SOCKS Proxy Server - Metasploit
This page contains detailed information about how to use the auxiliary/server/socks_proxy metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: SOCKS Proxy Server
Module: auxiliary/server/socks_proxy
Source code: modules/auxiliary/server/socks_proxy.rb
Disclosure date: -
Last modification time: 2022-03-22 09:23:09 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module provides a SOCKS proxy server that uses the builtin Metasploit routing to relay connections.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/server/socks_proxy
msf auxiliary(socks_proxy) > show targets
... a list of targets ...
msf auxiliary(socks_proxy) > set TARGET target-id
msf auxiliary(socks_proxy) > show options
... show and set options ...
msf auxiliary(socks_proxy) > exploit
Knowledge Base
Verification Steps
- Start
msfconsole - Do:
use auxiliary/server/socks_proxy - Do:
run - Do:
curl --proxy socks5://localhost:1080 https://github.com - You should see the source for the GitHub homepage
Options
SRVHOST
The local IP address to bind the proxy server to. The default value of 0.0.0.0 will expose the proxy to everything on
the attacker's network.
SRVPORT
The local port to bind the proxy to. The default value is 1080, the standard port for a SOCKS proxy.
Scenarios
This module is great when pivoting across a network. Suppose we have two machines:
- Attacker's machine, on the
192.168.1.0/24subnet. - Victim machine with two network interfaces, one attached to the
192.168.1.0/24subnet and the other attached to the non-routable10.0.0.0/24subnet.
We'll begin by starting the SOCKS proxy:
msf6 auxiliary(server/socks_proxy) > show options
Module options (auxiliary/server/socks_proxy):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no Proxy password for SOCKS5 listener
SRVHOST 0.0.0.0 yes The address to listen on
SRVPORT 1080 yes The port to listen on
USERNAME no Proxy username for SOCKS5 listener
VERSION 5 yes The SOCKS version to use (Accepted: 4a, 5)
Auxiliary action:
Name Description
---- -----------
Proxy Run a SOCKS proxy server
msf6 auxiliary(server/socks_proxy) > run
[*] Auxiliary module execution completed
[*] Starting the SOCKS proxy server
msf6 auxiliary(socks_proxy) >
Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From
there, we can use the autoroute script to enable access to the non-routable subnet:
meterpreter > run autoroute -s 10.0.0.0/24
The autoroute module will enable our local SOCKS proxy to direct all traffic to the 10.0.0.0/24 subnet through our
Meterpreter session, causing it to emerge from the victim's machine and thus giving us access to the non-routable
subnet. We can now use curl to connect to a machine on the non-routable subnet via the SOCKS proxy:
curl --proxy socks5://localhost:1080 http://10.0.0.15:8080/robots.txt
We can take this a step further and use proxychains to enable other tools that don't have built-in support for proxies to access the non-routable subnet. The short-and-sweet guide to installing and configuring proxychains looks something like this:
# apt-get install proxychains
# cp /etc/proxychains.conf /etc/proxychains.conf.backup
# echo "socks5 127.0.0.1 8080" > /etc/proxychains.conf
From there, we can use our other tools by simply prefixing them with proxychains:
# proxychains curl http://10.0.0.15:8080/robots.txt
# proxychains nmap -sT -Pn -n -p 22 10.0.0.15
# proxychains firefox
Go back to menu.
Msfconsole Usage
Here is how the server/socks_proxy auxiliary module looks in the msfconsole:
msf6 > use auxiliary/server/socks_proxy
msf6 auxiliary(server/socks_proxy) > show info
Name: SOCKS Proxy Server
Module: auxiliary/server/socks_proxy
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
sf <[email protected]>
Spencer McIntyre
surefire
Available actions:
Name Description
---- -----------
Proxy Run a SOCKS proxy server
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no Proxy password for SOCKS5 listener
SRVHOST 0.0.0.0 yes The address to listen on
SRVPORT 1080 yes The port to listen on
USERNAME no Proxy username for SOCKS5 listener
VERSION 5 yes The SOCKS version to use (Accepted: 4a, 5)
Description:
This module provides a SOCKS proxy server that uses the builtin
Metasploit routing to relay connections.
Module Options
This is a complete list of options available in the server/socks_proxy auxiliary module:
msf6 auxiliary(server/socks_proxy) > show options
Module options (auxiliary/server/socks_proxy):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no Proxy password for SOCKS5 listener
SRVHOST 0.0.0.0 yes The address to listen on
SRVPORT 1080 yes The port to listen on
USERNAME no Proxy username for SOCKS5 listener
VERSION 5 yes The SOCKS version to use (Accepted: 4a, 5)
Auxiliary action:
Name Description
---- -----------
Proxy Run a SOCKS proxy server
Advanced Options
Here is a complete list of advanced options supported by the server/socks_proxy auxiliary module:
msf6 auxiliary(server/socks_proxy) > show advanced
Module advanced options (auxiliary/server/socks_proxy):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the server/socks_proxy module can do:
msf6 auxiliary(server/socks_proxy) > show actions
Auxiliary actions:
Name Description
---- -----------
Proxy Run a SOCKS proxy server
Evasion Options
Here is the full list of possible evasion options supported by the server/socks_proxy auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(server/socks_proxy) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Related Pull Requests
- #14806 Merged Pull Request: Rubocop recently landed modules continued
- #14734 Merged Pull Request: Rubocop recently landed modules
- #14696 Merged Pull Request: Zeitwerk rex folder
- #14173 Merged Pull Request: Unify the socks modules using a VERSION option
Go back to menu.
See Also
Check also the following modules related to this module:
- auxiliary/scanner/http/sockso_traversal
- auxiliary/server/socks_unc
- auxiliary/scanner/http/open_proxy
- auxiliary/scanner/wproxy/att_open_proxy
- auxiliary/server/jsse_skiptls_mitm_proxy
- auxiliary/server/openssl_altchainsforgery_mitm_proxy
- auxiliary/server/android_browsable_msf_launch
- auxiliary/server/android_mercury_parseuri
- auxiliary/server/browser_autopwn
- auxiliary/server/browser_autopwn2
- auxiliary/server/dhclient_bash_env
- auxiliary/server/dhcp
- auxiliary/server/fakedns
- auxiliary/server/ftp
- auxiliary/server/http_ntlmrelay
- auxiliary/server/icmp_exfil
- auxiliary/server/ldap
- auxiliary/server/local_hwbridge
- auxiliary/server/ms15_134_mcl_leak
- auxiliary/server/netbios_spoof_nat
- auxiliary/server/openssl_heartbeat_client_memory
- auxiliary/server/pxeexploit
- auxiliary/server/regsvr32_command_delivery_server
- auxiliary/server/teamviewer_uri_smb_redirect
- auxiliary/server/tftp
- auxiliary/server/webkit_xslt_dropper
- auxiliary/server/wget_symlink_file_write
- auxiliary/server/wpad
- exploit/linux/proxy/squid_ntlm_authenticate
- exploit/windows/proxy/bluecoat_winproxy_host
- exploit/windows/proxy/ccproxy_telnet_ping
- exploit/windows/proxy/proxypro_http_get
- exploit/windows/proxy/qbik_wingate_wwwproxy
Authors
- sf
- Spencer McIntyre
- surefire
Version
This page has been produced using Metasploit Framework version 6.2.23-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
