# DYNAMICPROXY

`DYNAMICPROXY` creates a dynamic TCP proxy which can perform a man-in-the-middle attack and log traffic crossing the Packet Squrirel in `NAT` mode.

A standard TCP proxy requires prior knowledge of the original destination of the traffic.  Proxies created with `DYNAMICPROXY` automatically derive the destination and are able to log traffic to and from multiple remote TCP services.

## Limitations

The `DYNAMICPROXY` tool is able to log the content of TCP streams passing through the Packet Squirrel in `NAT` configurations.  Because of how the process works, it is not possible in the `BRIDGE` or `TRANSPARENT` configurations.

Only one instance of `DYNAMICPROXY` may be running at once.  To capture from multiple ports simultaneously, specify all the ports on a single command.

## Options

The `DYNAMICPROXY` command expects several options:

```
DYNAMICPROXY [CLIENT|SERVER|ANY] [filename prefix] [port1] ... [portN]
```

### Direction

`DYNAMICPROXY` logs the contents of TCP streams; they can be logged as `CLIENT` (the device connecting to the target service via the Packet Squirrel), `SERVER` (the responses from the server to the client) or `ANY` (both sides of the stream logged to independent files).

### Filename prefix

Streams will be saved to multiple files based on the *filename prefix*.  Since streams can be very large, and the Packet Squirrel has limited internal storage, the file prefix should always be on the USB external storage.

Files are saved as `[prefix]_[timestamp]_[server ip]_[server port]_[client ip]_[client port].stream`

For example a file prefix of `/usb/printer/printjob_` will save streams as `/usr/printer/printjob_[timestamp]_[server ip]_[server port]_[client ip]_[client port].stream`

The exact content of the filenames is often unimportant, but necessary as many streams can occur at the same time.

### Ports

`DYNAMICPROXY` can intercept streams on multiple TCP ports simultaneously.  To intercept streams on multiple ports, list all the ports as a single command.

## Examples

The `DYNAMICPROXY` command can be used as part of a payload to capture data to external USB storage:

```bash
#!/bin/bash 

# Title: Printer Capture
#
# Description: Capture PCL IP printer jobs with a dynamic proxy 

# To convert PCL files to PDF, use a tool like GhostPCL:
# https://ghostscript.com/releases/gpcldnld.html 
#
# To convert a stream (captured-file.stream) to PDF (printed.pdf), use something 
# like:
# ./gpcl6-1000-linux-x86_64 -o printed.pdf -sDEVICE=pdfwrite captured-file.stream 

NETMODE NAT

# We have to have attached USB
USB_WAIT

# Make sure the directory exists
mkdir /usb/printer/

# Use a dynamic proxy to MITM standard PCL IP printers
DYNAMICPROXY CLIENT /usb/printer/print_ 9100 
```