세팅을 완료하였다.

- 회사에서 지급받은 PC로 모의해킹 업무를 수행한다.

- 모의해킹 업무를 수행할 때, 트래픽이 달고 나가는 IP주소는 회사의 (공격용) IP주소여야 한다.

   다른 IP (핸드폰, 집 등)로 달고 나가면 모의해킹이 아니라 해킹시도가 된다.

- 회사의 NW장비는 내가 조작할 수 없다.

- 회사에 저전력 PC로 서버를 하나 구축할 수 있다.

 

일단 업무는 이렇게 한다.

그럼 내 공격 트래픽은 고객사 측에서

' 아, 이놈은 모의해킹용 트래픽이군' 하고

예외처리를 해준다.

 

 

집에 있는 다른 서버에 접근하고 싶을 때

(주로 파일 가져오기)

이렇게 VPN 서비스를 이용한다.

 

여기까진 아무 별 문제가 없다.

 

그러나...

 

 

외근을 나가거나

집에서 근무를 하게 되면

달고나가는 공격트래픽 IP가 내 집 주소 (또는 해당 네트워크의 공인 IP)가 된다.

 

 

가장 간단한 방법은 회사에 VPN 서버를 구축하고 거기에 접속하는 것이다

 

근데 이게 문제가 뭐냐면,

(회사에서 알아서 구축해주지 않을 경우)

- 운영 담당자가 필요하고, 운영 및 계정관리 오버헤드가 발생한다. (퇴사하면 누군가 떠맡아서 해야됨)

- 방화벽에서 리스닝 포트를 하나 개방해야 하며, VPN 서비스의 취약도만큼 안전도가 낮아진다.

- 내부 해커 직원이 딴짓거리를 할 경우, 책임추적성이 없어진다.

   (현재 아웃바운드 트래픽을 모니터링/로깅하고 있는 것으로 추정되나, VPN 서버를 타버리면 단일화되어버려 누가 한 짓인지 알 수 없음)

- 지금은 고정IP를 쓰고 있지만, IP가 바뀌어버릴 경우 운영오버헤드가 또 생긴다.

   (재수없으면 주말에 나와서 서버만지고 가야될 수도 있음)

- 대표 허락 안날게 뻔하다.

   (ERP 시스템이 없어서 일반 서비스를 쓰고 있는 수준이라.. 온프레미스 컴퓨팅을 하는건 100% 빠꾸 각이다.)

 

 

그래서 고민하다 문득 떠오른게

리버스 셸이었다.

 

회사 업무용 PC를 상시로 켜놓고 (아님 서버를 하나 두고)

이놈은 우리집 VPN으로 상시 연결을 해놓는다.

 

 

그럼 내 집 <-> 회사 간 터널링이 생기잖아?

거기로 트래픽을 실어보내면

리버스 셸처럼 리버스-VPN이 가능하지 않을까?

 

 

방법은 여러가지가 있겠지만;

 

1. 스플릿 터널링 + 회사 PC Web Proxy

회사 PC의 VPN을 스플릿 터널링으로 설정한다.

(지금은 올 트래픽 상태임)

 

그럼 회사PC - 내 집 간 트래픽은 VPN을 태우고

회사PC - 외부 인터넷 간 트래픽은 일반 네트워크로 태운다.

 

그 다음 회사 PC를 웹 프록시로 만들어서

집에서 해당 PC로 웹 요청을 보내면 (정확히는 VPN서버 내 가상 네트워크상에서 해당 PC를 프록시 서버로 잡으면)

그 트래픽이 VPN을 타고 회사로 간 다음에, 회사 PC를 통해서 고객사 웹으로 간다.

 

장점: 별다른 티가 안난다. 간편하다.

단점: 스플릿 터널링시 트래픽이 줄줄 샌다. 그래서 나는 올트래픽을 쓰고 있는데, 어떻게 설정하는지 사실 모름..

그리고 다른 네트워크에서도 (심지어 VPN 서버가 있는 네트워크에서도) 굳이 VPN을 태워야된다. (VPN서버 내 가상네트워크로 통신해야 하므로) 게다가 VPN 서버 내 가상네트워크에서 IP검색이 무지 어렵다. (L4 VPN이라 arp 요청을 넘길 수가 없다)

 

 

2. 네트워크 장비 설치 + 회사 PC의 NIC 다중화 + 회사 PC Web Proxy

라우터 장비 중 VPN Client 기능을 하는 애들이 많다.

