Immunity Debugger Intro, Capture & Reroute Malware Traffic
by Coleman Kane
This lecture introduces some basic Immunity Debugger usage and walks through a number
of configurations that enable the malware to execute in the VM, still attempt to communicate
to its home IP, but get routed to a nc listener I set up so we can capture the traffic
and interact with the backdoor.
IPTABLES command
On the VM I wanted to capture the traffic from, I ran a command using iptables to route
the traffic to a local port. Here is that command:
iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.12.71 -p tcp --dport 444 -j REDIRECT --to-ports 8444