Hackish SSH Chaining
Posted on
Step 1
SSH to the kali box
ssh root@kali
Now we create a weird tunnel thing
ssh -L 8001:localhost:8002 sean@10.11.1.251 -t ssh -D 8002 jambo@10.1.1.1
Now in Burp Suite in Kali give the following for SOCKS proxy.
`Socks Proxy Host` 127.0.0.1
`Socks Proxy Port` 8001
Note: You can also use socat in TCP forwarder mode and forward the local 8001 port to other interfaces so that you can proxy directly using your host computer. on Kali, once the tunnel to 10.1.1.1 is created, run in another terminal window:
socat TCP-LISTEN:8008,fork TCP:127.0.0.1:8001
Obviously you can give any values for the ports but for now this is working for me.
Using this in the Kali browser I managed to browsed to http://10.3.3.34.