Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP Proxy - class, mixin, and module #8648

Open
wants to merge 7 commits into
base: master
from

Conversation

Projects
None yet
5 participants
@sempervictus
Copy link
Contributor

commented Jul 4, 2017

Add HTTP Proxy class to Rex::Proto::Http
Add Msf::Exploit::Remote::Http::Proxy mixin
Add auxiliary HTTP proxy server

The Rex proxy is capable of keeping sessions alive, rewriting headers
from proxy requests, and exposes callbacks for higher level
operations on request and response data, with the client available
for redirect or other activities. This proxy can function as a
transparent, standard HTTP, or direct-connected (routing all
traffic to a specific host:port) forwarder. Encoding is restricted
to Rex supported types.

Request and response callbacks allow for any action to be taken
during the proxying process and will gracefully return from the
proxy's callbacks if the client is no longer connected.

The mixin provides convenience methods for managing the service
and mixing into modules.

The http_proxy module provides options for performing MITM on
requests and/or responses, with an option to MITM headers as well
as the request body. Substitutions can be entered as semi-colon
separated strings to deal with varying requests during runtime.
Additionally, the proxy can be used to log successful page hits
to the DB, providing crawler, and other web-oriented modules
with targets which are not discovered by our native mechanisms.

Everything runs on Rex, so proxies can be started on pivoted hosts
facing into a compromised network and connecting anywhere on the
switchboard. The same instance will handle directed requests
as well as MITM victims.

Testing:
start the module, configure your browser to use the proxy on your
machine, browse pages. Configure HTTP::proxy::MITM options and
rexploit. Configure HTTP::proxy::report true and run arachni
or your favorite crawler through the proxy to build up a target
list.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use auxiliary/server/http_proxy
  • exploit
  • Verify that curl -x localhost:8080 google.com -v -L works
  • Verify that setting substitutions work as described in the module info
  • Verify that applications using chunked encoding and asynchronous semantics work

@jmartin-r7 jmartin-r7 force-pushed the sempervictus:feature-upstream_http_proxy branch from cab1d8a to 8532dc0 Oct 10, 2017

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Dec 29, 2017

This has warnings from tidy in the CI, and seems to have failed package updates on the OS in some runs. Are warnings enough to stop the build, or are these separate failures?

@RootUp

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

That's awesome, thanks @sempervictus

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 29, 2018

Thanks, I'm waiting on an r7 sponsor for this code, which is funny, because it's arguably more useful for the commercial product as it builds wmap sites on the fly :).

@busterb

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

Not sure why this needs someone from R7 to approve it, but it looks alright to me.

https://github.com/orgs/rapid7/teams/framework-public-committers/members

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 29, 2018

@busterb

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

You absolutely did, and it worked. I just updated the wiki docs to encourage more people to poke me about things!

@busterb

This comment has been minimized.

Copy link
Contributor

commented Jan 29, 2018

Looks like you have some msftidy failures:

modules/auxiliary/server/http_proxy.rb - [WARNING] Explicitly using self.class in register_* is not necessary
modules/auxiliary/server/http_proxy.rb:99 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: if res.headers['set-cookie'] 
modules/auxiliary/server/http_proxy.rb:100 - [WARNING] Do not read Set-Cookie header directly, use res.get_cookies instead: info[:cookie] = res.headers['set-cookie'] 
Show resolved Hide resolved lib/rex/proto/http/proxy.rb Outdated
Show resolved Hide resolved lib/rex/proto/http/proxy.rb Outdated
@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 29, 2018

Thanks all for diving this! I'll get the changes requested in place ASAP.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2018

There's an extra ':' after the port in verbose output - intentional?

[+] 
Client's (172.16.191.244:47803:) original response:
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Feb 2018 08:13:07 GMT
Server: Apache
Location: https://whatweb.net/
Vary: Accept-Encoding
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://whatweb.net/">here</a>.</p>
</body></html>
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2018

It seems to have a problem with non-standard ports.

curl -isk --proxy http://172.16.191.244:8080/ http://whatweb.net:1234/

The output shows it dropped the non-standard port 1234 from the request :

[+] 
Client 172.16.191.244:47811 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 65.181.113.51
Accept: */*
SSL: false
Connection: Keep-Alive
Vhost: whatweb.net
Content-Length: 0


[+] 
Client's (172.16.191.244:47811:) original response:
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Feb 2018 08:16:15 GMT
Server: Apache
Location: https://whatweb.net/
Vary: Accept-Encoding
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://whatweb.net/">here</a>.</p>
</body></html>

The same is true for more likely non-standard ports, such as 8080 and 81.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2018

curl -x localhost:8080 google.com -v -L - works as intended :

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET HTTP://google.com HTTP/1.1
> User-Agent: curl/7.26.0
> Host: google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Location: http://www.google.com.au/?gfe_rd=cr&dcr=0&ei=s89yWoXnEanu8weoiJrYCA
< Content-Length: 272
< Date: Thu, 01 Feb 2018 08:28:35 GMT
< Connection: Keep-Alive
< 
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://www.google.com.au/?gfe_rd=cr&dcr=0&ei=s89yWoXnEanu8weoiJrYCA'
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET http://www.google.com.au/?gfe_rd=cr&dcr=0&ei=s89yWoXnEanu8weoiJrYCA HTTP/1.1
> User-Agent: curl/7.26.0
> Host: www.google.com.au
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Thu, 01 Feb 2018 08:28:35 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< Server: gws
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: 1P_JAR=2018-02-01-08; expires=Sat, 03-Mar-2018 08:28:35 GMT; path=/; domain=.google.com.au, NID=122=JZN8wWdPUDisMDaa4wvmTOJld_VaTfj9FOA6oTOkg8ITiStF2DwBZPHiZ46YoWie1vJ8Fc1g8TLUHVbNCwHYDJdr5mnWlRnHikHdOHLJzi8aH1EMYwf5kGK_vWoh65kE; expires=Fri, 03-Aug-2018 08:28:35 GMT; path=/; domain=.google.com.au; HttpOnly
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Connection: Keep-Alive

<... truncated for brevity ...>
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2018

It doesn't like 401 response with a WWW-Authenticate header for some reason. No response is printed to the console with verbose on, and no response is returned to the HTTP client.

