Idov31 Venom Save

Venom is a library that meant to perform evasive communication using stolen browser socket

Project README

Venom

Venom is a C++ library that is meant to give an alternative way to communicate, instead of creating a socket that could be traced back to the process, it creates a new "hidden" (there is no window shown) detached edge process (edge was chosen because it is a browser that is installed on every Windows 10+ and won't raise suspicious) and stealing one of its sockets to perform the network operations.

The benefit of creating a detached browser process is that there is no danger that it will be closed accidentally by the user and the sockets exist but not communicating with any site, therefore avoiding possible collisions.

Usage

Venom is a single C++ header file so you can just include it in your project and use it as follows:

Venom venom = Venom(L"127.0.0.1", 3110);

if (!venom.VenomObtainSocket()) {
    std::cerr << "[ - ] Failed to get socket." << std::endl;
    venom.~Venom();
    return -1;
}

// Do your stuff here.
...

venom.~Venom();

You can see the example that shows how to use the socket for sending or receiving data.

Technical Explanation

The core reason why it works, or to be exact, why the sending and receiving with a socket (possibly connected) without any problem is in the functions documentation.

Before I'll explain more about that, I chose to create a new edge process over using an already opened one for 2 main reasons:

You can't know if the browser socket is already in use and it might cause a collision if you are trying to receive data.
A process that you created can be closed by mistake at any time by the user, meaning cutting your communication.

Now that you understood the reasons behind creating a new process, I can explain why I can use an already existing socket (which might be connected) to communicate with a target (without connecting it to it).

Sending: To send, you can use sendto function and in the documentation, you can read that Microsoft wrote: "A descriptor identifying a (possibly connected) socket.".

Moreover, you can read that they also wrote "... Even if the connectionless socket has been previously connected to a specific address, the to parameter overrides the destination address ..." meaning, we can override the target with sendto.

Receiving: To receive data, you can use recv function and because no user using this browser process, it reduces greatly the chances of collision.

Contributors

Florian Roth

Resources

ShadowMove

Open Source Agenda is not affiliated with "Idov31 Venom" Project. README Source: Idov31/Venom

Stars

361

Open Issues

Last Commit

7 months ago

Repository

Idov31/Venom

License

BSD 2-clause GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/idov31-venom"><img src="https://www.opensourceagenda.com/projects/idov31-venom/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022