SSH Proxy to Browse Internal Web Servers

This post demonstrates utilizing an SSH tunnel to proxy web traffic through another machine. In a previous post, I walked through scanning through SSH to discover other systems. If a web server is discovered, you must be able to browse whatever is being served.


To do this create an SSH tunnel from your attacking machine to the proxy/pivot machine (x.x.x.144).

ssh username@ -D 9000 -N -f 

Next, configure your browser to use the tunnel as a local SOCKS proxy (Firefox example):



With this in place, I will be able to browse the web server on from my attack machine.

Leave a Reply

Your email address will not be published. Required fields are marked *