|
Penetration Testing
mailing list archives
Re: check the presence of a reverse proxy
From: "joe star" <alan6 () melimail com>
Date: Mon, 06 Dec 2004 13:22:34 +0100
First, make a traceroute (also on TCP port 80, 443, ... look at tcptraceroute) to check if you can see the final
machine or if the Firewall (or another router) block icmp_exceeded packets....
But, if you just want to check if the RP works correctly, you'll have to have a look at the HTML protocol. If you uses
an HTML proxy, you can look at what is send and received by your browser. By the end, if you discover any information
about your Apache Web server, the your proxy is not correctly configured.
Sincerly,
alan
On 30-11-2004 22:38:01 Maria Da Re <pentestml () yahoo it> was overheard saying:
---------------------------------------------------
Can i check the presence of a reverse proxy
between me and some webservers?
The pen-test scenario (target network) is:
- 2 level of firewall (pix and iptables)
- one dmz with a squid configured as reverse proxy
(and other things)
- one internal network with 4 webserver with apache
and public ip address (and other things)
So i would to check if my request to one of webserver
is natted (by external firewall) to the proxy and
redirected by the proxy to the webserver. I can work
from Internet, from a subnet connected to external
firewall, from a subnet connected to internal
firewall.
Some suggestions?
Many thanks
m.
___________________________________
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica
Scaricalo ora!
http://it.messenger.yahoo.it
---------------------------------
Melimail -- Une adresse @melimail.com gratuite ?
Viens réserver ton pseudo avant tout le monde !!
http://www.melimail.com
 By Date 
By Thread
Current thread:
- RE: check the presence of a reverse proxy, (continued)
|
Intro
