Ready to Start Your Career?

Using Websploit to Resolve Http Proxy Protected Websites

baphomet1488 's profile image

By: baphomet1488

January 10, 2017

proxy-signsHttp proxy protection is a commonly used protection method that will mask a hosts location through the use of intermediary servers. The application Websploit has a very powerful tool that will help a penetration tester resolve an Http proxy protected website into host locations. This is the Cloudflare resolver. While this tool is seemingly specific to Cloudflare protection, I have successfully used it on other types of proxy protection as well, including HAProxy and others.To install Websploit: either use sudo apt-get install websploit if you're a Kali user OR sudo git clone load Websploit MITM Framework:Kali users can simply type in websploit at the command line to load the framework. Users of other distros will likely have to cd into the Websploit directory and type ./websploit to load the framework.
Performing a Resolution:wsf>use web/cloudflare_resolverwsf>set target <target>wsf>run
Expected output: (run on
[-------------------------][+] Default IP Address :[-------------------------][+] :[-] : N/A[+] :[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[+] :[+] :[-] : N/A[-] : N/A[-] : N/A[+] :[+] :[+] :[+] :[+] :[+] :[+] :[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[+] :[-] : N/A[-] : N/A
As you can see this potent tool provides a plethora of information, including basic DNS and mail server enumeration and more! 
Schedule Demo