-
Notifications
You must be signed in to change notification settings - Fork 14.4k
Add SOCKS5H Proxy Support #20147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SOCKS5H Proxy Support #20147
Conversation
e5fe66b
to
5f3b870
Compare
I'm working through the test failures right now. |
940f928
to
ce697bc
Compare
|
efb4798
to
c028754
Compare
I've dropped that temprary commit that was added for testing and bumped the |
c028754
to
5ce3035
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Retested after changes, looks good!
Release NotesThis adds support for the SOCKS5H protocol, allowing DNS resolution through a SOCKS5 proxy. |
This adds support for the SOCKS5H proxy convention which is an unofficial standard whereby the proxy client (Metasploit) does not resolve hostnames to IP address itself but rather sends the hostname to the proxy server for resolution. Metasploit has floundered on it's approach for handling DNS resolution and proxies in the past. Currently when a module is run, the hostname is passed to
Msf::RhostsWalker
which will resolve it itself to ensure that if a hostname maps to multiple IP address, the module is run for each. This PR retains this functionality but allows it to be bypassed when a SOCKS5H or HTTP proxy is in use. Both of these proxy server types can resolve hostnames themselves. This does mean that if a user is targeting a hostname that resolves to multiple IP addresses (e.g.google.com
) that it the module will only run against one target if a DNS-resolving proxy is in use. If no proxy is in use, the module will run against all targets.Requires changes from rapid7/rex-socket#76
Fixes #19641
Verification
podman run --rm --name socks5 -p 1080:1080 serjs/go-socks5-proxy
socks.command == 1
to see connection requests, then see if there's an IP address or hostname)msfconsole
connect
commandconnect -p 'socks5://localhost' github.com 22
connect -p 'socks5h://localhost' github.com 22
auxiliary/scanner/http/http_version
run RHOSTS=github.com Proxies=socks5://localhost
run RHOSTS=github.com Proxies=socks5h://localhost:1080