$ cat /var/www/401.php 
<?php
  header('HTTP/1.0 401 Unauthorized');
  header('WWW-Authenticate: Basic realm=fail');
  header('Connection: close');
  exit;
?>

cURL via proxy:

$ curl -x localhost:8080 http://127.0.0.1/401.php -v -L
* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET http://127.0.0.1/401.php HTTP/1.1
> User-Agent: curl/7.26.0
> Host: 127.0.0.1
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* additional stuff not fine transfer.c:1037: 0 0
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0

cURL with no proxy:

$ curl http://127.0.0.1/401.php -v -L
* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /401.php HTTP/1.1
> User-Agent: curl/7.26.0
> Host: 127.0.0.1
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 401 Unauthorized
< Date: Thu, 01 Feb 2018 08:46:01 GMT
< Server: Apache/2.2.22 (Debian)
< X-Powered-By: PHP/5.4.4-14+deb7u8
< WWW-Authenticate: Basic realm=fail
< Connection: close
< Vary: Accept-Encoding
< Content-Length: 0
< Content-Type: text/html
< 
* Closing connection #0

Removing the WWW-Authenticate header works as expected.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Feb 1, 2018

It appears to do well with concurrency:

ab -n 1000 -c 5 -X 127.0.0.1:8080 http://127.0.0.1/asdf
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 [through 127.0.0.1:8080] (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.22
Server Hostname:        127.0.0.1
Server Port:            80

Document Path:          /asdf
Document Length:        277 bytes

Concurrency Level:      5
Time taken for tests:   3.314 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Non-2xx responses:      1000
Total transferred:      480000 bytes
HTML transferred:       277000 bytes
Requests per second:    301.73 [#/sec] (mean)
Time per request:       16.571 [ms] (mean)
Time per request:       3.314 [ms] (mean, across all concurrent requests)
Transfer rate:          141.44 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.2      0       4
Processing:     8   17  25.2     12     265
Waiting:        4   16  25.2     12     265
Total:          9   17  25.2     12     265

Percentage of the requests served within a certain time (ms)
  50%     12
  66%     14
  75%     15
  80%     15
  90%     17
  95%     36
  98%     41
  99%    257
 100%    265 (longest request)

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Feb 14, 2018

@bcoles: nice benchmark! I never expected it to actually work that fast, cool. Shows that the Rex stack is more than just flexible i guess. Wonder what the other native service stuff looks like compared to actual "production" tooling.
The ports thing is not supposed to happen, i screwed something up when i upstreamed this PR, will find and fix.
I have not run into the www-authenticate header issue, but i'll try to repro and see if that's an implementation problem or a porting mistake.
The added ':' is not supposed to be there either, wonder if its related to the port problem.

This is the last serious addition still on the board, you guys are outpacing me, gotta get on my game and add more oddities to mess with upstream folks...

@sempervictus sempervictus force-pushed the sempervictus:feature-upstream_http_proxy branch 2 times, most recently from 0a7c393 to 524739f Aug 30, 2018

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Aug 30, 2018

Port matching works, simple mistake in the regex. Some whitespace cleanup added, updated for the change in RHOST/RHOSTS.
@bcoles: could you peek at this again?

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Aug 30, 2018

The CI complaints about header access seem to want significant code change or dissonance between adjacent blocks. @bcoles @bcook-r7: any thoughts on an elegant and efficient way to make CI happy? Any more breakage on your end of testing?

Show resolved Hide resolved lib/rex/proto/http/proxy.rb Outdated
Show resolved Hide resolved lib/rex/proto/http/proxy.rb Outdated
# Processes data coming in from a client.
#
def on_client_data(cli)
begin

This comment has been minimized.

Copy link
@bcoles

bcoles Aug 31, 2018

Contributor

Using the rescue-from-method technique would be cleaner than wrapping the entire method in a begin/rescue block.

This comment has been minimized.

Copy link
@sempervictus

sempervictus Oct 29, 2018

Author Contributor

This is the pattern we see in the Rex IO stuff. For the time being, i'd like to vote for consistency. Can revisit the entire slew of affected by this paradigm down the line if we want.

info[:mtime] = res.headers['last-modified']
end

report_web_page(info) unless res.code == 404

This comment has been minimized.

Copy link
@bcoles

bcoles Aug 31, 2018

Contributor

Presumably this method log_response returns nil if res.code == 404.

In which case, you could return if res.code == 404 before # Build page report information, from crawler.rb earlier in the method, as the info hash is never used, and thus there's no point parsing it.

Also, log_response appears to only be called here:

    if datastore['HTTP::proxy::report'] and ([200,401,403] + (500..599).to_a).include?(res.code)
      log_response(cli,res)
    end

So the method shouldn't ever execute if res.code == 404. This seems like an oversight? Do we not want to log the response for other status codes?

This comment has been minimized.

Copy link
@sempervictus

sempervictus Oct 29, 2018

Author Contributor

The aux module is a sample of functionality - designed to raise these questions and entice the user to write their own. Semi-structured subject matter in the protocol, so the hope is to entice users to create proxies for specific functions or extend this one (and the underlying Rex code)

new_subs = []
subs.split(';').each do |substitutions|
new_subs << substitutions.split(',', 2).map do |sub|
if !sub.scan(/\/.*\//).empty?

This comment has been minimized.

Copy link
@bcoles

bcoles Aug 31, 2018

Contributor

Prefer positive logic for first conditional in conditional statements containing an else.

Also, the regex might be easier to read as: %r{/.*/}

Also, the match should probably be more strict, matching start and end of string, like \A/.*/\z, or at least match start/end of line.

