[WireSock] Can’t tunnel cmd or powershell using AllowedApps

Home Forums Discussions Support [WireSock] Can’t tunnel cmd or powershell using AllowedApps

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • August 25, 2022 at 9:01 pm #12319
    Plankton
    Participant

      [Interface]
      PrivateKey =
      Address = 192.168.100.2/24
      DNS = 192.168.100.1, 192.168.101.1
      [Peer]
      PublicKey =
      PresharedKey =
      Endpoint = domain:51820
      AllowedIPs = 0.0.0.0/0, ::0/0
      AllowedApps = chrome.exe, cmd.exe, powershell.exe

      As you can see above, I’m trying to tunnel only Chrome, Command Prompt, and Powershell using AllowedApps to my Wireguard server using WireSock. But while Chrome gets tunneled just fine, neither CMD nor Powershell gets tunneled. I’ve even tried adding conhost.exe and explorer.exe to AllowedApps (since those are parent processes to cmd and powershell) but that didn’t make a difference.

      The only time I’ve been able to successfully tunnel CMD and Powershell traffic is by straight-up removing AllowedApps and tunneling every application. But tunneling specific applications is the whole reason I’ve been trying to use WireSock.

      Can you please tell me what I’m doing wrong?

      August 26, 2022 at 12:04 pm #12320
      Vadim Smirnov
      Keymaster

        I just did a quick powershell test with the command line below, and it was correctly intercepted and redirected through the tunnel:

        Invoke-WebRequest "http://www.wiresock.net/downloads/wiresock-vpn-gateway-x64-1.0.31.1.msi" -OutFile "wiresock-gateway-x64.msi"

        I suspect you are expecting child processes launched from cmd or powershell to be tunneled. Note, however, that these child processes have different names and are therefore skipped by the filter. Of course, it is possible to extend the filter for child processes, but initially, I had no such intention.

        August 26, 2022 at 1:18 pm #12321
        Plankton
        Participant

          Ah ok. Here’s the only reason why I want to tunnel cmd or powershell: Since I installed WireSock as a Service, I want to have a constant ping going to some remote server so I can see at a glance whenever WireSock is tunneling my traffic.

          Is there some way for me to tunnel just ping commands? I tried doing this but it didn’t help:

          AllowedApps = chrome.exe, cmd.exe, powershell.exe, ping.exe

          August 26, 2022 at 1:33 pm #12322
          Vadim Smirnov
          Keymaster

            The Windows API only allows you to get the process context for the TCP and UDP protocols. So, ping.exe sending ICMP packets cannot be resolved and therefore not tunneled.

            The simplest alternative would probably be a simple UDP based pinger, which can be easily implemented in Golang.

            August 26, 2022 at 1:49 pm #12323
            Plankton
            Participant

              Would this work?

              Test-NetConnection google.com -Port 80

              August 26, 2022 at 2:32 pm #12324
              Vadim Smirnov
              Keymaster

                Yes, if you add “powershell” to AllowedApps then this request will be tunneled.

                August 26, 2022 at 5:28 pm #12325
                Plankton
                Participant

                  Great, thank you so much for your help

                • Author
                  Posts
                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.