SOCKS5 Tunnel
SOCKS5 Tunnel
Section titled “SOCKS5 Tunnel”XoloC2 beacons include a built-in SOCKS5 proxy. Traffic is multiplexed over the existing HTTPS polling channel — no additional binaries needed on the target.
Step 1 — Start the tunnel
Section titled “Step 1 — Start the tunnel”In the session panel, click SOCKS5 Tunnel, set a local port (default 1080), and click Start.
Or send directly in the terminal:
__tunnel__ 1080This opens a SOCKS5 listener on port 1080 of your XoloC2 server.
Step 2 — Configure proxychains
Section titled “Step 2 — Configure proxychains”Edit /etc/proxychains4.conf:
[ProxyList]socks5 127.0.0.1 1080Step 3 — Route your tools through the tunnel
Section titled “Step 3 — Route your tools through the tunnel”# Network scanproxychains4 nmap -sT -Pn 192.168.1.0/24
# HTTP request to internal hostproxychains4 curl http://192.168.1.10/
# SSH to internal hostproxychains4 ssh user@192.168.1.10
# SMB enumerationproxychains4 crackmapexec smb 192.168.1.0/24Step 4 — Stop the tunnel
Section titled “Step 4 — Stop the tunnel”__tunnel__ stopOr click Stop in the session panel.
Multiple tunnels
Section titled “Multiple tunnels”Run simultaneous tunnels on different ports from different sessions:
# Session A — first pivot__tunnel__ 1080
# Session B — deeper pivot__tunnel__ 1081- UDP is not supported
- All TCP protocols work: HTTP, SSH, SMB, RDP, etc.
- The tunnel survives beacon sleep cycles — traffic queues and resumes on the next poll