[WireSock] Can’t tunnel cmd or powershell using AllowedApps

Home Forums Discussions Support Portal [WireSock] Can’t tunnel cmd or powershell using AllowedApps

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #12319
    Plankton
    Participant

    [Interface]
    PrivateKey =
    Address = 192.168.100.2/24
    DNS = 192.168.100.1, 192.168.101.1
    [Peer]
    PublicKey =
    PresharedKey =
    Endpoint = domain:51820
    AllowedIPs = 0.0.0.0/0, ::0/0
    AllowedApps = chrome.exe, cmd.exe, powershell.exe

    As you can see above, I’m trying to tunnel only Chrome, Command Prompt, and Powershell using AllowedApps to my Wireguard server using WireSock. But while Chrome gets tunneled just fine, neither CMD nor Powershell gets tunneled. I’ve even tried adding conhost.exe and explorer.exe to AllowedApps (since those are parent processes to cmd and powershell) but that didn’t make a difference.

    The only time I’ve been able to successfully tunnel CMD and Powershell traffic is by straight-up removing AllowedApps and tunneling every application. But tunneling specific applications is the whole reason I’ve been trying to use WireSock.

    Can you please tell me what I’m doing wrong?

    #12320
    Vadim Smirnov
    Keymaster

    I just did a quick powershell test with the command line below, and it was correctly intercepted and redirected through the tunnel:

    Invoke-WebRequest "http://www.wiresock.net/downloads/wiresock-vpn-gateway-x64-1.0.31.1.msi" -OutFile "wiresock-gateway-x64.msi"

    I suspect you are expecting child processes launched from cmd or powershell to be tunneled. Note, however, that these child processes have different names and are therefore skipped by the filter. Of course, it is possible to extend the filter for child processes, but initially, I had no such intention.

    #12321
    Plankton
    Participant

    Ah ok. Here’s the only reason why I want to tunnel cmd or powershell: Since I installed WireSock as a Service, I want to have a constant ping going to some remote server so I can see at a glance whenever WireSock is tunneling my traffic.

    Is there some way for me to tunnel just ping commands? I tried doing this but it didn’t help:

    AllowedApps = chrome.exe, cmd.exe, powershell.exe, ping.exe

    #12322
    Vadim Smirnov
    Keymaster

    The Windows API only allows you to get the process context for the TCP and UDP protocols. So, ping.exe sending ICMP packets cannot be resolved and therefore not tunneled.

    The simplest alternative would probably be a simple UDP based pinger, which can be easily implemented in Golang.

    #12323
    Plankton
    Participant

    Would this work?

    Test-NetConnection google.com -Port 80

    #12324
    Vadim Smirnov
    Keymaster

    Yes, if you add “powershell” to AllowedApps then this request will be tunneled.

    #12325
    Plankton
    Participant

    Great, thank you so much for your help

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.