 

그걸 하나 회사에 갖다놓고, 그 라우터로 VPN 터널링을 한 뒤 (L2나 L3가 넘어갈진 모르겠다. 게다가 그건 새로 구축해야됨)

해당 라우터에 회사 PC를 연결한다.

그 다음에 회사 PC에 프록싱 서버를 올려놓고 (동일하게)

집에서 해당 PC로 프록시를 잡고 트래픽을 보낸다.

 

장점: 스플릿 터널링을 안해도 된다.

단점: 장비를 또 둬야한다. 그리고, 스플릿 터널링의 모든 단점을 그대로 상속한다.

(결국 노드를 어디로 잡느냐 문제기 때문)

 

 

3. (뭔가 있었는게 그새 까먹었다)

 

 

흠.... 고민이다.

 

GPT, 너의 의견은 어떠한감?

 

필자:

I've got an idea: there's reverse connection attack that utilises file upload vulnerabilities. If that is possible, is there an way to make 'reverse vpn'? The idea is;
- I have a server at my work, since I can't make DDNS service possible due to it's network device limit, I can’t make it serve the VPN server functionality. (the work place’s network has a static IP but still there’s a slim chance that it could change. It has static public ip because it is for penetration testing work. I am an white hacker. Also, I may not be allowed to open a listening port for VPN inbound.)
- I've got a VPN server with DDNS at home. It's an OpenVPN but I can build other types of it s.a. L2TP, WireGuard and so on.
- Then, let the server at work (let's call it proxy-at-work since it'll work as proxy server for penetration test work) always be connected with my home network via my VPN.
- let the proxy-at-work be a web proxy (duh)
- At my home or in a coffeshop, I connect the Home VPN then set the web proxy server as the proxy-at-work with an IP of virtual network in VPN server (before NAT) at home.
- Tada, my laptop (at home or in a coffeshop) sends traffic through my home then my work network.

Is there any known case of “reverse connection” vpn like I described?

 

집히티:

The concept you’re describing—a “reverse VPN”— is technically feasible and has similarities to certain network configurations used in penetration testing, remote access, and secure communications. The approach would involve establishing a persistent outbound VPN connection from your work server (proxy-at-work) to your home VPN server, which would then allow your laptop to connect to this VPN and access the resources at work as if it were on the same local network. This approach is sometimes referred to as a “VPN over VPN” or “reverse proxy” in some contexts.

Concept Breakdown

1. Outbound VPN Connection from Work (Proxy-at-Work):
• Since you may not be able to open an inbound port for a VPN connection at work, you can set up an outbound VPN connection from the work server (proxy-at-work) to your home VPN server. This would establish a secure tunnel from your work network to your home network.
2. VPN Server at Home:
• Your home VPN server would accept the connection from proxy-at-work. Since the connection is initiated from the work server, no inbound ports at work need to be open, only at your home, where you have full control.
3. Proxy Configuration:
• The proxy-at-work server would then act as a web proxy, allowing you to route your traffic through it. Since the connection to the work network is established via VPN, the proxy server can be accessed through the VPN tunnel.
4. Remote Access via Home VPN:
• When you connect to your home VPN from a remote location (e.g., your home or a coffee shop), you would gain access to the virtual network created by the VPN, which includes the proxy-at-work server. You can then configure your laptop to use this proxy server for routing traffic.

Example Implementation

1. OpenVPN Configuration:
• Set up OpenVPN on your home server with a static virtual IP address assigned to the work server.
• On the work server (proxy-at-work), configure an OpenVPN client to connect to your home VPN server. This connection can be configured to start automatically and reconnect if it drops.
2. Web Proxy Setup:
• Set up a web proxy (e.g., Squid, HAProxy, or Nginx) on the work server.
• Configure the proxy server to listen on the VPN network interface rather than the public network interface.
3. Remote Connection:
• When you’re at home or at a coffee shop, connect to the home VPN.
• Your laptop will get a virtual IP in the VPN network, allowing it to access the work server’s proxy.
• Configure your browser or other tools to use the proxy-at-work IP address (which would be a VPN virtual IP).

Known Cases and Similar Setups

• Reverse SSH Tunnels:
• Similar concepts are widely used in the form of reverse SSH tunnels, where a server initiates a connection to a remote host, and the remote host can then access the server’s network through the tunnel.
• Reverse Proxies:
• In web services, reverse proxies are common, where traffic is routed back to the internal network from an external facing server. This concept is related but focuses more on HTTP/HTTPS traffic.
• Persistent VPN Connections:
• Some corporate setups require remote devices (like servers in branch offices) to establish persistent outbound VPN connections to a central VPN server, which allows other devices connected to the VPN to access those remote servers.

