Route WG device logs to Sliver log file, enable verbose via config#2262
Open
whitebyte0 wants to merge 9 commits into
Open
Route WG device logs to Sliver log file, enable verbose via config#2262whitebyte0 wants to merge 9 commits into
whitebyte0 wants to merge 9 commits into
Conversation
Stores the gVisor virtual network (tNet) globally and starts a TCP forwarder at WG startup: 100.64.0.1:9100 → 127.0.0.1:9100. This allows the C implant's sniffer module to stream captured packets to a collector running on localhost via the WG tunnel. The forwarder is plain io.Copy in both directions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Collaborator
|
we probably need the forwarder to have a configurable host/port |
Author
|
Yes this was hardcoded test commit, I should not push that on this branch . |
New command: tcp-fwd --wg-port 9100 --local 127.0.0.1:9100
Forwards TCP from gVisor virtual network port to local address.
Any implant can reach it through 100.64.0.1:<port>.
Full Sliver job integration:
- Shows in 'jobs' listing
- Killable with 'jobs -k <id>'
- Persists across server restarts (DB)
- Auto-restores on server boot
Implementation:
- Protobuf: TCPFwdListenerReq message, StartTCPFwdListener RPC
- Server: StartTCPFwdListenerJob in c2/jobs.go, RPC handler
- Client: tcp-fwd command with --wg-port and --local flags
- DB: TcpFwdListener model with WGPort + LocalAddr
- Forwarder: semaphore (32 max), recoverAndLogPanic, TCP keepalive,
OpError handling — matches project conventions
Author
|
I did integration, but still testing, I will notify when I finish testing process. Also let me describe the goal.
|
Author
|
Tests passed. Branch is ready to merge. |
Author
|
I forgot to mention, this is only useful if the implant uses wireguard, so need to forward traffic out of the isolated wireguard network, without breaking the network isolation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Details
WG device logs were hardcoded to LogLevelSilent, making it impossible
to debug WireGuard peer/handshake issues on the server side.