Home page logo

metasploit logo Metasploit mailing list archives

Re: reverse_https still does not work through proxies
From: HD Moore <hdm () metasploit com>
Date: Tue, 15 Jun 2010 09:41:31 -0400

On 6/15/2010 3:42 AM, Wolfgang wrote:
I quote hdm: "While the initial stage supports SSL, DNS, proxies, and
authentication, the second stage does not support the last two features


Is there an ETA for this? This would be really awesome.

We have two options for this - either create a HTTP transport stager
that exposes a raw pipe to the Meterpreter payload, or build proxy
support directly into the Meterpreter itself (along with awareness of
its connected endpoint). Neither one is particularly elegant right now
and I am still looking into alternatives. No ETA - the first-stage
payload seems to have additional bugs that need to be addressed; it
looks like something goes wrong when the payloads run in certain service
contexts on a few operating systems. The primary goal of this payload is
to make sure all traffic between you and the target is encrypted, from
the first packet out, the proxy support is secondary, but definitely useful.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]