On October 31, 2020, @SamyKamkar published his research on NAT Slipstreaming. According to his own words, NAT Slipstreaming - … allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. I would go further and say that NAT Slipstreaming is actually more than that. I consider NAT Slipstreaming a whole vulnerability category. Basically, whenever an attacker can force a user to generate traffic to a specific server on the Internet and control both the content sent and the target port, you have a potential NAT Slipstreaming vulnerability.
The files present in this repository can be used for testing for NAT Slipstreaming vulnerabilities. The Google Chrome bug described at https://bugs.chromium.org/p/chromium/issues/detail?id=1184562 is an example of how the files present here can be used to exploit vulnerable browsers.
Sample malicious HTML page supporting different protocols.
Sample SIP malicious server.
Sample RTSP malicious server.
Sample h323 malicious server.