Nytro Posted March 3, 2018 Report Posted March 3, 2018 Domain Fronting with Meterpreter Posted on November 30, 2017 Domain Fronting is a technique that is typically used for censorship evasion. It relies on popular Content Delivery Networks (CDNs) such as Amazon’s CloudFront to mask traffic origins. By changing the HTTP Host header, the CDN will happily route us to the correct server. Red Teams have been using this technique for hiding C2 traffic by using high reputation redirectors. For more information on Domain Fronting, please refer to this whitepaper Setting up CloudFront Log in to AWS, and navigate to CloudFront. You will need a domain name that you own, or acquired for free from a registrar like Freenom. Once you are logged into AWS, click Create Distribution. The Origin Domain Name will be the domain that you own. You also need to match origin protocol policy (HTTP/HTTPs), so that CloudFront routes both types of traffic to you. Under Default Cache Behavior Settings, we need to tweak a few settings so that the CDN caches as little traffic as possible. Allow all HTTP methods possible. Set Cache Based on Selected Request Headers to All. For Forward Cookies, also select All. For Query String Forwarding and Caching, select Forward all, cache based on all. Articol complet: https://bitrot.sh/post/30-11-2017-domain-fronting-with-meterpreter/ Quote
