SSH Proxy to Browse Internal Web Servers

This post demonstrates utilizing an SSH tunnel to proxy web traffic through another machine. In a previous post, I walked through scanning through SSH to discover other systems. If a web server is discovered, you must be able to browse whatever is being served.

ssh_web_1

To do this create an SSH tunnel from your attacking machine to the proxy/pivot machine (x.x.x.144).

ssh username@192.168.217.144 -D 9000 -N -f 

Next, configure your browser to use the tunnel as a local SOCKS proxy (Firefox example):

ssh_web_browser_1

ssh_web_browser_2

With this in place, I will be able to browse the web server on 192.168.217.132 from my attack machine.

Leave a Reply

Your email address will not be published. Required fields are marked *