Detecting IOX, FRP, Rakshasa, and Stowaway Proxies Using Hunt.io

This report examines how adversaries leverage open-source proxy tools (IOX, FRP, Rakshasa) to obscure origin infrastructure and enable lateral movement, documents observable traits (static TLS certificate fields, JA4X fingerprint, HTTP body hashes, default config tokens), provides Hunt.io/HuntSQL queries and AttackCapture pivots to identify likely deployments, and cites multiple APT groups that have used these proxies in real intrusions.