You’re in the middle of a CTF and you need a webserver. Maybe you want to transfer files or you want to test XSS or SSRF and need to capture requests.
If you’re on hack the box it’s as easy as python3 -m http.server
and you’re good to go. But if you’re not on the same local network as the target, it’s a less obvious solution.
tailscale
In a word, tailscale is a mesh vpn. It connects your devices with your other devices as if on a local network no matter where they are in the world.
Other than connecting your devices together tailscale can also serve any of your local services over the internet with tailscale funnel
.
1
tailscale funnel [flags] <target>
Let’s get back to spinning up our web server. First, install tailscale on your attacking machine. It’s free for personal use with no limits on devices or bandwitdh.
Second, start your webserver how you normally would:
1
python3 -m http.server 8000
Now for the complicated part, run:
1
2
3
4
5
finnersio@finnersio> sudo tailscale funnel 8000
Available on the internet:
https://finnersio.finnersio-net.ts.net/
|-- proxy http://127.0.0.1:8000
tailscale
will now funnel traffic from the internet to your local service running on port 8000 at the provided url. It also runs in the foreground, so anytime you want to stop the funnel send a ctrl+c
to your terminal.