Using Websploit to Resolve Http Proxy Protected Websites

January 10, 2017 | Views: 4236

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Http proxy protection is a commonly used protection method that will mask a hosts location through the use of intermediary servers. The application Websploit has a very powerful tool that will help a penetration tester resolve an Http proxy protected website into host locations. This is the Cloudflare resolver. While this tool is seemingly specific to Cloudflare protection, I have successfully used it on other types of proxy protection as well, including HAProxy and others.

To install Websploit: either use sudo apt-get install websploit if you’re a Kali user OR sudo git clone https://github.com/websploit/websploit.git

To load Websploit MITM Framework:
Kali users can simply type in websploit at the command line to load the framework. Users of other distros will likely have to cd into the Websploit directory and type ./websploit to load the framework.

Performing a Resolution:
wsf>use web/cloudflare_resolver
wsf>set target <target>
wsf>run

Expected output: (run on google.com)

[-------------------------]

[+] Default IP Address : 172.217.6.110

[-------------------------]

[+] mail.google.com : 172.217.6.101

[-] webmail.google.com : N/A

[+] email.google.com : 172.217.6.110

[-] direct-connect-mail.google.com : N/A
[-] direct.google.com : N/A
[-] direct-connect.google.com : N/A
[-] cpanel.google.com : N/A
[-] ftp.google.com : N/A
[-] forum.google.com : N/A

[+] blog.google.com : 172.217.6.105
[+] m.google.com : 172.217.6.107

[-] dev.google.com : N/A
[-] record.google.com : N/A
[-] ssl.google.com : N/A

[+] dns.google.com : 172.217.6.110
[+] help.google.com : 172.217.6.110
[+] ns.google.com : 216.239.32.10
[+] ns1.google.com : 216.239.32.10
[+] ns2.google.com : 216.239.34.10
[+] ns3.google.com : 216.239.36.10
[+] ns4.google.com : 216.239.38.10

[-] irc.google.com : N/A
[-] server.google.com : N/A
[-] status.google.com : N/A
[-] status.google.com : N/A
[-] portal.google.com : N/A
[-] beta.google.com : N/A

[+] admin.google.com : 172.217.6.110

[-] imap.google.com : N/A
[-] smtp.google.com : N/A

As you can see this potent tool provides a plethora of information, including basic DNS and mail server enumeration and more!

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. Very Nice Information.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel