Although using Metasploit over Tor is possible, I do not advise you to do it in a penetration test. Tor is an awesome project and provides some anonymity, but it will not protect unencrypted data from prying eyes, meaning that individuals, organizations, and governments controlling exit nodes can read data that passes through them. That said, I will show you how to get a reverse Meterpreter session using Tor and Tor2web HTTP proxy, which allows the target to connect to Metasploit without having Tor installed.
Using Metasploit over the Tor network
Getting ready
To use Tor, we first need to install it, which can be done using the following command:
root@kali:~# apt install tor
Next, you need to edit Tor's...