Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Tool to find hidden web proxy server
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 2 Sep 2004 11:36:07 +0200

On Thu, Sep 02, 2004 at 09:06:44AM +0530, vinay mangal wrote:

In a company, policy for Internet access says it is through IP only.
The others can not browse the internet. This policy is implemented
on firewall. Few smart guys have installed free proxy server running
on non default ports and distributed the internet access to their
friends.

There is not a single way of hiding the proxy and so there is not
a single bulletproof tool to find it.

If they are not so smart, they are running the proxies on ports 3128
or 8000-8888.

$ nmap -sSV -p3128,8000-8888 suspected [...]

(of course, double check the proxy with netcat/telnet or amap)

If they are less smarter they run it on obscured port but with
unrestricted access.

$ nmap -sSV -p- suspected [...]

(I recommend nmap-3.70 or later, it scans much faster)

If they are smarter they limit access to proxy by IP and/or
user:password. Try sniffing the LAN traffic for HTTP communication
between the stations (ethereal or ngrep, exclude the IP of gateway).

Smart guys will tunnel HTTP through SSH or similar and the proxy will
not be accessible on external interfaces (only loopback). Then analyze
the outgoing HTTP traffic. Look for X-Forwarded-For: headers,
User-Agent: headers, cookies, POST requests values (names) etc. so you
can see that the requests from on IP are actually from 2 different
people and/or 2 different browsers.

Good luck.

Remember, they can always be smarter and they could be subscribed too :-)

Martin Mačok
IT Security Consultant

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault