Http proxy protection is a commonly used protection method that will mask a hosts location through the use of intermediary servers. The application Websploit has a very powerful tool that will help a penetration tester resolve an Http proxy protected website into host locations. This is the Cloudflare resolver. While this tool is seemingly specific to Cloudflare protection, I have successfully used it on other types of proxy protection as well, including HAProxy and others.To install Websploit: either use sudo apt-get install websploit if you're a Kali user OR sudo git clone load Websploit MITM Framework:Kali users can simply type in websploit at the command line to load the framework. Users of other distros will likely have to cd into the Websploit directory and type ./websploit to load the framework.Performing a Resolution:wsf>use web/cloudflare_resolverwsf>set target <target>wsf>runExpected output: (run on[-------------------------][+] Default IP Address :[-------------------------][+] :[-] : N/A[+] :[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[+] :[+] :[-] : N/A[-] : N/A[-] : N/A[+] :[+] :[+] :[+] :[+] :[+] :[+] :[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[-] : N/A[+] :[-] : N/A[-] : N/AAs you can see this potent tool provides a plethora of information, including basic DNS and mail server enumeration and more!

Start learning with Cybrary

Create a free account

Related Posts

All Blogs