# Redirectors/Relays

"It’s 2021, disable staging and don’t expose C2 server ports directly to the internet" - [@HackingLZ](https://twitter.com/HackingLZ)

A redirector or a relay is a network widget that listens for incoming connections and forwards them to another host or port. This is an operational security best practice so that you never expose your Command and Control (C2) server to everyone on the Internet. Instead, your payload should be configured to connect to the redirector/relay so that anyone looking at the network connections sees the redirector/relay and not your C2 server. If a defender/Blue Team blocks your redirector, your C2 server is still accessible.

A lot has been written about redirectors. Here are a few references:

* Redirect rules: <https://github.com/0xZDH/redirect.rules>
* Hosting and hiding your C2 with Docker and Socat: <https://khast3x.club/posts/2020-02-09-C2-Protection-Socat-Docker/>
* Introduction to Modern Routing For Red Team Infrastructure - using Traefik, Matasploit, Covenant, and Docker: <https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker/>
* AWS Lambda Redirector: <https://blog.xpnsec.com/aws-lambda-redirector/>
* Hiding in the Cloud: Cobalt Strike Beacon C2 using Amazon APIs: <https://rhinosecuritylabs.com/aws/hiding-cloudcobalt-strike-beacon-c2-using-amazon-apis/>
* Azure C2 Relay: <https://www.trustedsec.com/blog/front-validate-and-redirect/>
* Servers are Over-rated (Azure and AWS): <https://redteamer.tips/servers-are-overrated-bypassing-corporate-proxies-abusing-serverless-for-fun-and-profit/>
* Cloudflare Worke


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://howto.thec2matrix.com/attack-infrastructure/redirectors.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.