Metasploit mailing list archives
HTTP Tunneling
From: hdm at metasploit.com (H D Moore)
Date: Sat, 28 Jun 2008 22:41:44 -0500
The HTTP Tunneling shellcode makes use of the Internet Explorer configuration, authenticated proxies and all, if the code runs under a user account with those settings. There are two major drawbacks to using these payloads though: 1. The payloads only work if IE6 is being used and are incompatible with IE 7. 2. If the exploited process is a system service, more than likely it wont pick up the user's settings. I haven't tested this, but it seems likely. -HD On Saturday 28 June 2008, Ty Miller wrote:
I assume that the HTTP Tunneling Shellcode within Metaploit doesn't work with authenticated proxies.
Current thread:
- HTTP Tunneling Ty Miller (Jun 28)
- HTTP Tunneling H D Moore (Jun 28)
- HTTP Tunneling Ty Miller (Jun 28)
- HTTP Tunneling H D Moore (Jun 28)
- HTTP Tunneling Ty Miller (Jun 28)
- HTTP Tunneling H D Moore (Jun 28)
- HTTP Tunneling Ty Miller (Jun 28)
- HTTP Tunneling Ty Miller (Jun 28)
- HTTP Tunneling H D Moore (Jun 28)