Tuesday, March 31, 2015

Netcat Proxy on Windows: Part 2 - v4/v6 Translation

In my previous post I looked at a Netcat proxy on Windows using named pipes to emulate how it works on *nix. Now that I got it working in the straightforward case, I decided to see if Netcat could be used as an IPv4 / IPv6 translation proxy.

This of course requires a Netcat that has IPv6 capabilities and because of my setup - works on Windows. Luckily, I have just the thing - nc64 which you can grab here.

The setup is more or less the same as for the IPv4-only test case last discussed: start the named pipe server, start the Netcat proxy, then connect. However, in this case, the Netcat proxy setup is slightly different. We'll need to listen on IPv4 and forward to IPv6 and vice versa for the opposite test case. Let's look at IPv4 to IPv6 first.

IPv4 to IPv6 Translation

This is used for an IPv4 host to connect to an IPv4 Netcat proxy that will provide content from an IPv6 server.

First create the pipe:

C:\> pipe -n 4to6
Pipe Server: Multithreading - client connect \\.\pipe\4to6

Next, start the Netcat proxy. The listener uses '-4' to listen on IPv4 at the localhost and the '-e' proxy uses '-6' to connect on IPv6 to the remote host. We'll use a '-v' switch to get some logging to show the IPv6 connection to the server. Note, it will be displayed through the named pipe when the client connects:

C:\> nc64 -4 -L -p 4000 -e "nc64 -6 -v www.google.com 80 > \\.\pipe\4to6" < \\.\pipe\4to6

Finally, try to connect to the proxy and issue the 'GET /' command. We'll use a '-v' switch to get some logging to show the IPv4 connection to the localhost:

C:\> nc64 -4 -v localhost 4000
VinsWorldcom.home.com [127.0.0.1] 4000 (?) (TCP) open
DNS fwd/rev mismatch: www.google.com != yn-in-x93.1e100.net
www.google.com [2607:f8b0:4002:c03::93] 80 (http) (TCP) open
GET /
HTTP/1.0 200 OK
[...]

It works! Notice the first line of verbose logging is from the client connection - it's IPv4. The next two lines are from the Netcat proxy '-v' switch showing the proxy has made a connection to Google over IPv6. After the 'GET /' command, we get the status 200 and full reply follows.

IPv6 to IPv4 Translation

This is used for an IPv6 host to connect to an IPv6 Netcat proxy that will provide content from an IPv4 server.

First create the pipe:

C:\> pipe -n 6to4
Pipe Server: Multithreading - client connect \\.\pipe\6to4

Next, start the Netcat proxy. The listener uses '-6' to listen on IPv6 at the localhost and the '-e' proxy uses '-4' to connect on IPv4 to the remote host. We'll use a '-v' switch to get some logging to show the IPv4 connection to the server. Note, it will be displayed through the named pipe when the client connects:

C:\> nc64 -6 -L -p 6000 -e "nc64 -4 -v www.google.com 80 > \\.\pipe\6to4" < \\.\pipe\6to4

Finally, try to connect to the proxy and issue the 'GET /' command. We'll use a '-v' switch to get some logging to show the IPv6 connection to the localhost:

C:\> nc64 -6 -v localhost 6000
VinsWorldcom.home.com [::1] 6000 (?) (TCP) open
DNS fwd/rev mismatch: www.google.com != lga25s41-in-f4.1e100.net
www.google.com [216.58.219.228] 80 (http) (TCP) open
GET /
HTTP/1.0 200 OK
[...]

Again, it works! Notice the first line of verbose logging is from the client connection - it's IPv6. The next two lines are from the Netcat proxy '-v' switch showing the proxy has made a connection to Google over IPv4. After the 'GET /' command, we get the status 200 and full reply follows.

No comments :

 

Copyright © VinsWorld. All Rights Reserved.