Blog | G5 Cyber Security

Metasploit: Proxy Bypass

G5 Cyber Security

TL;DR

This guide shows you how to bypass a proxy server when using Metasploit Framework. We’ll cover setting up SOCKS proxies and using the proxychains tool for more complex scenarios.

Setting Up a SOCKS Proxy in Metasploit

  1. Identify your proxy details: You’ll need the proxy server address (e.g., 127.0.0.1) and port number (e.g., 9050). Also, note the proxy type (SOCKS4 or SOCKS5).
  2. Configure Metasploit: Use the set command within a module to set the proxy settings. 
    msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set PROXY socks4 127.0.0.1:9050
  3. Verify the proxy: Check if Metasploit is using the configured proxy. 
    msf6 exploit(multi/handler) > show options | grep PROXY
  4. Run your exploit: Launch the exploit. All connections will now go through the specified SOCKS proxy.

Using Proxychains with Metasploit

Proxychains allows you to route all TCP connections from any application (including Metasploit) through a chain of proxies.

  1. Install Proxychains: Install proxychains on your Linux system. The command varies depending on your distribution.
    • Debian/Ubuntu: 
      sudo apt-get install proxychains
    • CentOS/RHEL: 
      sudo yum install proxychains
    • Arch Linux: 
      sudo pacman -S proxychains
  2. Configure Proxychains: Edit the /etc/proxychains.conf file.
    • Open the file with a text editor (e.g., 
      sudo nano /etc/proxychains.conf

      ).

    • Comment out or delete any existing proxy entries.
    • Add your SOCKS proxy details at the end of the file, one proxy per line. 
      socks4  127.0.0.1 9050
  3. Run Metasploit through Proxychains: Prefix your Metasploit command with 
    proxychains

    .

    proxychains msfconsole
  4. Verify the proxy: Within the Metasploit console, check if connections are being routed through the proxy. You may see output from Proxychains indicating which proxy is being used for each connection.

Troubleshooting

Exit mobile version