Deploy Self hosted interactsh-server for Blind & Out of Band Testing
Previous: Private Burp Collaborator
Note: This article is for ethical and educational purposes only.
References:
- https://github.com/projectdiscovery/interactsh#interactsh-server
- https://kalilinuxtutorials.com/interactsh/
- https://www.youtube.com/watch?v=p-N56aR4Omw
Why I needed to build a OOB Testing server
The main reason was to have a way to exfiltrate data using dns. This can not only be used for data exfiltration but also for testing out-of-band and blind testing. use custom domain like safestwebsite.com name which are generally not blacklisted.
There is a very good and easy to do this. Using a tool called interact.sh developed by ProjectDiscovery.
You can either use the tool directly using the hosting provided for everyone. Where you can directly start testing.
Or you can use the tool on your private hosting environment to customizing domain and other configuration. This article is relevant for interact.sh self hosting.
Alternatively, there is an older tool OOB-Server but I will not be showing its deployment, but is very similar to this, simply you need to install this instead of interact.sh on the server.
Step 1: Create AWS EC2 server — free tier
You need a EC2 server, you can use EC2 free tier or buy EC2 server, whichever works for you. I have used free tier. For the complete steps follow the Main Reference.
Specifications (already there in main reference) :
- OS : latest ubuntu (free tier)
- Hardware: t2.micro
- Disk Space < 30GB
- hours/month = 750 hours (if you are using only one server then you dont have to worry). Read AWS documentation to understand how “hours” are billed.
- Validity = 1 year
- Make sure you select an alert of free tier (this is not mentioned in Main Reference). This will ensure that you will be notified if you are charged additional cost.
Note down your public IPv4 DNS Name:
An Important instruction about this AWS elastic IPs
- The assigned AWS IP address will change if you reboot or restart the server. This will affect your AWS public dns name, which means your nameserver record of your domain has to be changed. And even after changing all these value and deploying a new burp collaborator server, you may get error while deployment.
- In this case, (the only way for me that worked was), buy a new domain (free in my case). Map that domain to this new AWS domain name. And now don’t stop the server.
Step 2: Buy Domain Name
Buy using freenom (worked like a charm for me)
Important: Please buy a new domain. Personally, I have faced a lot of problems (time consuming) when you update your existing bought domains.
- After buying the domain (valid for 1 year) go to the domain setting and click nameserver
Nameserver 1: your_AWS_EC2_public_dns_name
Nameserver 2: one.one.one.one (cloudfare)
Now all done one the domain side.
Step 3: Allow the required ports
As you already know, this is not a sensitive server. We will not be using it to save any sensitivities data, it will only be used for validating/checking the out-of-band attacks.
Step 4: Configuring the interactsh server side on the AWS Ubuntu machine
- Step 1: Take SSH of your AWS Ubuntu server.
- Step 2: Update and Upgrade the server
sudo apt update
sudo apt upgrade
- Step 3: Install go latest version, make sure to configure the PATH environment variable.
- Step 3: Install interactsh-server
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest
- Step 4: Now run the built file. If you are not able find the file go to
~/go
folder.
You need 3 things
- You domain, here I have used,
typeanyname.tk
- Public IP of the AWS Ubuntu server, say,
13.14.15.16
Change user to root.
sudo -i
Then run the below command,
interactsh-server -domain typeanyname.tk -ip 13.14.15.16 -wildcard -sa -ldap
Below is the snippet of the ouput
Step 5: Verify if your DNS records are updated
If you get result similar to below this means your DNS records are updated.
Step 6: Configuring the interactsh client side on any machine where you want to see your ouput.
We need to install a client where you can see the the hits that we get on the interactsh server. The server is just that does all the work but do not display the output. If you want to display the output you need a interactsh client.
- Step 1: Install go latest version, make sure to configure the PATH environment variable.
- Step 2: Install interactsh-client
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
- Step 3: Tell the client to use our self hosted server. As we are using authentication, we need to provide an authentication token.
interactsh-client -s https://typeanyname.tk -t ga60d6sometauthenticationtoken8939b226501f774a
Step 7: Validate the setup
Now open a browser on any other machine or mobile and visit typeanyname.tk
In your interactsh-client you should see some new entries as shown below.
If you recieve entries like “Received HTTP interaction” or “Received DNS interaction”
Note: There is one error regarding http register, you can ignore it, as I am using https to register. interactsh-client by itself tried to register to interactsh-server on http.
You can run the below command
Step 8: Stopping the interactsh-server
If find it very useful that I can easily stop the interactsh-server. The OOB-Server tool does not have any easy way to stop or uninstall the setup. I had to delete the AWS instance and re-install again.
To stop simply press Ctrl+C