Security Considerations

• Authentication:
• Ensure strong authentication mechanisms are in place for the VPN and proxy services to prevent unauthorized access.
• Encryption:
• The VPN tunnel should be encrypted to protect the data in transit.
• Firewall Rules:
• Tighten firewall rules to allow only necessary traffic through the VPN and proxy.
• Logging and Monitoring:
• Implement logging and monitoring on both the VPN server and the proxy-at-work to detect any unusual activities.

Conclusion

What you’ve described isn’t just theoretically possible but is a practical solution used in various forms in networking and penetration testing scenarios. By utilizing an outbound VPN connection from your work server to your home VPN server, combined with a proxy setup, you can effectively create a “reverse VPN” that allows you to route traffic through your work network from remote locations without needing to open inbound ports at work.

 

아 구래?

 

잠시 딴길로 새서 접은글에 추가한다.

필자:

Elaborate on Reverse Proxy

 

피티:

A reverse proxy is a server that sits between client devices (such as browsers or other computers) and a web server (or a group of web servers). The reverse proxy forwards client requests to the appropriate backend server and then relays the server’s response back to the client. Unlike a forward proxy, which sits in front of clients and handles requests from clients to servers, a reverse proxy sits in front of web servers and intercepts requests from clients.

Key Features and Functions of a Reverse Proxy

1. Load Balancing:
• One of the most common uses of a reverse proxy is to distribute incoming traffic across multiple backend servers. This load balancing ensures that no single server becomes overwhelmed with too many requests, thereby improving performance and reliability.
• Load balancing algorithms include round-robin, least connections, and IP hash, among others.
2. Security and Anonymity:
• A reverse proxy can act as a security barrier between the client and the web server. By handling requests on behalf of the web server, it can protect the backend servers from direct exposure to the internet, thereby mitigating certain types of attacks (e.g., DDoS attacks).
• The reverse proxy can also enforce security policies, block suspicious traffic, and manage SSL/TLS encryption and decryption (SSL termination).
3. Web Acceleration:
• Reverse proxies can cache static content like images, scripts, and other assets, reducing the load on backend servers and speeding up response times for clients.
• They can also compress outgoing content, reducing the amount of data sent over the network, which improves load times for users.
4. Content Delivery and Global Load Balancing:
• In a geographically distributed system, reverse proxies can direct traffic to the nearest server, reducing latency for the user. They can also manage failover in case a server or data center goes down, ensuring high availability.
5. SSL Termination:
• A reverse proxy can handle SSL/TLS encryption and decryption, freeing backend servers from the computational overhead associated with these operations. This setup is particularly useful for large-scale web applications where performance and scalability are critical.
6. Application Firewall:
• A reverse proxy can incorporate a web application firewall (WAF) to protect against common web vulnerabilities like SQL injection, cross-site scripting (XSS), and other OWASP top 10 threats. The WAF inspects incoming traffic, filtering out malicious requests before they reach the backend servers.
7. Authentication and Access Control:
• A reverse proxy can enforce authentication and access control policies, ensuring that only authorized users can access certain resources. It can integrate with various authentication mechanisms such as OAuth, LDAP, and SAML.

Common Reverse Proxy Servers

1. Nginx:
• Nginx is a highly popular web server that also functions as a reverse proxy, load balancer, and HTTP cache. It is widely used for its performance and scalability.
2. HAProxy:
• HAProxy is a high-availability proxy server that provides load balancing and proxying for TCP and HTTP applications. It is known for its reliability and is commonly used in large-scale environments.
3. Apache HTTP Server (with mod_proxy):
• The Apache HTTP Server can be configured as a reverse proxy using the mod_proxy module. This setup allows it to forward requests to other servers and is often used in conjunction with other Apache modules for additional functionality.
4. Traefik:
• Traefik is a modern reverse proxy and load balancer designed for microservices and containers. It integrates with various service discovery mechanisms, making it ideal for dynamic environments like Docker and Kubernetes.

