Metasploit mailing list archives
Client side attacks - reverse connection through HTTP proxy
From: naplanetu at gmail.com (Taras P. Ivashchenko)
Date: Tue, 23 Dec 2008 00:21:39 +0300
Hello, list! Is it possible to make some exploit in Metasploit (e.g. with metapreter payload) works through HTTP proxy to make reverse connection to some 'evil' server in the Internet? For example, we have social engineering scenario when we made in Metasploit some exploit (e.g. some PDF file) and sent link to this file on our web server to the target. But usually in companies there is a proxy server and all users are connecting through it. So how can we make that our exploit works fine if target is behind firewall and HTTP proxy? In Core Impact there is HTTP tunneling option and payload uses IE proxy settings for connect to server side. -- ????? ???????? (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081223/de5dedd2/attachment.pgp>
Current thread:
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy H D Moore (Dec 22)
- Client side attacks - reverse connection through HTTP proxy natron (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Ty Miller (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)