An important aspect of using web proxies is enabling the interception of web requests made by command-line tools and thick client applications. This gives us transparency into the web requests made by these applications and allows us to utilize all of the different proxy features we have used with web applications.
To route all web requests made by a specific tool through our web proxy tools, we have to set them up as the tool’s proxy (i.e. http://127.0.0.1:8080), similarly to what we did with our browsers. Each tool may have a different method for setting its proxy, so we may have to investigate how to do so for each one.
Proxychains
One very useful tool in Linux is proxychains, which routes all traffic coming from any command-line tool to any proxy we specify. Proxychains adds a proxy to any command-line tool and is hence the simplest and easiest method to route web traffic of command-line tools through our web proxies.
To use proxychains, we first have to edit /etc/proxychains.conf, comment out the final line and add the following line at the end of it:
#socks4 127.0.0.1 9050
http 127.0.0.1 8080We should also enable Quiet Mode to reduce noise by un-commenting quiet_mode. Once that’s done, we can prepend proxychains to any command, and the traffic of that command should be routed through proxychains (i.e., our web proxy). For example, let’s try using cURL on one of our previous exercises:
Nmap
nmap -h | grep -i proxAs we can see, we can use the --proxies flag. We should also add the -Pn flag to skip host discovery (as recommended on the man page). Finally, we’ll also use the -sC flag to examine what an nmap script scan does:
nmap --proxies http://127.0.0.1:8080 SERVER_IP -pPORT -Pn -sCMetasploit
to set a proxy for any exploit within Metasploit, we can use the set PROXIES flag