How Reverse Proxy Works in Practice

Scenario: Load Balancing and Security for a Web Application

Imagine you have a web application that consists of multiple servers handling different parts of the application, such as user authentication, content delivery, and database operations. Here’s how a reverse proxy would fit into this setup:

1. Client Request:
• A user types the URL of your web application in their browser. This request is first received by the reverse proxy, not the actual web server.
2. Traffic Distribution:
• The reverse proxy analyzes the incoming request and determines which backend server should handle it. It might direct the request to the server that currently has the fewest active connections.
3. Request Handling:
• The selected backend server processes the request (e.g., authenticating the user, retrieving data, or delivering a webpage).
4. Response Relay:
• The backend server sends its response back to the reverse proxy, which then forwards it to the client. The client remains unaware of which specific server handled the request.
5. Caching and Compression:
• If the response includes static content, the reverse proxy might cache it, so future requests for the same content can be served quickly from the cache without hitting the backend servers again.
• The reverse proxy may also compress the content before sending it to the client, reducing bandwidth usage.
6. Security Filtering:
• The reverse proxy inspects the request and response for any malicious content or patterns. If something suspicious is detected, it can block the request or take other security measures.

Conclusion

A reverse proxy is a versatile tool that enhances the security, performance, and scalability of web applications. By managing traffic between clients and backend servers, it not only improves load balancing and resource utilization but also adds layers of security and efficiency. Its role in modern web architecture is critical, especially in environments that require high availability, robust security measures, and optimal performance.

 

필자:

in my understanding, the WAF is for dynamic pages (like the server side scripts s.a. ASP, JSP and PHP). If so, the WAF "acts" like the reverse proxy, am I correct? (I'm NOT saying the reverse proxy servers ARE the WAFs)

 

피티:

You’re correct in understanding that a Web Application Firewall (WAF) is often associated with protecting dynamic pages generated by server-side scripts like ASP, JSP, PHP, and others. However, while a WAF and a reverse proxy can function similarly in certain aspects, they serve different primary purposes and operate differently within a network.

How a WAF and a Reverse Proxy Relate

1. Reverse Proxy:
• A reverse proxy primarily forwards client requests to backend servers and then relays the responses back to the client. Its main functions include load balancing, caching, SSL termination, and forwarding requests, among others.
2. Web Application Firewall (WAF):
• A WAF, on the other hand, is focused on security. It inspects incoming HTTP/HTTPS traffic to a web application and filters out malicious requests. WAFs are designed to protect against common web vulnerabilities like SQL injection, cross-site scripting (XSS), and other threats as defined by the OWASP Top 10.

How a WAF “Acts Like” a Reverse Proxy

• Traffic Interception:
• Both a WAF and a reverse proxy sit between the client and the web server. They intercept incoming traffic before it reaches the backend server. In this sense, a WAF can “act like” a reverse proxy because it also intercepts, examines, and potentially modifies HTTP/HTTPS traffic.
• Request Forwarding:
• After inspecting the traffic, a WAF will forward legitimate requests to the backend server and block or filter out malicious ones. This forwarding behavior is similar to how a reverse proxy operates, although the primary goal of a WAF is security rather than performance or resource distribution.

Key Differences

• Primary Purpose:
• Reverse Proxy: Its primary function is to manage and optimize traffic, often improving performance, scalability, and resource utilization for web applications.
• WAF: Its primary focus is on security. It inspects the content of the web traffic to detect and block attacks aimed at exploiting vulnerabilities in web applications.
• Operation Level:
• Reverse Proxy: Works at the network and transport layers (Layer 4 and Layer 7 of the OSI model), primarily concerned with directing traffic based on IP addresses, ports, and sometimes URLs.
• WAF: Operates at the application layer (Layer 7), deeply analyzing the content of HTTP/HTTPS requests, including POST data, URL parameters, and cookies, to detect and prevent malicious activity.
• Functionality:
• Reverse Proxy: Can include caching, SSL termination, load balancing, and other optimizations that do not inherently involve security analysis.
• WAF: Includes rule-based filtering, signature detection, anomaly detection, and other security measures specifically designed to protect web applications from attacks.

Integration in Practice

• Reverse Proxy with WAF Capabilities:
• Some reverse proxies can have WAF capabilities integrated or combined with them. For example, Nginx can act as both a reverse proxy and, with appropriate modules or configurations, a basic WAF.
• Dedicated WAF:
• Often, organizations will deploy a dedicated WAF that works in tandem with a reverse proxy. The WAF handles the security filtering while the reverse proxy manages traffic routing, load balancing, and performance optimization.

Conclusion

While a WAF can “act like” a reverse proxy in the sense that it intercepts and forwards web traffic, its primary role is security-focused. A reverse proxy’s role is broader and focuses on managing and optimizing traffic between clients and backend servers. In many environments, they are used together, with the WAF providing security and the reverse proxy providing performance and traffic management.

