Results 1 to 6 of 6

Thread: Websense filter and SVN UPDATE problems on vmWare Natting

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    7

    Default

    Hi all. This is my first post.

    I've searched on the forum and read the following thread
    "If you are using vmware or any other virtualization software please read this:" (I'm still not allowed to post URLs to other sites after I have made 15 posts or more)

    and I hope he's referencing to wireless interfaces.

    I've installed bt4 on vmware using NAT and dhcp client.
    I'd like to exec a SVN UPDATE from msfconsole, but even if I have an internal proxy to bypass my company's WEBSENSE filter while using Mozilla, when I execute the "SVN UPDATE" command it blocks my request.

    Inside bt4 I need to configure a default gw different from my company default's one, but I'm using NAT and dhcp so it should not be possible (I've read also the man pages of "interfaces").
    How can I solve my "SVN UPDATE" problem ?

    I was thinking:
    1) Set a static IP, but perhaps it could be not possible (for company policy)
    2) Execute a "SVN UPDATE" manually, but I don't know how ? And if tomorrow I need to update another tool "websense filtered", I need to manually update again it !?!?
    3) Using NAT, dhcp and configure also a default gw. Is it possible on vmware ?

    Thanks for your time,
    M

    I've updated the same installation at home (but using Parallel Desktop).
    It could be possible to "simply" copy all updated datas under /pentest/exploits/frameworks from my home installation to my company one !??!

    M

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by marcopb View Post
    Hi all. This is my first post.

    I've searched on the forum and read the following thread
    "If you are using vmware or any other virtualization software please read this:" (I'm still not allowed to post URLs to other sites after I have made 15 posts or more)

    and I hope he's referencing to wireless interfaces.

    I've installed bt4 on vmware using NAT and dhcp client.
    I'd like to exec a SVN UPDATE from msfconsole, but even if I have an internal proxy to bypass my company's WEBSENSE filter while using Mozilla, when I execute the "SVN UPDATE" command it blocks my request.

    Inside bt4 I need to configure a default gw different from my company default's one, but I'm using NAT and dhcp so it should not be possible (I've read also the man pages of "interfaces").
    How can I solve my "SVN UPDATE" problem ?

    I was thinking:
    1) Set a static IP, but perhaps it could be not possible (for company policy)
    2) Execute a "SVN UPDATE" manually, but I don't know how ? And if tomorrow I need to update another tool "websense filtered", I need to manually update again it !?!?
    3) Using NAT, dhcp and configure also a default gw. Is it possible on vmware ?

    Thanks for your time,
    M
    If properly configured, NAT should enable your BT VM to communicate on your corporate network with all of the same access that your VM host system has (for outgoing TCP based connections at least). I know this because I have done it at work myself. The problem you are probably running into is that there is a firewall blocking the subversion (svn) traffic from getting out to the Internet. You need to therefore configure subversion to use a proxy.

    First of all confirm that you can browse the Internet in Firefox via the Websense proxy from BT (this will confirm that basic networking plus NAT is configured correctly and that you can access the proxy), then use this or this as a guide to configure subversion to use your proxy. Its possible that the websense proxy wont allow subversion traffic to be proxied (because of enabled http filtering policies), but its worth a try.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    7

    Default

    I'm able to set the proxy on Mozilla and surf on metasploit.com, differently websense blocked. The proxy I can use (as IT staff) is another machine different than websense probe.
    I can confirm websense is blocking svn traffic!

    According to your suggested links and to /root/.subversion/README.txt file
    I set up /etc/subversion/servers and also /root/.subversion/servers adding
    the following lines:
    http-proxy-host = ip_if_my_proxy
    http-proxy-port = 3128

    I can also successfully execute: telnet ip_if_my_proxy 3128 from BT.

    But currently if I run again SVN UPDATE.. it's still "blocked".
    What am I missing ?

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by marcopb View Post
    I'm able to set the proxy on Mozilla and surf on metasploit.com, differently websense blocked. The proxy I can use (as IT staff) is another machine different than websense probe.
    I can confirm websense is blocking svn traffic!

    According to your suggested links and to /root/.subversion/README.txt file
    I set up /etc/subversion/servers and also /root/.subversion/servers adding
    the following lines:
    http-proxy-host = ip_if_my_proxy
    http-proxy-port = 3128

    I can also successfully execute: telnet ip_if_my_proxy 3128 from BT.

    But currently if I run again SVN UPDATE.. it's still "blocked".
    What am I missing ?
    Have you confirmed that the svn traffic is actually going to the proxy you specified? Have you run a packet trace and sen the packets going to the proxy? Have you seen any proxy error messages being returned in your trace? What about the proxy access or error logs? Do they indicate that the svn traffic is reaching the proxy, and whether the proxy is then blocking that traffic?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    7

    Default

    Yes I've tcpdumped my requests, but they don't go throught the proxy I've set up. I've already added the following line: extension_methods REPORT MERGE MKACTIVITY CHECKOUT to my proxy, but I confirm I'm still not able to point to and use it.

    As workaround (even if I'd like to solve my problem at work), is it possible to "simply" copy an already updated /pentest/exploits/framework3/ directory from my virtual installation I have at home to this one I have at work ?


    Thanks,
    M

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by marcopb View Post
    As workaround (even if I'd like to solve my problem at work), is it possible to "simply" copy an already updated /pentest/exploits/framework3/ directory from my virtual installation I have at home to this one I have at work ?
    Yes that should work.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •