嗯,用户让我总结这篇文章的内容,控制在100字以内,而且不需要特定的开头。我得先仔细读一遍文章。 文章讲的是在使用Sliver进行红队行动时,C2服务器的IP可能被暴露的问题。解决方案是通过Tor隐藏服务来路由C2流量。具体步骤包括Sliver在本地运行HTTPS监听,一个代理监听8080端口,Tor创建隐藏服务指向代理,生成带有.onion地址的植入物。流量从植入物到Tor再到.onion地址,经过代理转换HTTP到HTTPS,最后到达Sliver。 作者提到为什么不直接修改Sliver,因为Sliver用Go写,构建系统复杂,维护分支麻烦。于是他用Python写了自动化工具sliver-tor-bridge,处理Tor启动、隐藏服务创建和代理。用户只需要指向Sliver监听器就能生成.onion地址。 总结的时候要抓住关键点:问题、解决方案、步骤、工具和原因。控制在100字以内,所以要简洁明了。 可能的结构:介绍问题和解决方案,然后简要描述流程和工具。 比如:“文章介绍如何通过Tor隐藏服务保护Sliver的C2服务器IP。方法包括使用代理将HTTP转换为HTTPS,并自动化配置流程以生成.onion地址。” 这样既涵盖了主要信息,又符合字数限制。 </think> 文章介绍如何通过Tor隐藏服务保护Sliver的C2服务器IP。方法包括使用代理将HTTP转换为HTTPS,并自动化配置流程以生成.onion地址。 2026-1-19 14:46:9 Author: www.reddit.com(查看原文) 阅读量:1 收藏
When running Sliver for red team engagements, your C2 server IP can potentially be exposed through implant traffic analysis or if the implant gets captured and analyzed.
One way to solve this is routing C2 traffic through Tor hidden services. The implant connects to a .onion address, your real infrastructure stays hidden.
The setup:
-
Sliver runs normally with an HTTPS listener on localhost
-
A proxy sits in front of Sliver, listening on port 8080
-
Tor creates a hidden service pointing to that proxy
-
Implants get generated with the .onion URL
Traffic flow:
implant --> tor --> .onion --> proxy --> sliver
The proxy handles the HTTP-to-HTTPS translation since Sliver expects HTTPS but Tor hidden services work over raw TCP.
Why not just modify Sliver directly?
Sliver is written in Go and has a complex build system. Adding Tor support would require maintaining a fork. Using an external proxy keeps things simple and works with any Sliver version.
Implementation:
I wrote a Python tool that automates this: https://github.com/Otsmane-Ahmed/sliver-tor-bridge
It handles Tor startup, hidden service creation, and proxying automatically. Just point it at your Sliver listener and it generates the .onion address.
Curious if anyone else has solved this differently or sees issues with this approach.
如有侵权请联系:admin#unsafe.sh