Add SNI support for Linux systems #269
Conversation
There was a problem hiding this comment.
Thanks for looking into and fixing this. I was able to confirm this pretty quickly using wireshark. In the output from the screenshot, you'll see the top two Client Hello frames from the old Meterpreter without the SNI flag and the rest from the new build with the SNI flag. In both cases, the following command was used to start the connection.
./mettle --uri https://sni.lab.zerosteiner.com:443 --debug 2
I also found this information about how mbedtls handles SNI.
We don't support reverse_https stagers for the Mettle builds so this should be all that's necessary to support SNI for the Linux Meterpreters. Whether or not the other Meterpreters support it is another question entirely.
I also changed the branch from 6.x to master which is what we're using now. The old 6.x branch was for the breaking changes we were working on when developing 6.0 many years ago.
This has been discussed and explained with smcintyre-r7 here, please see here
rapid7/metasploit-framework#19680