Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
User Manual Description of VPN
Server
•
(S) For the case of VPN Proxy, any proxied network traffic is first sent through the
VPN tunnel to the CB-VPN. For the case of a Proxy All Global Action, all TCP and UDP
traffic from any LAN/WLAN client of the Flytrap is sent through the tunnel. For the
case of a Target with a proxy action, as soon as the Target is detected, all of that
Target’s TCP and UDP traffic is sent through the tunnel. The CB-VPN then handles the
proxied traffic, forwarding requests to the proper server. The green arrow path in
Figure 50 shows a typical case of a Target with a VPN Proxy Action making a request
to google.com. Instead of going directly from the Flytrap to the Google Server, the
request instead is sent through the tunnel to the CB-VPN, which then routes the
traffic properly to the Google Server. Note that the CB-VPN could run MITM software
to exploit the Target’s network traffic.
•
(S) For the case of VPN Link, the VPN tunnel is used to provide a path from the
Sponsor Network to the Target behind the Flytrap (i.e., on the Flytrap’s LAN/WLAN
side). Typically this would not be possible because the Flytrap’s WAN would likely
have a non-routable IP address. A VPN Link can be established in a number of ways:
–
The Flytrap executes a Mission with a VPN Link Global Action
–
The Flytrap executes a Mission with a VPN Proxy All Global Action
–
The Flytrap detects a Target with a VPN Link Action
–
The Flytrap detects a Target with a VPN Proxy Action
•
On the CherryWeb “View->Flytraps” page, the “VPN Link” column shows the status of
the VPN Link for each Flytrap (see 9.8 for status codes).