788c96566f
The HttpOpenRequest function from WinINet requires the INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an authenticated proxy. From MSDN ( http://tinyurl.com/chwt86j ): "Uses keep-alive semantics, if available, for the connection. This flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM), and other types of authentication." Without this flag, the HTTP stager will fail when faced with a proxy that requires authentication. The Windows HTTPS stager does not have this problem. For HTTP Meterpreter to communicate through an authenticated proxy a separate patch will need to be made to the Meterpreter source code. This is at line 1125 of source/common/core.c in the Meterpreter source code. My motivation for this request is for windows/dllinject/reverse_http to download a DLL even when faced with an authenticated proxy. These changes accomplish this. Test environment: I staged a SmoothWall device with the Advanced Proxy Web Add-on. I enabled Integrated Windows Authentication with a W2K3 DC. I verified the HTTP stager authenticated to and communicated through the proxy by watching the proxy access.log |
||
|---|---|---|
| .. | ||
| bsd | ||
| bsdi/ia32 | ||
| generic | ||
| linux | ||
| osx | ||
| solaris/sparc | ||
| windows | ||
| Makefile | ||
| Makefile.incl | ||