It is possible, kinda. Metasploit can route its traffic through a meterpreter session but there is currently no way to route traffic from outside tools. On my todo list is a socks proxy extension for meterpreter which should make that easier for applications that support tunneling through socks (web browsers are the best example here). The main downside of a socks proxy is that nmap doesn't work with it by default.
egypt On Fri, Nov 7, 2008 at 12:33 AM, max moser <[EMAIL PROTECTED]> wrote: > Just to bring up a new twist here. Why not using meterpreter and do > traffic re-routing. > > HD this should be possible right? > > max > > On Nov 7, 2008, at 4:19 AM, H D Moore wrote: > >> On Thursday 06 November 2008, Bryan Richardson wrote: >>> I'm wanting to write a Meterpreter script that can sniff traffic from >>> an exploited Windows host. I *think* there is some built-in pcap >>> functionality already in the Metasploit framework... is this correct? >>> If so, can it be used in a script that can be ran from Meterpreter? >> >> The Pcap stuff in Metasploit only works on the attacker's machine, it >> doesnt extend through any of the payloads. The easiest way to >> accomplish >> your goal is to write a Win32 sniffer as a Meterpreter extension and >> implement a command protocol for start, stopping, and gathering data >> from >> this extension. Alternatively, just write a meterpreter script that >> uploads an existing sniffer, execute it "channelized", and parse the >> output to find what you are looking for. >> >>> Also, before I do this... does there happen to be a payload that >>> already exists that can do this for me (or even one that does an nmap >>> scan)? I took a little time to examine all the payloads that already >>> exist, but none really jumped out at me as being able to do this sort >>> of thing. >> >> None of the existing payloads can do this. >> >> -HD >> >> _______________________________________________ >> Framework-Hackers mailing list >> Framework-Hackers@spool.metasploit.com >> http://spool.metasploit.com/mailman/listinfo/framework-hackers > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers > _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
