Reverse HTTP stagers do not handle ReverseHTTPProxyType SOCKS correctly

rapid7 / metasploit-framework

Metasploit Framework

https://www.metasploit.com/

Other

33.85k stars 13.92k forks source link

Reverse HTTP stagers do not handle ReverseHTTPProxyType SOCKS correctly #16503

Open sempervictus opened 2 years ago

sempervictus commented 2 years ago

Steps to reproduce

How'd you do it?

Configure a socks and HTTP proxy on the same intermediate system
Create a reverse http handler
Set ReverseHTTPProxyHost and ReverseHTTPProxyPort for the HTTP proxy of the intermediate host
Execute reverse session through the (default) HTTP proxy type - verify session
Updtate ReverseHTTPProxyPort to the SOCKS4 port on the intermediate system and set ReverseHTTPProxyType to SOCKS
Re-run the exploit - verify no session is created

github-actions[bot] commented 2 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 2 years ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

sempervictus commented 2 years ago

@zeroSteiner - could we please reopen this, AFAIK it is still an issue.