|
Penetration Testing
mailing list archives
Re: check the presence of a reverse proxy
From: H D Moore <hdm () digitaloffense net>
Date: Wed, 1 Dec 2004 20:23:06 -0600
A request like the one below usually works for me (with squid and apache
reverse proxy servers):
echo -ne "GET /%00 HTTP/1.0\r\n\r\n" | nc host port
The response from the proxy server is a 404 for the "/" URL. This may have
been "fixed" in newer versions of apache and often works when an invalid
HTTP method does not.
-HD
On Tuesday 30 November 2004 15:15, Maria Da Re wrote:
Can i check the presence of a reverse proxy
between me and some webservers?
The pen-test scenario (target network) is:
- 2 level of firewall (pix and iptables)
- one dmz with a squid configured as reverse proxy
(and other things)
- one internal network with 4 webserver with apache
and public ip address (and other things)
So i would to check if my request to one of webserver
is natted (by external firewall) to the proxy and
redirected by the proxy to the webserver. I can work
from Internet, from a subnet connected to external
firewall, from a subnet connected to internal
firewall.
Some suggestions?
Many thanks
m.
___________________________________
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar,
Webcam, Giochi, Rubrica
Scaricalo ora! http://it.messenger.yahoo.it
 By Date 
By Thread
Current thread:
|
Intro
