Metasploit: Proxy Bypass

TL;DR

This guide shows you how to bypass a proxy server when using Metasploit Framework. We’ll cover setting up SOCKS proxies and using the proxychains tool for more complex scenarios.

Setting Up a SOCKS Proxy in Metasploit

1. Identify your proxy details: You’ll need the proxy server address (e.g., 127.0.0.1) and port number (e.g., 9050). Also, note the proxy type (SOCKS4 or SOCKS5).
2. Configure Metasploit: Use the set command within a module to set the proxy settings.

   msf6 > use exploit/multi/handler
   msf6 exploit(multi/handler) > set PROXY socks4 127.0.0.1:9050
   

3. Verify the proxy: Check if Metasploit is using the configured proxy.

   msf6 exploit(multi/handler) > show options | grep PROXY
   

4. Run your exploit: Launch the exploit. All connections will now go through the specified SOCKS proxy.

Using Proxychains with Metasploit

Proxychains allows you to route all TCP connections from any application (including Metasploit) through a chain of proxies.

1. Install Proxychains: Install proxychains on your Linux system. The command varies depending on your distribution.
   • Debian/Ubuntu:

     sudo apt-get install proxychains

   • CentOS/RHEL:

     sudo yum install proxychains

   • Arch Linux:

     sudo pacman -S proxychains

2. Configure Proxychains: Edit the /etc/proxychains.conf file.
   • Open the file with a text editor (e.g.,

     sudo nano /etc/proxychains.conf

     ).

   • Comment out or delete any existing proxy entries.
   • Add your SOCKS proxy details at the end of the file, one proxy per line.

     socks4  127.0.0.1 9050

3. Run Metasploit through Proxychains: Prefix your Metasploit command with

   proxychains

   .

   proxychains msfconsole

4. Verify the proxy: Within the Metasploit console, check if connections are being routed through the proxy. You may see output from Proxychains indicating which proxy is being used for each connection.

Troubleshooting

• Proxy authentication: If your proxy requires a username and password, you’ll need to configure it in either Metasploit (if supported by the module) or within the /etc/proxychains.conf file using the format

  socks4 user pass 127.0.0.1 9050

  .

• Connection errors: Check your proxy server’s status and ensure it is reachable from your machine. Also, verify that the proxy type (SOCKS4 or SOCKS5) is correct.
• Firewall rules: Ensure that your firewall allows outbound connections to the proxy server on the specified port.