-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dns resolution for socks proxies #19683
base: master
Are you sure you want to change the base?
Update dns resolution for socks proxies #19683
Conversation
bb3d05c
to
2c78d21
Compare
lib/msf/core/opt_proxies.rb
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will extract out to a separate PR; I noticed it's possible to assign invalid values to the proxies datastore option. This should tighten things up, but the UX still isn't great IMO
lib/msf/core/rhosts_walker.rb
Outdated
# @return [Boolean] True if DNS resolution should be performed the RHOST values, false otherwise | ||
def perform_dns_resolution?(datastore) | ||
# If a socks proxy has been configured, don't perform DNS resolution - so that it instead happens via the proxy | ||
!(datastore['PROXIES'].to_s.include?(Rex::Socket::Proxies::ProxyType::SOCKS4) || datastore['PROXIES'].to_s.include?(Rex::Socket::Proxies::ProxyType::SOCKS5)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's probably time we differentiate between SOCKS4 and SOCKS4A since 4 doesn't support hostnames while 4A and 5 do and that's what we're doing here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do HTTP and socks5; and we can circle back to implementing socks4a if that comes up (as we explicitly resolve locally in rex-socket with the current implementation), similarly with the SAPNI support
a7c53a7
to
0a41f51
Compare
0a41f51
to
452a386
Compare
Improves #19641
Requires rapid7/rex-socket#69
Update dns resolution for socks proxies. Now local DNS resolution will be skipped on the host machine and deferred to any configured socks proxies, i.e. with
setg proxies socks5:127.0.0.1:1080
Verification
Ensure CI passes