Show resolved Hide resolved lib/rex/proto/http/proxy.rb Outdated
target = request.uri[/\/([\w\d\.:]+)/, 1]

host,port = target.split(':')
targ_uri = request.uri[/\/[\w\d\.]+(\/.*)/,1]

This comment has been minimized.

Copy link
@bcoles

This comment has been minimized.

Copy link
@sempervictus

sempervictus Oct 29, 2018

Author Contributor

This actually requires some brainpower (and its late)... will address upon availability or viable suggested alternative.

def initialize(listen_port = 80, listen_host = '0.0.0.0', ssl = false, context = {},
comm = nil, ssl_cert = nil, proxies = nil, rewrite_proxy_headers = true,
connect_host = nil, connect_port = nil
)

This comment has been minimized.

Copy link
@bcoles

bcoles Aug 31, 2018

Contributor

There's something to be said for keyword arguments. Too bad they're Ruby 2.4+ only.

Using an options hash would be more future proof if this method was updated to use keyword arguments in the future.

This comment has been minimized.

Copy link
@sempervictus

sempervictus Oct 29, 2018

Author Contributor

Agreed, though i think this falls into the category of "better revisited once tested a bit better."

Show resolved Hide resolved lib/msf/core/exploit/http/proxy.rb Outdated
end

# Rewrite referer for HTTP request as needed
def set_referer(cli,request)

This comment has been minimized.

Copy link
@bcoles

bcoles Aug 31, 2018

Contributor

Does this method work as intended? I ask, because I read it thrice and I'm still unsure.

This comment has been minimized.

Copy link
@sempervictus

sempervictus Oct 29, 2018

Author Contributor

I think so, i remember this being a particularly painful aspect of the PR. Again, needs more brainpower than currently on tap.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Aug 31, 2018

I appear to be having issues that I wasn't having before the recent commits. I'm willing to admit user-error.

Tests with cURL to http and https URLs shown below.

msf5 auxiliary(server/http_proxy) > set verbose true
verbose => true
msf5 auxiliary(server/http_proxy) > set HTTP::proxy::report true
HTTP::proxy::report => true
msf5 auxiliary(server/http_proxy) > options

Module options (auxiliary/server/http_proxy):

   Name                         Current Setting  Required  Description
   ----                         ---------------  --------  -----------
   HTTP::proxy::MITM::headers   false            no        MITM headers with substitutions
   HTTP::proxy::MITM::request   false            no        MITM requests with substitutions
   HTTP::proxy::MITM::response  false            no        MITM responses with substitutions
   HTTP::proxy::report          true             no        Report sites and pages
   Proxies                                       no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST                                         no        Set this to direct all traffic to a specific host
   RPORT                                         no        Set this in conjunction with RHOST to direct all traffic to specific port
   SRVHOST                      0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT                      8080             yes       The local port to listen on.
   SSL                          false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                                       no        Path to a custom SSL certificate (default is randomly generated)
   SUBSTITUTIONS                                 no        Response subs in gsub format - original,sub;original,sub. Regex supported.
   URIPATH                      /                yes       The base URI at which the proxy will begin to forward requests
   VHOST                        *                yes       HTTP virtual host for proxy requests


Auxiliary action:

   Name       Description
   ----       -----------
   WebServer  


msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 3.

[*] Using URL: http://0.0.0.0:8080/
[*]  Local IP: http://172.16.191.191:8080/
[*] Server started.
msf5 auxiliary(server/http_proxy) > lsof -i :8080
[*] exec: lsof -i :8080

COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
ruby    45017 root   11u  IPv4 2634213      0t0  TCP *:http-alt (LISTEN)
msf5 auxiliary(server/http_proxy) > curl --proxy http://localhost:8080 http://example.com/ -v -L
[*] exec: curl --proxy http://localhost:8080 http://example.com/ -v -L

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET http://example.com/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* additional stuff not fine transfer.c:1037: 0 0
* Empty reply from server
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0
msf5 auxiliary(server/http_proxy) > curl --proxy http://localhost:8080 https://example.com/ -v -L
[*] exec: curl --proxy http://localhost:8080 https://example.com/ -v -L

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to example.com:443
> CONNECT example.com:443 HTTP/1.1
> Host: example.com:443
> User-Agent: curl/7.26.0
> Proxy-Connection: Keep-Alive
> 
* Easy mode waiting response from proxy CONNECT

[+] 
Client 127.0.0.1:36690 requested:
CONNECT example.com:443 HTTP/1.1
Host: example.com:443
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted
msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080/ http://example.com/ -v -L
[*] exec: curl --proxy http://127.0.0.1:8080/ http://example.com/ -v -L

* About to connect() to proxy 127.0.0.1 port 8080 (#0)
*   Trying 127.0.0.1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET http://example.com/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Empty reply from server
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
* Closing connection #0
msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080/ https://example.com/ -v -L
[*] exec: curl --proxy http://127.0.0.1:8080/ https://example.com/ -v -L

* About to connect() to proxy 127.0.0.1 port 8080 (#0)
*   Trying 127.0.0.1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to example.com:443
> CONNECT example.com:443 HTTP/1.1
> Host: example.com:443
> User-Agent: curl/7.26.0
> Proxy-Connection: Keep-Alive
> 
* Easy mode waiting response from proxy CONNECT

[+] 
Client 127.0.0.1:36699 requested:
CONNECT example.com:443 HTTP/1.1
Host: example.com:443
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted

@sempervictus sempervictus force-pushed the sempervictus:feature-upstream_http_proxy branch from 86438b5 to 5b92be2 Oct 29, 2018

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Oct 29, 2018

I will diff this against what's in the fork this week and run functional tests. Used my/older version successfully last week, so if i broke this one, hopefully i can fix it in short order.

