rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.31k stars 14.02k forks source link

Reverse HTTP stagers do not handle ReverseHTTPProxyType SOCKS correctly #16503

Open sempervictus opened 2 years ago

sempervictus commented 2 years ago

Steps to reproduce

How'd you do it?

  1. Configure a socks and HTTP proxy on the same intermediate system
  2. Create a reverse http handler
  3. Set ReverseHTTPProxyHost and ReverseHTTPProxyPort for the HTTP proxy of the intermediate host
  4. Execute reverse session through the (default) HTTP proxy type - verify session
  5. Updtate ReverseHTTPProxyPort to the SOCKS4 port on the intermediate system and set ReverseHTTPProxyType to SOCKS
  6. Re-run the exploit - verify no session is created
github-actions[bot] commented 2 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 2 years ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

sempervictus commented 2 years ago

@zeroSteiner - could we please reopen this, AFAIK it is still an issue.