Set up a request bin for CTFs from anywhere w/tailscale

~/ 29 Jul 2024

The problem

You’re in the middle of a CTF and you need a webserver. Maybe you want to transfer files or you want to test XSS or SSRF and need to capture requests.

If you’re on hack the box it’s as easy as python3 -m http.server and you’re good to go. But if you’re not on the same local network as the target, it’s a less obvious solution.

The solution

tailscale

In a word, tailscale is a mesh vpn. It connects your devices with your other devices as if on a local network no matter where they are in the world.

Other than connecting your devices together tailscale can also serve any of your local services over the internet with tailscale funnel.

1
tailscale funnel [flags] <target>

Let’s get back to spinning up our web server. First, install tailscale on your attacking machine. It’s free for personal use with no limits on devices or bandwitdh.

Second, start your webserver how you normally would:

1
python3 -m http.server 8000

Now for the complicated part, run:

1
2
3
4
5
finnersio@finnersio> sudo tailscale funnel 8000
Available on the internet:

https://finnersio.finnersio-net.ts.net/
|-- proxy http://127.0.0.1:8000

tailscale will now funnel traffic from the internet to your local service running on port 8000 at the provided url. It also runs in the foreground, so anytime you want to stop the funnel send a ctrl+c to your terminal.