satellite: web payload hosting service
Satellite is a web payload hosting service that filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances.
It was created to make offensive security professionals’ jobs easier by allowing them to write easy filtering rules for payload traffic.
As a general rule in security operations, a hacker only wants their phishing payload to reach the intended target. If a sandbox environment, incident responder, or coworker requests the payload, the hacker would like the request to be redirected somewhere else. It gives offensive security professionals the means to learn about the properties of the target’s environment and make rules to decide when the true payload should be returned.
- Install satellite on Ubuntu using the .deb file
dpkg -i satellite_X.X.X_linux_amd64.tar.gz
- Create a file to serve
echo ‘<h1>It worked!</h1>’ > /var/www/html/index.html
- Create filtering file for index.html
echo -e “authorized_useragents:\n- ayyylmao” > /var/www/html/index.html.info
- Run satellite
systemctl start satellite
- Test satellite
This will return It worked!
curl -k -A ayyylmao https://localhost/
This will not
curl -k https://localhost
Copyright (c) 2019 Maxwell Harley