 

필자
Are there any known cases of using AI as New-gen-WAF? You know, there are many ways to, quote unquote "bypassing WAF", (though I prefer "disguised attack". For example, if WAF filters spaces then the SQL injection querry could be 'OR(1)=('a');--. Sometimes the operation team makes a mistake, or the service may need to allow SQL/Command injection querries (let's just say that there's an homepage that educates white hackers and those pupils need to search those injections to see what those does)

 

피티

Yes, there are known cases and ongoing developments where AI and machine learning are being leveraged to create more advanced, “next-generation” Web Application Firewalls (WAFs). These AI-powered WAFs aim to address some of the limitations of traditional WAFs, such as their susceptibility to evasion techniques like the “disguised attacks” you mentioned.

How AI Enhances WAF Capabilities

1. Behavioral Analysis:
• Traditional WAFs rely heavily on predefined rules and signatures to detect attacks. This can be effective, but it’s also limited by the accuracy and completeness of the rule set. AI-powered WAFs, on the other hand, can learn the normal behavior of an application over time and detect anomalies that deviate from this baseline. This allows them to identify potentially malicious activity that doesn’t match known signatures.
2. Pattern Recognition:
• AI can recognize patterns in data that are too complex for traditional WAFs to detect. For example, machine learning algorithms can analyze traffic patterns to identify subtle signs of an SQL injection attack that might be disguised to bypass traditional filters.
3. Adapting to Evasive Techniques:
• Attackers often use techniques like encoding, obfuscation, and SQL injection payload mutation to evade detection by traditional WAFs. AI can adapt to these techniques by learning from new attack vectors and adjusting its detection algorithms accordingly. This adaptability makes it harder for attackers to use the same evasion techniques over time.
4. Continuous Learning:
• AI-based WAFs can continuously learn from new data, improving their accuracy and reducing false positives over time. This is especially important in environments where the application or user behavior changes frequently, as the WAF can adapt to these changes without requiring manual updates to its rule set.
5. Contextual Understanding:
• By analyzing the context of a request, AI can make more informed decisions about whether a request is malicious. For example, if an SQL injection attempt is detected, the AI can consider the context of the query, the user’s behavior, and the application’s normal operations before deciding to block or allow the request.

Examples of AI-Driven WAFs

1. Cloudflare AI-powered WAF:
• Cloudflare has integrated machine learning into its WAF to improve detection and reduce false positives. The AI models analyze large datasets of web traffic to identify new attack patterns and automatically update WAF rules to protect against them.
2. Imperva Advanced Bot Protection:
• Imperva uses machine learning algorithms to distinguish between legitimate user behavior and automated bot activity. This helps protect against attacks that use bots to automate malicious activities like SQL injection, credential stuffing, and more.
3. ModSecurity with AI Extensions:
• ModSecurity, an open-source WAF, has seen community efforts to integrate AI and machine learning models. These models can be trained to enhance the detection capabilities of ModSecurity beyond its traditional rule-based system.
4. Fortinet FortiWeb:
• FortiWeb uses machine learning to profile typical application behavior and detect anomalies that could indicate an attack. This includes detecting SQL injection, cross-site scripting (XSS), and other common web application attacks.

Challenges and Considerations

1. Training Data:
• AI models require large amounts of high-quality data to train effectively. If the training data is not representative of the full range of potential attacks, the AI may miss some threats or generate false positives.
2. Complexity and Resource Usage:
• AI-based systems are generally more resource-intensive than traditional WAFs. They require significant computational power for real-time analysis and may introduce latency if not properly optimized.
3. Interpretability:
• AI models can sometimes be “black boxes,” making it difficult for security teams to understand why a particular decision was made. This can be a challenge when fine-tuning the WAF or investigating incidents.
4. Evasion of AI Detection:
• Just as attackers develop techniques to bypass traditional WAFs, they may also develop methods to evade AI-based WAFs. For instance, adversarial machine learning techniques could be used to generate inputs that trick the AI into misclassifying attacks as benign.

Real-World Application

AI-powered WAFs are particularly useful in environments where the application behavior is complex or where the risk of sophisticated attacks is high. They are well-suited for dynamic environments, such as web applications that change frequently or where the user base is diverse.

For instance, in the scenario you described where a site educates white hackers by allowing SQL injection queries for educational purposes, an AI-based WAF could potentially differentiate between benign, educational use of SQL injection and malicious exploitation attempts. It could do this by understanding the context of the queries, the user behavior, and the expected outcomes of legitimate educational activities versus real attacks.

