Appearance
Egress Validation (NET-EGRESS)
Validate that the secure sandbox enforces a default-deny posture for network egress and prevents proxy bypass attempts.
Objectives
- Enforce
egressDefaultAction: "deny". - Require proxy routing for all outbound traffic.
- Ensure fail-closed behavior during proxy outages.
- Prevent applications from bypassing proxy settings.
- Maintain IPv4 and IPv6 parity for egress controls.
Controls Under Test
runtime.networking.egressDefaultAction- Proxy enforcement and pinning
- Network namespace firewall
Test Scenarios
| ID | Threat / Scenario | Universal Procedure | Expected Outcome & Audit |
|---|---|---|---|
| NET-EGRESS-01 | Direct IP Access | Adversary attempts to bypass DNS filters. Initiate an HTTP request to a specific public IP (e.g., 1.1.1.1) using a timeout flag (e.g., curl -v --connect-timeout 5 <IP>). | Pass: Connection timeout or refused. No HTTP 200/301. Audit: action: deny, protocol: tcp |
| NET-EGRESS-02 | Unauthorized Proxy Usage | Adversary attempts to use a non-designated proxy. Configure a user-defined proxy (e.g., export https_proxy=attacker.com:8080) and attempt a connection. | Pass: Connection failed; traffic must traverse the designated gateway. Audit: action: deny, reason: unauthorizedProxy |
| NET-EGRESS-03 | Direct UDP Egress | Exfiltration via non-TCP protocols. Attempt to send UDP packets to an external destination (e.g., nc -u <IP> 53 or 123). | Pass: Packets dropped. Audit: action: deny, protocol: udp |
| NET-EGRESS-04 | ICMP Egress | Network mapping or tunneling via ICMP. Attempt to ping an external host (e.g., ping 8.8.8.8). | Pass: Request timed out / Destination unreachable. Audit: action: deny, protocol: icmp |
| NET-EGRESS-05 | Environment Proxy Variables / Client Flags | Attempt to bypass designated proxies using http_proxy/https_proxy/all_proxy or client --proxy flags to an unauthorized endpoint.Example: export HTTPS_PROXY=http://attacker:8080 && curl -v https://example.com. | Pass: Denied; only designated proxies are accepted. Audit: category: network, action: deny, reason: unauthorizedProxy, proxyEnforced: true |
| NET-EGRESS-06 | NO_PROXY / --noproxy Bypass | Disable proxy routing via environment or client flags. Example: export NO_PROXY=* && curl -v https://example.com or curl --noproxy "*" https://example.com. | Pass: Denied; proxy bypass refused. Audit: action: deny, reason: proxyBypassAttempt, proxyEnforced: true |
| NET-EGRESS-07 | Proxy Bypass | Proxy bypass via noproxy or tunnels.Attempt connection bypassing proxy settings (e.g., curl --noproxy "*") or using HTTP CONNECT to arbitrary ports. | Pass: Connection failed; cannot bypass enforced proxy. Audit: reason: proxyBypassAttempt. |
| NET-EGRESS-08 | PAC/WPAD Hijack | Present a malicious PAC file or enable WPAD to route via a non-designated proxy; attempt outbound HTTPS. | Pass: Denied/ignored; only designated proxies are accepted. Audit: action: deny, reason: pacNotTrusted or wpadBlocked, proxyEnforced: true |
| NET-EGRESS-09 | Proxy Fail-Closed | Simulate designated proxy outage (stop service or blackhole IP) and attempt outbound HTTPS. | Pass: Connection denied; no direct fallback. Audit: action: deny, reason: proxyUnavailable, proxyEnforced: true |
| NET-EGRESS-10 | Designated Proxy Identity/Pinning | Intercept proxy TLS or present a non-pinned CA/cert to the client; attempt CONNECT/HTTPS. | Pass: TLS handshake fails; no fallback to direct. Audit: action: deny, reason: certMismatch or pinningFailed, proxyEnforced: true |
| NET-EGRESS-11 | IPv6 Direct Egress | Attempt IPv6 literal or AAAA target to bypass IPv4 rules. Example: curl -6 -v https://[2606:4700:4700::1111]/. | Pass: Denied; parity with IPv4 posture. Audit: action: deny, protocol: tcp, ipVersion: 6 |
| NET-EGRESS-12 | CONNECT Tunneling to Non-Proxy | Use HTTP CONNECT to an endpoint that is not an approved proxy. Example: curl -v -x https://nonproxy.example:443 https://target.example. | Pass: Denied; only designated proxies are valid CONNECT targets. Audit: action: deny, reason: destNotProxy, proxyEnforced: true |
| NET-EGRESS-13 | Runtime Proxy Ignorance | Direct socket connection bypassing proxy settings. Execute a binary/script that ignores system proxy env vars and opens a direct TCP socket. | Pass: Blocked by firewall/namespace. Audit: action: deny, protocol: tcp |
Evidence Requirements
- Audit category:
network - Golden fields:
category,action,rule.id,integrity.hash - Required fields for these tests:
protocol,destination,reason,proxyEnforced - Conditional fields (when applicable):
alpn,sni,ipVersion,proxyRef
