Although using Metasploit over Tor is possible, I do not advise you to do it in a penetration test. Tor is an awesome project and provides some anonymity, but it will not protect unencrypted data from prying eyes, meaning that individuals, organizations, and governments controlling exit nodes can read data that passes through them. That said, I will show you how to get a reverse Meterpreter session using Tor and Tor2web HTTP proxy, which allows the target to connect to Metasploit without having Tor installed.
To use Tor, we first need to install it, which can be done using the following command:
root@kali:~# apt install tor
Next, you need to edit Tor's configuration file located at /etc/tor/torrc
using your favorite editor. Uncomment and edit the following lines:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 10.17.0.5:9999
Note that I have changed the HiddenServicePort
IP address from 127.0.0.1
to my private IP address 10...