Hackish SSH Chaining

Step 1

SSH to the kali box

ssh root@kali

Now we create a weird tunnel thing

ssh -L 8001:localhost:8002 sean@10.11.1.251 -t ssh -D 8002 jambo@10.1.1.1

Now in Burp Suite in Kali give the following for SOCKS proxy.

`Socks Proxy Host` 127.0.0.1
`Socks Proxy Port` 8001

Note: You can also use socat in TCP forwarder mode and forward the local 8001 port to other interfaces so that you can proxy directly using your host computer. on Kali, once the tunnel to 10.1.1.1 is created, run in another terminal window:

socat TCP-LISTEN:8008,fork TCP:127.0.0.1:8001

Obviously you can give any values for the ports but for now this is working for me.

Using this in the Kali browser I managed to browsed to http://10.3.3.34.

References

Akash Mahajan avatar
About Akash Mahajan
That Web Application Security Guy long time ago. Co-Founder @AppseccoUK | Community Manager @null0x00 | Author - Burp Suite Essentials, Security Automation with Ansible2. Writing about application security, being part of communities like null, OWASP and other technically inclined topics. Sometimes about my company and books