RageLtMan added some commits May 15, 2013

RageLtMan
HTTP Proxy - class, mixin, and module
Add HTTP Proxy class to Rex::Proto::Http
Add Msf::Exploit::Remote::Http::Proxy mixin
Add auxiliary HTTP proxy server

The Rex proxy is capable of keeping sessions alive, rewriting headers
from proxy requests, and exposes callbacks for higher level
operations on request and response data, with the client available
for redirect or other activities. This proxy can function as a
transparent, standard HTTP, or direct-connected (routing all
traffic to a specific host:port) forwarder. Encoding is restricted
to Rex supported types.

Request and response callbacks allow for any action to be taken
during the proxying process and will gracefully return from the
proxy's callbacks if the client is no longer connected.

The mixin provides convenience methods for managing the service
and mixing into modules.

The http_proxy module provides options for performing MITM on
requests and/or responses, with an option to MITM headers as well
as the request body. Substitutions can be entered as semi-colon
separated strings to deal with varying requests during runtime.
Additionally, the proxy can be used to log successful page hits
to the DB, providing crawler, and other web-oriented modules
with targets which are not discovered by our native mechanisms.

Everything runs on Rex, so proxies can be started on pivoted hosts
facing into a compromised network and connecting anywhere on the
switchboard. The same instance will handle directed requests
as well as MITM victims.

Testing:
start the module, configure your browser to use the proxy on your
machine, browse pages. Configure HTTP::proxy::MITM options and
rexploit. Configure HTTP::proxy::report true and run arachni
or your favorite crawler through the proxy to build up a target
list.
RageLtMan
HTTP Proxy - Remove self.class form registration
CI is also complaining about direct access to cookies via headers.
Altering a single assignment block to meet this random check would
make for some inconsistent code...
RageLtMan
Travis complaint: access to headers['set-cookie']
Assuming that res.get_cookies is analagous, quick scan of the
method indicates it generates a similar string to the original
content in the headers.

@sempervictus sempervictus force-pushed the sempervictus:feature-upstream_http_proxy branch from b3e21b2 to c1871bc Jan 15, 2019

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 15, 2019

@bcoles: this still seems to be working for me:

[+] [2019.01.15-03:36:54] 
Client 127.0.0.1:49938 requested:
GET / HTTP/1.1
Host: 172.217.10.110
User-Agent: curl/7.63.0
Accept: */*
SSL: false
Connection: Keep-Alive
Vhost: google.com
Content-Length: 0


[+] [2019.01.15-03:36:54] 
Client's (127.0.0.1:49938:) original response:
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 15 Jan 2019 08:36:54 GMT
Expires: Thu, 14 Feb 2019 08:36:54 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

[+] [2019.01.15-03:37:01] 
Client 127.0.0.1:49948 requested:
GET / HTTP/1.1
Host: 147.75.40.2
User-Agent: curl/7.63.0
Accept: */*
SSL: false
Connection: Keep-Alive
Vhost: icanhazip.com
Content-Length: 0


[+] [2019.01.15-03:37:01] 
Client's (127.0.0.1:49948:) original response:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 15 Jan 2019 08:37:01 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 14
Connection: close
X-SECURITY: This site DOES NOT distribute malware. Get the facts. https://goo.gl/1FhVpg
X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq and do not abuse the service.
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET

...

To repro this, i kicked off a meterp session on a 2k8r2 host, then started the proxy on the MSF host, then added a route to 0.0.0.0 via the meterp session, and icahazip.com returned the outside IP of the target instance.
Could you please take another look when you get a chance? I'm worried this might be one of those nasty missing commits in the PR situation where i'm running a line or two different from upstream where it matters.

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2019

root@kali:/pentest/exploit/metasploit-framework# wget 'https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/lib/msf/core/exploit/http/proxy.rb'
--2019-01-15 04:00:09--  https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/lib/msf/core/exploit/http/proxy.rb
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.64.133, 151.101.128.133, 151.101.192.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.64.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4118 (4.0K) [text/plain]
Saving to: `proxy.rb'

100%[======================================================================>] 4,118       --.-K/s   in 0s      

2019-01-15 04:00:10 (19.6 MB/s) - `proxy.rb' saved [4118/4118]

root@kali:/pentest/exploit/metasploit-framework# mv proxy.rb lib/msf/core/exploit/http/proxy.rb
root@kali:/pentest/exploit/metasploit-framework# wget https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/lib/rex/proto/http/proxy.rb
--2019-01-15 04:00:30--  https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/lib/rex/proto/http/proxy.rb
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.192.133, 151.101.0.133, 151.101.64.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12770 (12K) [text/plain]
Saving to: `proxy.rb'

100%[======================================================================>] 12,770      --.-K/s   in 0s      

2019-01-15 04:00:31 (27.4 MB/s) - `proxy.rb' saved [12770/12770]

root@kali:/pentest/exploit/metasploit-framework# mv proxy.rb lib/rex/proto/http/proxy.rb
root@kali:/pentest/exploit/metasploit-framework# wget https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/modules/auxiliary/server/http_proxy.rb
--2019-01-15 04:00:47--  https://raw.githubusercontent.com/rapid7/metasploit-framework/c1871bc138047767dda206fe18b656537f830895/modules/auxiliary/server/http_proxy.rb
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.128.133, 151.101.192.133, 151.101.0.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.128.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4725 (4.6K) [text/plain]
Saving to: `http_proxy.rb'

100%[======================================================================>] 4,725       --.-K/s   in 0s      

2019-01-15 04:00:48 (13.1 MB/s) - `http_proxy.rb' saved [4725/4725]

root@kali:/pentest/exploit/metasploit-framework# mv http_proxy.rb modules/auxiliary/server/http_proxy.rb
root@kali:/pentest/exploit/metasploit-framework# ./msfconsole 
[-] ***rtinG the Metasploit Framework console...\
[-] * WARNING: No database support: No database YAML file
[-] ***
                                                  