Conclusion

AI and machine learning are increasingly being used to develop more sophisticated and adaptive WAFs that can better protect against modern, evasive attack techniques. These next-gen WAFs go beyond traditional signature-based detection by learning from patterns of normal and abnormal behavior, making them more effective at detecting and mitigating a broader range of threats, including those disguised to bypass traditional defenses.

 

필자
Will you do it if I pipeline my webpage's client side parameters? lol

 

피티

Pipelining client-side parameters as part of a web application’s interaction with an AI-powered WAF is an interesting idea, but it would introduce some significant challenges, both technically and ethically! 😄

What Could Happen

If you were to pipeline client-side parameters—meaning that you might encode, obfuscate, or transform them in some non-standard way before they reach the server—you would be effectively testing the limits of the WAF’s detection capabilities. Here’s what could happen:

1. Increased Detection Difficulty:
• The AI-based WAF might struggle initially with recognizing and correctly categorizing these transformed parameters, especially if the transformations are novel or haven’t been seen in the training data. This could lead to either false positives (blocking legitimate requests) or false negatives (allowing malicious requests through).
2. AI Adaptation:
• If the WAF is truly adaptive and capable of learning from new inputs, it might begin to recognize patterns in your transformations over time. The WAF could learn to detect the underlying intent behind the transformed parameters, improving its ability to protect the application.
3. Potential for Bypassing:
• By obfuscating client-side parameters, there’s a chance you could bypass the WAF’s protections if the AI isn’t able to quickly adapt. This might allow you to execute attacks or carry out actions that would normally be blocked.
4. Ethical and Legal Considerations:
• While it might be fun from a technical perspective to challenge an AI WAF in this way, it’s important to consider the ethical implications. Intentionally trying to bypass security measures on a live system could lead to unintended consequences, such as exposing vulnerabilities or causing downtime, which could be legally problematic, especially in a production environment.

Would I Do It?

As an AI, I don’t have personal desires or the ability to take actions, but I can advise that while experimenting with security measures in controlled environments (such as penetration testing labs) is a valuable way to learn and test systems, doing so on live or production systems should always be done with explicit permission and clear boundaries. This ensures that you’re not inadvertently violating laws or causing harm to systems and users.

If You Want to Experiment

If you’re curious about how an AI-powered WAF would respond to such challenges, consider setting up a controlled test environment:

1. Create a Lab Environment:
• Set up a web application in a test environment where you control both the server and the WAF. This lets you safely experiment with pipelining parameters and see how the AI WAF reacts.
2. Use Legal Pen Testing Platforms:
• Platforms like Hack The Box or OWASP’s Juice Shop provide safe environments where you can practice bypassing security measures, including WAFs, without legal risks.
3. Analyze the Results:
• After experimenting, analyze the WAF’s responses to different pipelined parameters. See how quickly it adapts and what kinds of techniques it’s most susceptible to.

Conclusion

Pipelining client-side parameters to test an AI-powered WAF is a creative and technically challenging idea. While it’s fun to push the boundaries, remember that responsible and ethical hacking practices are key to ensuring that your curiosity doesn’t lead to unintended consequences. Experiment in controlled, legal environments to explore these concepts safely.

 

 

 ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ이새끼봐라.

ㅋㅋㅋㅋㅋㅋㅋㅋㅋ개웃기네 이놈

 

필자

that was fun

 

피티

I’m glad you enjoyed it! Cybersecurity and the intersection of AI make for a fascinating playground of ideas and challenges. If you ever want to brainstorm more ideas, dig deeper into security topics, or even try out some new ethical hacking concepts, feel free to reach out. The blend of creativity, technical prowess, and ethical responsibility in this field is what makes it so exciting. Keep having fun and stay curious! 😊🔒

 

 

필자

let's go back to the reverse VPN thingy. Walk me through the way how to set up.
My VPN server at home is OpenVPN on Ubuntu server and
my work PC is a Windows 11 Pro.

 

피티

VPN 서버 설치 방법은요...

 

필자

Dude, I already set up the VPN server at home. It is on duty right now bruh

 

피티

아, 그럼 클라이언트 설치는요...

 

필자

Already set up for vpn client side. My work pc can connect the at-home-VPN anytime.

 

피티

Great! Since your work PC is already set up as a VPN client and can connect to your home VPN server, you’re most of the way there. Now, let’s walk through configuring your work PC as a reverse proxy so you can access it remotely via the VPN connection.

