Add SOCKS5H Proxy Support

[zeroSteiner]

This adds support for the SOCKS5H proxy convention which is an unofficial standard whereby the proxy client (Metasploit) does not resolve hostnames to IP address itself but rather sends the hostname to the proxy server for resolution. Metasploit has floundered on it's approach for handling DNS resolution and proxies in the past. Currently when a module is run, the hostname is passed to Msf::RhostsWalker which will resolve it itself to ensure that if a hostname maps to multiple IP address, the module is run for each. This PR retains this functionality but allows it to be bypassed when a SOCKS5H or HTTP proxy is in use. Both of these proxy server types can resolve hostnames themselves. This does mean that if a user is targeting a hostname that resolves to multiple IP addresses (e.g. google.com) that it the module will only run against one target if a DNS-resolving proxy is in use. If no proxy is in use, the module will run against all targets.

Requires changes from rapid7/rex-socket#76

Fixes #19641

Verification

• Start a SOCKS5 proxy server for testing: podman run --rm --name socks5 -p 1080:1080 serjs/go-socks5-proxy
• Start wireshark to verify resolution is happening for Metasploit or from the proxy server (use the filter: socks.command == 1 to see connection requests, then see if there's an IP address or hostname)
• Start msfconsole
• Test the connect command
  • Banner grab from GitHub's SSH service: connect -p 'socks5://localhost' github.com 22
  • Repeat the process but use SOCKS5H so the proxy server handles hostname resolution: connect -p 'socks5h://localhost' github.com 22
• Test a module, a simple example is auxiliary/scanner/http/http_version
  • Run the module with a SOCKS5 proxy: run RHOSTS=github.com Proxies=socks5://localhost
  • Repeat the process using SOCKS5H to see the change: run RHOSTS=github.com Proxies=socks5h://localhost:1080

[zeroSteiner]

I'm working through the test failures right now.

[dledda-r7]

msf6 payload(cmd/windows/http/x64/meterpreter/reverse_tcp) > dns resolve github.com

Host resolutions
================

   Hostname    IP Address    Rule #  Rule  Resolver  Comm channel
   --------    ----------    ------  ----  --------  ------------
   github.com  140.82.121.3  1       *     8.8.8.8

msf6 payload(cmd/windows/http/x64/meterpreter/reverse_tcp) > connect -p socks5h://127.0.0.1:1080 github.com 22
[*] Connected to github.com:22 (via: 127.0.0.1:35901)
SSH-2.0-4c545346

msf6 payload(cmd/windows/http/x64/meterpreter/reverse_tcp) > connect -p socks5://127.0.0.1:1080 github.com 22
[*] Connected to github.com:22 (via: 127.0.0.1:37975)
SSH-2.0-4c545346

msf6 payload(cmd/windows/http/x64/meterpreter/reverse_tcp) >

msf6 auxiliary(scanner/http/title) > run Proxies=socks5://127.0.0.1:1080 RHOSTS=github.com
####################
# Request:
####################
GET / HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86


####################
# Response:
####################
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://github.com/


[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/title) > run Proxies=socks5h://127.0.0.1:1080 RHOSTS=github.com
####################
# Request:
####################
GET / HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86


####################
# Response:
####################
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://github.com/


[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

[zeroSteiner]

I've dropped that temprary commit that was added for testing and bumped the rex-socket payload gem to the proper version. This should be ready to test and land now.

[dledda-r7]

Retested after changes, looks good!

[dledda-r7]

Release Notes

This adds support for the SOCKS5H protocol, allowing DNS resolution through a SOCKS5 proxy.