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%.,-:;//;:=,%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%.%:H@@@MM@M#H/.,+%;,%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%,/X+%+M@@M@MM%=,-%HMMM@X/,%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%-+@MM;%$M@@MH+-,;XMMMM@MMMM@+-%%%%%%%%%%%%%%]
[%%%%%%%%%%%%;@M@@M-%XM@X;.%-+XXXXXHHH@M@M#@/.%%%%%%%%%%%%]
[%%%%%%%%%%,%MM@@MH%,@%=%%%%%%%%%%%%%.---=-=:=,.%%%%%%%%%%]
[%%%%%%%%%%=@#@@@MX.,%%%%%%%%%%%%%%%%-%HX$$%%%:;%%%%%%%%%%]
[%%%%%%%%%=-./@M@M$%%%%%%%%%%%%%%%%%%%.;@MMMM@MM:%%%%%%%%%]
[%%%%%%%%%X@/%-$MM/%%%%%%%%%%%%%%%%%%%%.%+MM@@@M$%%%%%%%%%]
[%%%%%%%%,@M@H:%:@:%%%%%%%%%%%%%%%%%%%%.%=X#@@@@-%%%%%%%%%]
[%%%%%%%%,@@@MMX,%.%%%%%%%%%%%%%%%%%%%%/H-%;@M@M=%%%%%%%%%]
[%%%%%%%%.H@@@@M@+,%%%%%%%%%%%%%%%%%%%%%MM+..%#$.%%%%%%%%%]
[%%%%%%%%%/MMMM@MMH/.%%%%%%%%%%%%%%%%%%XM@MH;%=;%%%%%%%%%%]
[%%%%%%%%%%/%+%$XHH@$=%%%%%%%%%%%%%%,%.H@@@@MX,%%%%%%%%%%%]
[%%%%%%%%%%%.=--------.%%%%%%%%%%%-%H.,@@@@@MX,%%%%%%%%%%%]
[%%%%%%%%%%%.%MM@@@HHHXX$$$%+-%.:$MMX%=M@@MM%.%%%%%%%%%%%%]
[%%%%%%%%%%%%%=XMMM@MM@MM#H;,-+HMM@M+%/MMMX=%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%=%@M@M#@$-.=$@MM@@@M;%%M%=%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%,:+$+-,/H#MMMMMMM@=%=,%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%=++%%%%+/:-.%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]


       =[ metasploit v5.0.1-dev-d8515ba                   ]
+ -- --=[ 1868 exploits - 1051 auxiliary - 322 post       ]
+ -- --=[ 541 payloads - 44 encoders - 10 nops            ]
+ -- --=[ 2 evasion                                       ]
+ -- --=[ ** This is Metasploit 5 development branch **   ]

msf5 > root@kali:/pentest/exploit/metasploit-framework# 
root@kali:/pentest/exploit/metasploit-framework# cat m
#!/bin/sh
./msfconsole -x "use exploit/multi/handler ; set payload linux/x64/meterpreter/reverse_tcp ; set lhost 172.16.191.188 ; set lport 1337 ; set exitonsession false ; run -jz; set payload cmd/unix/reverse_netcat; set lport 1338; run -jz"

root@kali:/pentest/exploit/metasploit-framework# ./msfconsole -x "use exploit/multi/handler ; set payload linux/x64/meterpreter/reverse_tcp ; set lhost 172.16.191.188 ; set lport 1337 ; set exitonsession false ; run -jz; set payload cmd/unix/reverse_netcat; set lport 1338; run -jz"
[-] ***rtIng the Metasploit Framework console.../
[-] * WARNING: No database support: No database YAML file
[-] ***
                                                  

                            _ood>H&H&Z?#M#b-\.
                        .\HMMMMMR?`\M6b."`' ''``v.
                     .. .MMMMMMMMMMHMMM#&.      ``~o.
                   .   ,HMMMMMMMMMM`' '           ?MP?.
                  . |MMMMMMMMMMM'                 `"$b&\
                 -  |MMMMHH##M'                     HMMH?
                -   TTM|     >..                   \HMMMMH
               :     |MM\,#-""$~b\.                `MMMMMM+
              .       ``"H&#        -               &MMMMMM|
              :            *\v,#MHddc.              `9MMMMMb
              .               MMMMMMMM##\             `"":HM
              -          .  .HMMMMMMMMMMRo_.              |M
              :             |MMMMMMMMMMMMMMMM#\           :M
              -              `HMMMMMMMMMMMMMM'            |T
              :               `*HMMMMMMMMMMM'             H'
               :                MMMMMMMMMMM|             |T
                ;               MMMMMMMM?'              ./
                 `              MMMMMMH'               ./'
                  -            |MMMH#'                 .
                   `           `MM*                . `
                     _          #M: .    .       .-'
                        .          .,         .-'
                           '-.-~ooHH__,,v~--`'

    __  __           __      __  __            ____  __                 __ 
   / / / /___ ______/ /__   / /_/ /_  ___     / __ \/ /___ _____  ___  / /_
  / /_/ / __ `/ ___/ //_/  / __/ __ \/ _ \   / /_/ / / __ `/ __ \/ _ \/ __/
 / __  / /_/ / /__/ ,<    / /_/ / / /  __/  / ____/ / /_/ / / / /  __/ /_  
/_/ /_/\__,_/\___/_/|_|   \__/_/ /_/\___/  /_/   /_/\__,_/_/ /_/\___/\__/  


       =[ metasploit v5.0.1-dev-d8515ba                   ]
+ -- --=[ 1868 exploits - 1051 auxiliary - 322 post       ]
+ -- --=[ 541 payloads - 44 encoders - 10 nops            ]
+ -- --=[ 2 evasion                                       ]
+ -- --=[ ** This is Metasploit 5 development branch **   ]

payload => linux/x64/meterpreter/reverse_tcp
lhost => 172.16.191.188
lport => 1337
exitonsession => false
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
payload => cmd/unix/reverse_netcat
lport => 1338
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.191.188:1337 
[*] Started reverse TCP handler on 172.16.191.188:1338 
msf5 exploit(multi/handler) > [*] Sending stage (861348 bytes) to 172.16.191.156
[*] Meterpreter session 1 opened (172.16.191.188:1337 -> 172.16.191.156:59679) at 2019-01-15 04:01:36 -0500

msf5 exploit(multi/handler) > use auxiliary/server/http_proxy 
msf5 auxiliary(server/http_proxy) > options