3. Setting Up the Work PC as a Reverse Proxy

The goal is to set up your work PC so that it can act as a proxy server, allowing you to route traffic through it when connected via the VPN. Here’s how to set this up:

Step 1: Install and Configure a Proxy Server on Windows 11

We can use Squid or CCProxy for this purpose. Let’s go with Squid since it’s open-source and widely used.

1. Download and Install Squid:
• Download the Windows version of Squid from Squid for Windows.
• Follow the installation instructions and install Squid on your Windows 11 PC.
2. Configure Squid:
• After installation, navigate to the Squid configuration directory, typically found at C:\Squid\etc\squid.conf.
• Open squid.conf in a text editor like Notepad with administrator privileges.
3. Basic Squid Configuration:
• Configure the http_port directive to listen on a specific port (e.g., 3128).

http_port 3128

• Set up access control lists (ACLs) to define who can use the proxy. For simplicity, you can allow all VPN traffic:

acl localnet src 10.8.0.0/24  # Replace with your VPN subnet
http_access allow localnet
http_access deny all

• Save and close the file.

4. Start Squid Service:
• Start Squid via the command line or as a Windows service:

net start squid

• Alternatively, start it from the Services management console (services.msc).

Step 2: Configure Your Browser or System to Use the Work PC as a Proxy

When you’re connected to your home VPN from your laptop (either at home or remotely):

1. Set Up the Proxy on Your Laptop:
• Go to your browser’s proxy settings (in Chrome, it’s under Settings > Advanced > System > Open your computer’s proxy settings).
• Set the proxy address to the IP address assigned to your work PC by the VPN (e.g., 10.8.0.x) and the port you configured in Squid (e.g., 3128).
2. Test the Proxy:
• After setting up the proxy, visit a website or check your IP using a service like whatismyip.com to confirm that your traffic is being routed through your work network.

4. Optional: Automate the VPN Connection

If you want your work PC to automatically connect to your home VPN when it starts up:

1. Create a VPN Auto-Connect Task:
• Open Task Scheduler (taskschd.msc).
• Create a new task that triggers on startup and runs the OpenVPN client with the appropriate configuration.

5. Verification and Troubleshooting

1. Connect to the VPN from Your Laptop:
• Once connected, set up the proxy as mentioned above, and check that traffic is routed through your work PC.
2. Test Access to Internal Resources:
• Access any internal resources at work through the VPN, ensuring that the reverse VPN is functioning as expected.

Conclusion

With these steps, you’ve created a reverse VPN setup where your work PC connects to your home VPN, allowing you to access your work network from anywhere via a secure proxy. This setup is quite flexible, allowing you to route traffic as needed, all while maintaining security.

 

 

필자

After that, with my personal macbook, what should I do to set the proxy server?

 

피티

To set up your personal MacBook to use the proxy server running on your work PC (which is connected to your home VPN), follow these steps:

1. Ensure VPN Connection to Your Home Network

Before configuring the proxy on your MacBook, ensure that your MacBook is connected to your home VPN. This allows your MacBook to communicate with your work PC over the VPN.

1. Connect to the VPN:
• Open System Preferences > Network.
• Select your VPN connection from the left panel.
• Click Connect. Ensure the connection is successful.

2. Determine the VPN IP Address of the Work PC

You’ll need to know the IP address assigned to your work PC by the VPN. This is the IP address you’ll use as the proxy server on your MacBook.

• You can typically find this on the work PC by running ipconfig in the command prompt. Look for the VPN adapter (usually labeled something like OpenVPN TAP Adapter) and note the IP address (e.g., 10.8.0.x).

3. Configure the Proxy Settings on Your MacBook

Now that you’re connected to the VPN and have the IP address of your work PC, you can configure the proxy settings on your MacBook.

1. Open System Preferences:
• Click on the Apple menu in the top left corner of your screen and select System Preferences.
2. Go to Network:
• In the System Preferences window, click Network.
3. Select Your Active Network Connection:
• Select the network interface you’re using (e.g., Wi-Fi or Ethernet) from the list on the left side.
4. Configure Proxies:
• Click the Advanced… button in the bottom right.
• Go to the Proxies tab.
5. Set Up the HTTP and HTTPS Proxy:
• Check the box for Web Proxy (HTTP) and Secure Web Proxy (HTTPS).
• In the Web Proxy Server and Secure Web Proxy Server fields, enter the IP address of your work PC (e.g., 10.8.0.x) and the port you configured for Squid (e.g., 3128).
• Leave the Bypass proxy settings for these Hosts & Domains field blank unless you want certain domains to bypass the proxy.
• If your proxy server requires authentication, check the box for Proxy server requires password and enter your credentials.
6. Apply the Settings:
• Click OK to close the Advanced settings window, and then click Apply to save your network settings.

