Hackish SSH Chaining
SSH to the kali box
Now we create a weird tunnel thing
ssh -L 8001:localhost:8002 firstname.lastname@example.org -t ssh -D 8002 email@example.com
Burp Suite in Kali give the following for
`Socks Proxy Host` 127.0.0.1 `Socks Proxy Port` 8001
Note: You can also use socat in TCP forwarder mode and forward the local 8001 port to other interfaces so that you can proxy directly using your host computer. on Kali, once the tunnel to 10.1.1.1 is created, run in another terminal window:
socat TCP-LISTEN:8008,fork TCP:127.0.0.1:8001
Obviously you can give any values for the ports but for now this is working for me.
Using this in the Kali browser I managed to browsed to http://10.3.3.34.