Module options (auxiliary/server/http_proxy):

   Name                         Current Setting  Required  Description
   ----                         ---------------  --------  -----------
   HTTP::proxy::MITM::headers   false            no        MITM headers with substitutions
   HTTP::proxy::MITM::request   false            no        MITM requests with substitutions
   HTTP::proxy::MITM::response  false            no        MITM responses with substitutions
   HTTP::proxy::report          false            no        Report sites and pages
   Proxies                                       no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST                                         no        Set this to direct all traffic to a specific host
   RPORT                                         no        Set this in conjunction with RHOST to direct all traffic to specific port
   SRVHOST                      0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT                      8080             yes       The local port to listen on.
   SSL                          false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                                       no        Path to a custom SSL certificate (default is randomly generated)
   SUBSTITUTIONS                                 no        Response subs in gsub format - original,sub;original,sub. Regex supported.
   URIPATH                      /                yes       The base URI at which the proxy will begin to forward requests
   VHOST                        *                yes       HTTP virtual host for proxy requests


Auxiliary action:

   Name       Description
   ----       -----------
   WebServer  


msf5 auxiliary(server/http_proxy) > set HTTP::proxy::report true
HTTP::proxy::report => true
msf5 auxiliary(server/http_proxy) > set verbose true
verbose => true
msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 2.

[*] Using URL: http://0.0.0.0:8080/
[*]  Local IP: http://172.16.191.188:8080/
[*] Server started.
msf5 auxiliary(server/http_proxy) > lsof -i :8080
[*] exec: lsof -i :8080

COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
ruby    37658 root   15u  IPv4 2056744      0t0  TCP *:http-alt (LISTEN)
msf5 auxiliary(server/http_proxy) > curl --proxy http://localhost:8080 http://example.com/ -v -L
[*] exec: curl --proxy http://localhost:8080 http://example.com/ -v -L

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET http://example.com/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* additional stuff not fine transfer.c:1037: 0 0
* Empty reply from server
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0
msf5 auxiliary(server/http_proxy) > curl --proxy http://localhost:8080 https://example.com/ -v -L
[*] exec: curl --proxy http://localhost:8080 https://example.com/ -v -L

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to example.com:443

[+] 
Client 127.0.0.1:55931 requested:
CONNECT example.com:443 HTTP/1.1
Host: example.com:443
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


> CONNECT example.com:443 HTTP/1.1
> Host: example.com:443
> User-Agent: curl/7.26.0
> Proxy-Connection: Keep-Alive
> 
* Easy mode waiting response from proxy CONNECT
* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted
msf5 auxiliary(server/http_proxy) > curl --proxy http://localhost:8080 http://example.com/ -v -L
[*] exec: curl --proxy http://localhost:8080 http://example.com/ -v -L

* About to connect() to proxy localhost port 8080 (#0)
*   Trying ::1...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET http://example.com/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Empty reply from server
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0
msf5 auxiliary(server/http_proxy) > curl --proxy http://172.16.191.188:8080/ http://example.com/ -v -L
[*] exec: curl --proxy http://172.16.191.188:8080/ http://example.com/ -v -L

* About to connect() to proxy 172.16.191.188 port 8080 (#0)
*   Trying 172.16.191.188...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connected
* Connected to 172.16.191.188 (172.16.191.188) port 8080 (#0)
> GET http://example.com/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: example.com
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Empty reply from server
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host 172.16.191.188 left intact
curl: (52) Empty reply from server
* Closing connection #0
msf5 auxiliary(server/http_proxy) > 
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2019

Verbatim console output provided above. I wgeted the files from this PR, straight into master. I haven't looked at this in a while - willing to admit I've overlooked required steps to test / get this functionality working.

Ruby 2.3.0 (same version I tested on previously)

@sempervictus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 15, 2019

@bcoles: thanks, seeing the SSL issue now:

[+] [2019.01.15-04:15:34] 
Client 127.0.0.1:52460 requested:
GET / HTTP/1.1
Host: 93.184.216.34
User-Agent: curl/7.63.0
Accept: */*
SSL: false
Connection: Keep-Alive
Vhost: example.com
Content-Length: 0


[+] [2019.01.15-04:15:34] 
Client's (127.0.0.1:52460:) original response:
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Tue, 15 Jan 2019 09:15:34 GMT
Etag: "1541025663"
Expires: Tue, 22 Jan 2019 09:15:34 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (bsa/EB18)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1270

<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
        
    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 50px;
        background-color: #fff;
        border-radius: 1em;
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        body {
            background-color: #fff;
        }
        div {
            width: auto;
            margin: 0 auto;
            border-radius: 0;
            padding: 1em;
        }
    }
    </style>    
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is established to be used for illustrative examples in documents. You may use this
    domain in examples without prior coordination or asking for permission.</p>
    <p><a href="http://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>

[+] [2019.01.15-04:16:10] 
Client 127.0.0.1:52504 requested:
CONNECT example.com:443 HTTP/1.1
Host: example.com:443
User-Agent: curl/7.63.0
Proxy-Connection: Keep-Alive
Content-Length: 0

That last request should have been SSL: true but instead shows a CONNECT attempt which appears to go nowhere.
Thanks, i'll track on this finding in the next round, may well be related to the port-fix attempt from a few rounds ago. Will bug you again shortly :)

@bcoles

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2019

I managed to get some verbose output:

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080/ https://example.com/ 
[*] exec: curl --proxy http://127.0.0.1:8080/ https://example.com/ 

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
[+] 
Client 127.0.0.1:55943 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 127.0.0.1:8080
Accept: */*
Content-Length: 0


