|Main Archive Page > Month Archives > metasploit-framework archives|
Yes, reverse_http(s) both use the WinInet API, and as such, use IE's
proxy configuration, including credentials.
On Fri, Aug 26, 2011 at 2:28 AM, Richard Miles
> Hey Patrick,
> Awesome, with the new reverse_http or reverse_https? Metasploit 4?
> On Thu, Aug 25, 2011 at 7:37 PM, Patrick Webster <email@example.com> wrote:
>> Hey Richard,
>> I cannot guarantee 100%, but re: point #1, I have successfully used
>> the stager to get around proxies with auth about 2 months ago.
>> On Fri, Aug 26, 2011 at 8:42 AM, Richard Miles
>> <firstname.lastname@example.org> wrote:
>>> I friend of mine was talking about some great improvements at
>>> Metasploit 4, I checked the blog and it talks very briefly about it,
>>> what more called my attention is that reverse_http and reverse_https
>>> was updated and meterpreter scripts / resources too.
>>> I have 3 questions...
>>> 1 - The new reverse_http and reverse_https now are as good as passiveX
>>> was? I mean, we can use it completely over http or https (even the
>>> stager) and the payload is smart enough to get proxy IP and port from
>>> browser and re-use the same credential (in case that proxy require