Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add dynamic IP mapping for localhost #117

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add dynamic IP mapping for localhost #117

wants to merge 1 commit into from

Conversation

f4rs1ght
Copy link

This PR aims to achieve the following goal:

  1. Dynamically map MagicNet (240.x.x.x) addresses to corresponding loopback addresses (127.x.x.x) based on the original IP. For example, 240.0.0.5 will map to 127.0.0.5.

This way, by executing interface_add_route --name evil-cha --route 240.0.0.0/8 (after configuring the evil-cha interface) in the ligolo proxy terminal, the user will be able to access the entirety of the loopback CIDR of the target agent.

@nicocha30
Copy link
Owner

I have trouble understanding the purpose of this PR, knowing that 127.x.x.x always points to localhost? Do you have a case where this is necessary?

@f4rs1ght
Copy link
Author

Let's assume we are hosting a website on the IP address 127.0.0.5 and port 80, using the command python3 -m http.server -b 127.0.0.5 80. This website is now only accessible via http://127.0.0.5 and not via http://127.0.0.1.

ligolo-example

This means that if we point any IP in the CIDR range 240.0.0.0/8 to 127.0.0.1, we will not be able to access this website from the machine running the ligolo proxy. However, with this PR, we will be able to access it via http://240.0.0.5.

Open5Gs is a project that uses local IP addresses, such as 127.0.0.5 and 127.0.0.20, to run essential API services that are accessible only from the local machine running the project.

@nicocha30
Copy link
Owner

Thanks for the info. I wasn't aware that some programs use a local IP address other than 127.0.0.1!
There is one problem though. If there are two Ligolo-ng agents, and I want to access 127.0.0.1 on agent A, and then 127.0.0.1 on agent B, I can simply create two routes to 240.0.0.1 dev agentiface1 and 240.0.0.2 dev agentiface2.
Maybe we could use another unused subnet?

@f4rs1ght
Copy link
Author

f4rs1ght commented Dec 8, 2024

At first, I considered using 192.88.99.0/24 as another unused subnet. However, we do not need to since the problem you described is still solved with the current PR.

Since the 240.0.0.0/4 subnet that we use is larger than 127.0.0.0/8, we can access the localhost ip range of 2 agents by defining the routes as such:

From ligolo_proxy console:
interface_add_route --name agentiface1 --route 240.0.0.0/8
interface_add_route --name agentiface2 --route 241.0.0.0/8
Using ip command:
ip route add 240.0.0.0/8 dev agentiface1
ip route add 241.0.0.0/8 dev agentiface2

Now we can access 127.x.x.x of agent A with 240.x.x.x and 127.x.x.x of agent B with 241.x.x.x. This can work for up to 16 unique agents.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@f4rs1ght @nicocha30