  0     0    0     0    0     0      0      0 --:--:--  0:00:13 --:--:--     0^CInterrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > curl -isk --proxy http://127.0.0.1:8080/ https://example.com/ 
[*] exec: curl -isk --proxy http://127.0.0.1:8080/ https://example.com/ 


[+] 
Client 127.0.0.1:55946 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 127.0.0.1:8080
Accept: */*
Content-Length: 0


[+] 
Client 127.0.0.1:40604 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 127.0.0.1:8080
Accept: */*
Content-Length: 0


^CInterrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > curl -isk --proxy https://127.0.0.1:8080/ https://example.com/ 
[*] exec: curl -isk --proxy https://127.0.0.1:8080/ https://example.com/ 


[+] 
Client 127.0.0.1:60197 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 127.0.0.1:8080
Accept: */*
Content-Length: 0


[+] 
Client 127.0.0.1:55950 requested:
CONNECT example.com:443 HTTP/1.1
Host: example.com:443
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


[+] 
Client 127.0.0.1:45092 requested:
GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: 127.0.0.1:8080
Accept: */*
Content-Length: 0


^Cmsf5 auxiliary(server/http_proxy) > 

I managed to create even more of a mess, when I set SSL true then sent a request using --proxy http://127.0.0.1:8080 instead of https://

msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 4.
msf5 auxiliary(server/http_proxy) > 
[-] Auxiliary failed: TypeError no implicit conversion of nil into String
[-] Call stack:
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `each'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `initialize'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `new'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `parse_openssl'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/cert_provider.rb:60:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:94:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:108:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:122:in `makessl'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl_tcp_server.rb:47:in `initsock'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:207:in `create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:33:in `create'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket.rb:49:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:39:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:29:in `create'
[-]   /pentest/exploit/metasploit-framework/lib/rex/proto/http/proxy.rb:129:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:81:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:25:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/http/proxy.rb:71:in `start_service'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/socket_server.rb:40:in `exploit'
[-]   /pentest/exploit/metasploit-framework/modules/auxiliary/server/http_proxy.rb:65:in `run'
Interrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > jobs -K
Stopping all jobs...
msf5 auxiliary(server/http_proxy) > jobs -KInterrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 5.

[-] Auxiliary failed: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080).
[-] Call stack:
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:187:in `rescue in create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:174:in `create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:33:in `create'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket.rb:49:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:39:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:29:in `create'
[-]   /pentest/exploit/metasploit-framework/lib/rex/proto/http/proxy.rb:129:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:81:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:25:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/http/proxy.rb:71:in `start_service'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/socket_server.rb:40:in `exploit'
[-]   /pentest/exploit/metasploit-framework/modules/auxiliary/server/http_proxy.rb:65:in `run'
msf5 auxiliary(server/http_proxy) > jobs -K
Stopping all jobs...
msf5 auxiliary(server/http_proxy) > ryun
^CInterrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 6.

[-] Auxiliary failed: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080).
[-] Call stack:
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:187:in `rescue in create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:174:in `create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:33:in `create'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket.rb:49:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:39:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:29:in `create'
[-]   /pentest/exploit/metasploit-framework/lib/rex/proto/http/proxy.rb:129:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:81:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:25:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/http/proxy.rb:71:in `start_service'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/socket_server.rb:40:in `exploit'
[-]   /pentest/exploit/metasploit-framework/modules/auxiliary/server/http_proxy.rb:65:in `run'
msf5 auxiliary(server/http_proxy) > jobs

Jobs
====

No active jobs.

msf5 auxiliary(server/http_proxy) > lsof -i :8080
[*] exec: lsof -i :8080

COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
ruby    39556 root   10u  IPv4 2080591      0t0  TCP *:http-alt (LISTEN)
msf5 auxiliary(server/http_proxy) > 
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2019

The SSL on this dev box is pretty old, which may or may not be contributing.

root@kali:/pentest/exploit/metasploit-framework# ./msfconsole -x "use exploit/multi/handler ; set payload linux/x64/meterpreter/reverse_tcp ; set lhost 172.16.191.188 ; set lport 1337 ; set exitonsession false ; run -jz; set payload cmd/unix/reverse_netcat; set lport 1338; run -jz"
[-] ***rtIng the Metasploit Framework console.../
[-] * WARNING: No database support: No database YAML file
[-] ***
                                                  
                        .,-:;//;:=,
                    . :H@@@MM@M#H/.,+%;,
                 ,/X+ +M@@M@MM%=,-%HMMM@X/,
               -+@MM; $M@@MH+-,;XMMMM@MMMM@+-
              ;@M@@M- XM@X;. -+XXXXXHHH@M@M#@/.
            ,%MM@@MH ,@%=             .---=-=:=,.
            =@#@@@MX.,                -%HX$$%%%:;
           =-./@M@M$                   .;@MMMM@MM:
           X@/ -$MM/                    . +MM@@@M$
          ,@M@H: :@:                    . =X#@@@@-
          ,@@@MMX, .                    /H- ;@M@M=
          .H@@@@M@+,                    %MM+..%#$.
           /MMMM@MMH/.                  XM@MH; =;
            /%+%$XHH@$=              , .H@@@@MX,
             .=--------.           -%H.,@@@@@MX,
             .%MM@@@HHHXX$$$%+- .:$MMX =M@@MM%.
               =XMMM@MM@MM#H;,-+HMM@M+ /MMMX=
                 =%@M@M#@$-.=$@MM@@@M; %M%=
                   ,:+$+-,/H#MMMMMMM@= =,
                         =++%%%%+/:-.


