Penetration Testing: RE: Tool to find hidden web proxy server

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: Tool to find hidden web proxy server

From: Bénoni MARTIN <Benoni.MARTIN () libertis ga>
Date: Wed, 1 Sep 2004 18:44:59 +0100

Well...
- The easier way is to scan your whole network and see the machines which are up (nmap -sS xxx.xxx.xxx.0/24). Maybe,
you will find a strange machine which can be your proxy.
- But you can have a PC running also your proxy, so you will just see usual machines. Then scanning the ports (nmap
-sS -p 1-65535 -O xxx.xxx.xxx.0/24) should help you to find well known proxys as Squid listening on default port(s).
- If this dos nof work, why not look at your FW/Load Balancer/... IN NIC (the NIC of your device beeing on your
network, not the DMZ of Internet one) ? Launching on it a sniffer (for instance tcpdump -i in_nic -proto http | tee log
or just tcpdump -i in_nic -proto http) should give you replies from the inside from 2 adresses: your web server and the
proxy...

HTH :)

-----Message d'origine-----
De : vinay mangal [mailto:vinay.mangal () eil co in]
Envoyé : mercredi 1 septembre 2004 12:27
À : Pen
Objet : Tool to find hidden web proxy server

Dear all,

I am looking for a tool to find the hidden web proxy server in my local network.

Any hint will be useful.

with regards
Vinay

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate
one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write
exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the
security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

By Date By Thread

Current thread:

RE: Tool to find hidden web proxy server, (continued)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server Christopher Adickes (Sep 04)
- RE: Tool to find hidden web proxy server Bénoni MARTIN (Sep 04)
  - Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Shashank Rai (Sep 08)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 08)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxyserver) Dejan Markovic (Sep 09)
- RE: Tool to find hidden web proxy server Jeff Gercken (Sep 07)