Hello together,
I started experimenting with metasploit and the payloads of it on android. Currently I am wondering what are the differences between reversetcp and reversehttps. Is there any advantage of one of them over the other? I read that if you are using reversehttps you can use a name instead of an Ip-adress.
Thanks for your help :)
2 Responses
The reverse https payload is used when there are some firewalls restrictions or DPI. The reversehttpsmeterpreter payload is like a standard meterpreter payload, infact if you sniff with wireshark, it looks like normal HTTPS traffic. For this reasons, you can have encrypted traffic and you can bypass deep packet inspectors.
If I'm correct it doesn't matter if it's a reverseTCP or an reverseHTTP. Since both is coming from the victim computer back to the attacker. Which means the firewall think it's fine since the victim started the connection. The only different is probably that the HTTPS one go via the port 443, which as you said makes it looks like encrypted website requests and communication.
Share Your Thoughts