1.7 KiB
T1090 - Connection Proxy
Description from ATT&CK
A connection proxy is used to direct network traffic between systems or act as an intermediary for network communications. Many tools exist that enable traffic redirection through proxies or port redirection, including [HTRAN](https://attack.mitre.org/software/S0040), ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools)The definition of a proxy can also be expanded out to encompass trust relationships between networks in peer-to-peer, mesh, or trusted connections between networks consisting of hosts or systems that regularly communicate with each other.
The network may be within a single organization or across organizations with trust relationships. Adversaries could use these types of relationships to manage command and control communications, to reduce the number of simultaneous outbound network connections, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion.
Atomic Tests
Atomic Test #1 - Connection Proxy
Enable traffic redirection.
To undo changes made by this test: unset http_proxy unset https_proxy
Note that this test may conflict with pre-existing system configuration.
Supported Platforms: macOS, Linux
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| proxy_server | Proxy server URL (host:port) | url | 127.0.0.1:8080 |
| proxy_scheme | Protocol to proxy (http or https) | string | http |
Run it with sh!
export #{proxy_scheme}_proxy=#{proxy_server}