Skip to content

Relay Agent Reverse TCP Listener

This relay listener uses an existing agent to accept reversed connections. The selected (relay) agent, identified by its GUID, waits for an incoming connection on a specified port. When a new agent is executed, it will attempt to connect to this relay agent using one of its provided hosts. If successful, communication will be routed through the relay agent.

Plugin ID: shelldot.listener.relay-agent-reverse-tcp

Configuration Reference

Parameter Type Required Default Description
relayAgentGuid string Yes - UUID of the existing agent that will listen for connections.
hosts string[] Yes - Array of hostnames or IP addresses for the relay agent.
port int Yes - TCP port on which the relay agent will listen for incoming connections.
handshakeBytes string No "" Base64-encoded random bytes used for the initial handshake between the agents.
startTime string No - Optional UTC start time if the listener should not start immediately (e.g. 2025-04-10T11:02:09Z).

Configuration Scenarios

Scenario 1 - Basic Relay Reverse TCP

A relay listener that routes traffic through an existing agent to reach a new agent on the internal network.

1
2
3
4
5
6
{
  "relayAgentGuid": "de1b8bbe-3ba3-4d46-bb92-c2011515cea9",
  "hosts": ["192.168.32.135"],
  "port": 5555,
  "handshakeBytes": "QUFBQQ=="
}

Example (POST Request)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.relay-agent-reverse-tcp",
  "name": "my-relay-tcp-reverse-listener",
  "configuration": {
    "relayAgentGuid": "de1b8bbe-3ba3-4d46-bb92-c2011515cea9",
    "hosts": [
      "192.168.32.135"
    ],
    "port": 5555,
    "handshakeBytes": "QUFBQQ==",
    "startTime": "2023-04-10T11:02:09Z"
  }
}