A simple realization of SSH reverse tunnel.
Ghost Tunnel is a covert backdoor transmission method, hiding payload in 802.11 Probe-Request and Beacon frames. As it is in the first 3 steps connecting to an AP, it can transfer payload in isolated environments(need physical access first) and bypass firewall. In P4wnP1, it is called WiFi Covert Channel.
To know the principle better, I wrote a Go version.
It is said that Google’s HTTP-Over-QUIC protocol has been renamed to HTTP/3.0 !
Then I take a quick look and add QUIC support to SweetyGo as well as this site.
Inspired by Transferring Backdoor Payloads with BMP Image Pixels, I write a Go version demo
Although it seems not as new and dangerous as can be, concealing payload into bmp pixels to bypass AV is really insteresting.