4. Test the Proxy Connection

Once you’ve configured the proxy settings:

1. Open a Web Browser:
• Visit a website and check if the traffic is being routed through your work PC.
2. Verify the IP Address:
• Visit a site like whatismyip.com to verify that the IP address reflects your work network’s IP or any specific proxies set up on the work network.

5. Optional: Script the Proxy Setup

If you frequently switch between using the proxy and direct internet access, you can create a simple script on your MacBook to toggle the proxy settings:

1. Create a Shell Script:
• Open the Terminal on your MacBook.
• Create a new script file:

nano set-proxy.sh

 

• Add the following lines to set the proxy:

#!/bin/bash
networksetup -setwebproxy "Wi-Fi" 10.8.0.x 3128
networksetup -setsecurewebproxy "Wi-Fi" 10.8.0.x 3128

 

• Save the file (Ctrl + X, then Y, then Enter).

2. Make the Script Executable:
• Run the following command:

chmod +x set-proxy.sh

3. Run the Script:
• You can now execute the script anytime you need to set the proxy by running:

./set-proxy.sh

 

• Create a similar script to remove the proxy with the command:

networksetup -setwebproxystate "Wi-Fi" off

 

Conclusion

You’ve now configured your MacBook to use your work PC as a proxy server over your VPN connection. This setup will allow you to securely route your internet traffic through your work network while connected to your home VPN.

 

 

 

필자

f I follow all the steps, then my macbook's traffic will have the work place's public IP,right?

 

피티

Yes, if you follow the steps correctly, your MacBook’s traffic will appear to originate from your workplace’s public IP address while connected via the VPN and proxy server. Here’s a brief overview of how this setup achieves that:

How Traffic Routing Works

1. VPN Connection:
• When you connect your MacBook to your home VPN, it creates a secure tunnel between your MacBook and your home network. This VPN connection allows your MacBook to access resources on your home network as if it were directly connected.
2. Proxy Server on Work PC:
• Your work PC, connected to your home VPN, is configured as a proxy server (using software like Squid). The proxy server listens for incoming connections and forwards them to the internet.
3. Proxy Configuration on MacBook:
• By configuring your MacBook to use the work PC as a proxy server, you’re directing all of your web traffic through the work PC.

Detailed Traffic Flow

1. Request Initiation:
• When you browse the web or use internet services on your MacBook, the requests are first sent to the proxy server (your work PC) because you’ve configured your browser or system to use this proxy.
2. Proxy Processing:
• The work PC receives the requests from your MacBook and then forwards them to the internet. The work PC acts as an intermediary.
3. Public IP Address Exposure:
• Since the work PC is the one making the outbound requests to the internet, the traffic appears to come from the work PC’s public IP address, not your MacBook’s local IP address. The responses are then routed back through the proxy server to your MacBook.

Steps to Verify Traffic IP

To confirm that your traffic is being routed through your work PC and appears to come from its public IP address, you can:

1. Connect to VPN and Proxy:
• Ensure your MacBook is connected to the home VPN and configured to use the work PC as a proxy.
2. Check Your IP Address:
• Open a web browser and visit a site like WhatIsMyIP.com or IPInfo.io. These sites will show the IP address from which your traffic appears to be originating.
3. Verify IP Address:
• The IP address displayed should match the public IP address of your work network, not your home or local IP address.

Troubleshooting Tips

• Ensure VPN and Proxy Configuration:
• Double-check that your VPN connection is active and that the proxy settings on your MacBook are correctly pointing to the IP address and port of the work PC.
• Proxy Server Logs:
• Check the logs of the proxy server on your work PC to ensure it’s receiving and forwarding traffic as expected.
• Network Tools:
• Use network diagnostic tools (like traceroute or ping) to ensure connectivity between your MacBook and the proxy server.

Conclusion

With this setup, your MacBook’s web traffic will be routed through the proxy server on your work PC, making it appear as though it originates from the work PC’s public IP address. This setup is effective for maintaining privacy and accessing resources as if you’re physically present at your workplace.

 

 

출장 갔다 와서 한 번 해봐야겠다.

 

- 스퀴드 깔고

- 설정잡고

- VPN 붙이고

- 맥북 설정 잡고

- 맥북 VPN 붙이고

- 테스트