FRP

FRP, which stands for Fast Reverse Proxy, is an openly available tool that is capable of exposing a server located behind a firewall or Network Address Translation (NAT) to the Internet. FRP can support multiple protocols including TCP, UDP, and HTTP(S) and has been abused by threat actors to proxy command and control communications.[1][2][3][4]

ID: S1144
Type: TOOL
Platforms: Linux, macOS, Windows
Version: 1.0
Created: 10 July 2024
Last Modified: 30 July 2024

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

FRP has the ability to use HTTP and HTTPS to enable the forwarding of requests for internal services via domain name.[1]

Enterprise T1059 .007 Command and Scripting Interpreter: JavaScript

FRP can support the use of a JSON configuration file.[1]

Enterprise T1573 .001 Encrypted Channel: Symmetric Cryptography

FRP can use STCP (Secret TCP) with a preshared key to encrypt services exposed to public networks.[1]

.002 Encrypted Channel: Asymmetric Cryptography

FRP can be configured to only accept TLS connections.[1]

Enterprise T1046 Network Service Discovery

As part of load balancing FRP can set healthCheck.type = "tcp" or healthCheck.type = "http" to check service status on specific hosts with TCPing or an HTTP request.[1]

Enterprise T1095 Non-Application Layer Protocol

FRP can communicate over TCP, TCP stream multiplexing, KERN Communications Protocol (KCP), QUIC, and UDP.[1]

Enterprise T1572 Protocol Tunneling

FRP can tunnel SSH and Unix Domain Socket communications over TCP between external nodes and exposed resources behind firewalls or NAT.[1]

Enterprise T1090 Proxy

FRP can proxy communications through a server in public IP space to local servers located behind a NAT or firewall.[1]

.003 Multi-hop Proxy

The FRP client can be configured to connect to the server through a proxy.[1]

Enterprise T1049 System Network Connections Discovery

FRP can use a dashboard and U/I to display the status of connections from the FRP client and server.[1]

Groups That Use This Software

References