StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination

StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability to, for example, relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another server. Summed up, StreamDivert is able to:

Relay all incoming connections to a specific port to another destination. Relay incoming connections from a specific source IP to a port to another destination. Relay incoming connections to a SOCKS(4/5) server. Relay all outgoing connections to a specific port to another destination. Relay outgoing connections to a specific IP and port to another destination. Handle TCP, UDP and ICMP traffic over IPv4 and IPv6. Force redirected packets over a specific network interface.

Download Binaries

Pre-compiled binaries for StreamDivert can be downloaded here.

Usage

How do you use StreamDivert? Run the the tool with administrative privileges:

streamdivert.exe config_file [-f] [-v]

The config file contains entries for streams you want to have diverted. En example config file:

//Divert all inbound TCP connections to port 445 (SMB) coming from 10.0.1.50 to 10.0.1.49 port 445 tcp < 445 10.0.1.50 -> 10.0.1.49 445 //Divert all inbound TCP connections to port 445 (SMB) coming from 10.0.1.51 to a local SOCKS server tcp < 445 10.0.1.51 -> socks //Divert all inbound TCP connections to port 445 (SMB) coming from fe80::f477:846a:775d:d37 to fe80::20c:29ff:fe6f:88ff port 445 tcp < 445 fe80::f477:846a:775d:d37 -> fe80::20c:29ff:fe6f:88ff 445 //Divert all inbound TCP connections to port 445 (SMB) to 10.0.1.48 port 445 tcp < 445 0.0.0.0 -> 10.0.1.48 445 //Divert all inbound UDP connections to to port 53 (DNS) to 10.0.1.49 port 53 udp < 53 0.0.0.0 -> 10.0.1.49 53 //Divert all inbound ICMP packets coming from 10.0.1.50 to 10.0.1.49 icmp < 10.0.1.50 -> 10.0.1.49 //Divert all outbound TCP connections to 10.0.1.50, port 80 to 10.0.1.49 port 8080 tcp > 10.0.1.50 80 -> 10.0.1.49 8080 //Send all packets going to 10.0.1.50 port 80 and prefer interface 9 to send them. If the interface does not exist or is not up, the packets are send from the default interface. tcp > 10.0.1.50 80 -> 10.0.1.50 80 interface 9 //Force all packets going to 10.0.1.50 port 80 over interface 9, or drop the packets if the interface does not exist or is not up. tcp > 10.0.1.50 80 -> 10.0.1.50 80 force interface 9 //Divert all outbound UDP connection to port 53 (DNS) to 10.0.1.49 port 53 udp > 0.0.0.0 53 -> 10.0.1.49 53

The [-f] flag, when present, will modify the Windows Firewall to add an exception for the application to properly redirect incoming traffic to another port. The [-v] flag control the logging verbosity. When provided, StreamDivert will log details about redirected packets and streams.

Some Use Cases

Diverting outbound C&C traffic to a local socket for dynamic malware analysis. Diverting inbound SMB connections of a compromised host to Responder/ ntlmrelayx (usefull in penetration tests). Routing traffic over reserved ports. Usefull when a network firewall is in between. For example... Routing a meterpreter shell over port 445. Running a SOCKS server on port 3389. ...

Help! My packets/ connections are not correctly diverted!

One thing to keep in mind when configuring diverted connections is that you don't have conflicting diverted streams. Given the following example config file:

icmp < 0.0.0.0 -> 10.0.1.50 icmp > 10.0.1.49 -> 10.0.1.48

Those two diverted streams will conflict with eachother, as packets for the first diverted stream will also be picked up by the second packet 'diverter'. Generally you will only run into these issues with UDP and ICMP and using wildcards.

Also note that diverting an IPv4 to an IPv6 address and vice versa is not supported for UDP and ICMP traffic.

Contributing to StreamDivert

Features wanted:

IP range support ...

StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination

Reviewed by Zion3R on 5:30 PM Rating: 5

LEFT SIDEBAR AD

StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination

BOOK THIS SPACE FOR AD

Related

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Psobf - PowerShell Obfuscator

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

VulnNodeApp - A Vulnerable Node.Js Application

Trending

Popular

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD