CCTT - Covert Channel Tunneling Tool



This is the kind of fake website presented by the CCTT server in HTTP mode.

The server file configuration is :


PROTOCOL=tcp
IDENT=clear_ident
IDENT_KEY=simsim
SRV_SHELL_LOC=/usr/local/bin/bash
SRV_SHELL_CMD=bash
PERM_USER_GROUP=cctt
PERM_CHROOT=cage
HTTP_MOD_URI=/cgi-bin/cctt.cgi
HTTP_MOD_SRV_ERROR_PAGE=error_page
HTTP_MOD_SRV_FAKE_URLS=/index.html
HTTP_MOD_SRV_FAKE_URLS=/cctt.css
HTTP_MOD_SRV_FAKE_URLS=/images/cctt.gif
PROXY_MODE_LIST=ssh:127.0.0.1:22
KILL_QUIET_DEL=1000000
KILL_QUIET_DEL_CF=500000

The command line to run the CCTT server is :


./cctt -s @IP -p 8080 -f ./srv.cf -v -t http_post -L

Notes :


To add some confusion to your fake website, don't forget to add some kind of HTML post form as :
  <form method="POST" action="/cgi-bin/cctt.cgi">
    <input type="text" name="cctt">
    <input type="submit">
  </form>>
so that an observer believes that the POST requests coming from the CCTT clients are going to this form.