A minimalist tool that downloads remote data through other running processes, bypassing network restrictions and firewall policy rules by proxying traffic through trusted executables.
May be flagged as malware due to the nature of its functionality.
- Scans the system for processes with active outbound connections
- Injects shellcode into a selected target process
- Requests external data as if it were the target application
- Transfers the received data back to the injector for processing
| Firewall | Status | Notes |
|---|---|---|
| Windows Firewall | + | Full bypass |
| Comodo Firewall | ± | HIPS may block |
| Simplewall | + | Fully bypassed |
| TinyWall | + | Fully bypassed |
| ZoneAlarm | + | Fully bypassed |
| GlassWire | + | Fully bypassed (logged) |