satellite: web payload hosting service

satellite

satellite

Satellite is a web payload hosting service that filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances.

It was created to make offensive security professionals’ jobs easier by allowing them to write easy filtering rules for payload traffic.

As a general rule in security operations, a hacker only wants their phishing payload to reach the intended target. If a sandbox environment, incident responder, or coworker requests the payload, the hacker would like the request to be redirected somewhere else. It gives offensive security professionals the means to learn about the properties of the target’s environment and make rules to decide when the true payload should be returned.

Install

  1. Install satellite on Ubuntu using the .deb file

dpkg -i satellite_X.X.X_linux_amd64.tar.gz

  1. Create a file to serve

echo ‘<h1>It worked!</h1>’ > /var/www/html/index.html

  1. Create filtering file for index.html

echo -e “authorized_useragents:\n- ayyylmao” > /var/www/html/index.html.info

  1. Run satellite

systemctl start satellite

  1. Test satellite

This will return It worked!

curl -k -A ayyylmao https://localhost/

This will not

curl -k https://localhost

Use

Copyright (c) 2019 Maxwell Harley