No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
agent
bin
build
infrastructure
samples
Makefile
README.rst

README.rst

Rinnegan
########

   One who wields the Rinnegan is sent down from the heavens to become either a "God of Creation"
   who will calm the world or a "God of Destruction" who will reduce everything to nothingness.


Why?
****

To help with reverse engineering with complex distributed systems. Helps in
greatly decoding communications and events happening in various components
of a distributed system.

Requirements
************

Hosts
=====

* bash
* golang

Targets
=======

Privileged access without sudo is required.

Walkthrough
***********

For now: https://tunnelshade.in/blog/2018/12/rinnegan-walkthrough/

Tricks
^^^^^^

*INCOMING = PREROUTING dnat*
*OUTGOING = OUTPUT dnat*

To redirect incoming traffic from target to your reverse proxy

.. code-block::

   ./bin/rinnegan.sh "<filter>" agent iptables incoming add <some_ip_of_target> <port> <reverse_proxy_ip:reverse_proxy_port>

To delete a rule, just replace ``add`` with ``remove``

.. code-block::

   ./bin/rinnegan.sh "<filter>" agent iptables incoming remove <some_ip_of_target> <port> <reverse_proxy_ip:reverse_proxy_port>

Let us say you want to intercept traffic arriving at a web server, then redirecting incoming traffic on that web server target makes sense.
One caveat of this is all clients connecting to this server will get their traffic rerouted. Now what if you want to intercept traffic for
one particular client. This is where redirect outgoing on client instance makes sense.

.. code-block::

   ./bin/rinnegan.sh "<filter>" agent iptables outgoing add <ip_of_server> <port_of_server> <reverse_proxy_ip:reverse_proxy_port>

Just replace ``add`` with ``remove`` to remove this redirection.


Known Issues
************

This is quite unstable, so expect a bumpy ride

* Agent just smoked up too many processes, what to do? Just restart your containers/vms.