       =[ metasploit v5.0.1-dev-d8515ba                   ]
+ -- --=[ 1868 exploits - 1051 auxiliary - 322 post       ]
+ -- --=[ 541 payloads - 44 encoders - 10 nops            ]
+ -- --=[ 2 evasion                                       ]
+ -- --=[ ** This is Metasploit 5 development branch **   ]

payload => linux/x64/meterpreter/reverse_tcp
lhost => 172.16.191.188
lport => 1337
exitonsession => false
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
payload => cmd/unix/reverse_netcat
lport => 1338
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 172.16.191.188:1337 

[*] Started reverse TCP handler on 172.16.191.188:1338 
msf5 exploit(multi/handler) > use auxiliary/server/http_proxy 
msf5 auxiliary(server/http_proxy) > set verbose true
verbose => true
msf5 auxiliary(server/http_proxy) > set ssl true
ssl => true
msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 2.
msf5 auxiliary(server/http_proxy) > 
[-] Auxiliary failed: TypeError no implicit conversion of nil into String
[-] Call stack:
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `each'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `initialize'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `new'
[-]   /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/openssl/x509.rb:143:in `parse_openssl'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/cert_provider.rb:60:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:94:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:108:in `ssl_generate_certificate'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl.rb:122:in `makessl'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/ssl_tcp_server.rb:47:in `initsock'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:207:in `create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:33:in `create'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket.rb:49:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:39:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:29:in `create'
[-]   /pentest/exploit/metasploit-framework/lib/rex/proto/http/proxy.rb:129:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:81:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:25:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/http/proxy.rb:71:in `start_service'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/socket_server.rb:40:in `exploit'
[-]   /pentest/exploit/metasploit-framework/modules/auxiliary/server/http_proxy.rb:65:in `run'

msf5 auxiliary(server/http_proxy) > jobs

Jobs
====

  Id  Name                    Payload                            Payload opts
  --  ----                    -------                            ------------
  0   Exploit: multi/handler  linux/x64/meterpreter/reverse_tcp  tcp://172.16.191.188:1337
  1   Exploit: multi/handler  cmd/unix/reverse_netcat            tcp://172.16.191.188:1338

msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 3.

[-] Auxiliary failed: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080).
[-] Call stack:
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:187:in `rescue in create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:174:in `create_by_type'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/comm/local.rb:33:in `create'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket.rb:49:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:39:in `create_param'
[-]   /usr/local/rvm/gems/ruby-2.3.0/gems/rex-socket-0.1.15/lib/rex/socket/tcp_server.rb:29:in `create'
[-]   /pentest/exploit/metasploit-framework/lib/rex/proto/http/proxy.rb:129:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:81:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/rex/service_manager.rb:25:in `start'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/http/proxy.rb:71:in `start_service'
[-]   /pentest/exploit/metasploit-framework/lib/msf/core/exploit/socket_server.rb:40:in `exploit'
[-]   /pentest/exploit/metasploit-framework/modules/auxiliary/server/http_proxy.rb:65:in `run'
msf5 auxiliary(server/http_proxy) > 
@bcoles

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2019

Output with curl and -p

msf5 auxiliary(server/http_proxy) > set ssl
ssl => false
msf5 auxiliary(server/http_proxy) > jobs

Jobs
====

  Id  Name                          Payload  Payload opts
  --  ----                          -------  ------------
  3   Auxiliary: server/http_proxy           

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p


[+] 
Client 127.0.0.1:36178 requested:
CONNECT example.com:80 HTTP/1.1
Host: example.com:80
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


[+] 
Client's (127.0.0.1:36178:) original response:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 349
Connection: close
Date: Tue, 15 Jan 2019 09:51:39 GMT
Server: ECSF (oxr/836C)

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
		<title>400 - Bad Request</title>
	</head>
	<body>
		<h1>400 - Bad Request</h1>
	</body>
</html>

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 349
Connection: Keep-Alive
Date: Tue, 15 Jan 2019 09:51:39 GMT
Server: ECSF (oxr/836C)

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p


[+] 
Client 127.0.0.1:36180 requested:
CONNECT example.com:80 HTTP/1.1
Host: example.com:80
User-Agent: curl/7.26.0
Proxy-Connection: Keep-Alive
Content-Length: 0


[+] 
Client's (127.0.0.1:36180:) original response:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 349
Connection: close
Date: Tue, 15 Jan 2019 09:51:46 GMT
Server: ECSF (oxr/83CA)

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
		<title>400 - Bad Request</title>
	</head>
	<body>
		<h1>400 - Bad Request</h1>
	</body>
</html>

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 349
Connection: Keep-Alive
Date: Tue, 15 Jan 2019 09:51:46 GMT
Server: ECSF (oxr/83CA)

msf5 auxiliary(server/http_proxy) > jobs -K
Stopping all jobs...

[*] Server stopped.
[*] Server stopped.
msf5 auxiliary(server/http_proxy) > set ssl true
ssl => true
msf5 auxiliary(server/http_proxy) > run
[*] Auxiliary module running as background job 4.
msf5 auxiliary(server/http_proxy) > run
[*] Using URL: https://0.0.0.0:8080/
[*]  Local IP: https://172.16.191.188:8080/
[*] Server started.

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ -p

msf5 auxiliary(server/http_proxy) > Interrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > jobs

Jobs
====

  Id  Name                          Payload  Payload opts
  --  ----                          -------  ------------
  4   Auxiliary: server/http_proxy           

msf5 auxiliary(server/http_proxy) > curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 
[*] exec: curl --proxy http://127.0.0.1:8080 -isk http://example.com/ 

msf5 auxiliary(server/http_proxy) > curl --proxy https://127.0.0.1:8080 -isk http://example.com/ 
[*] exec: curl --proxy https://127.0.0.1:8080 -isk http://example.com/ 

msf5 auxiliary(server/http_proxy) > curl --proxy https://127.0.0.1:8080 -isk http://example.com/ -p
[*] exec: curl --proxy https://127.0.0.1:8080 -isk http://example.com/ -p

msf5 auxiliary(server/http_proxy) > aaaaaaaaaaaaaaaaaaaaaaaaa
^CInterrupt: use the 'exit' command to quit
msf5 auxiliary(server/http_proxy) > 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.