Security Basics mailing list archives
Re: testing webapp - socks and http proxy question
From: learn lids <learnlids () yahoo com>
Date: Wed, 14 Jan 2009 18:43:35 -0800 (PST)
natron, afaik netcat proxying does not work with the -l switch. is there a different version that allows you to do that? what i did was : nc -l -p4000 -X5 -x10.b.c.d:1080 -learnlids --- On Fri, 1/9/09, natron <natron () invisibledenizen org> wrote:
From: natron <natron () invisibledenizen org> Subject: Re: testing webapp - socks and http proxy question To: "Rogan Dawes" <lists () dawes za net> Cc: learnlids () yahoo com, pen-test () securityfocus com, webappsec () securityfocus com, security-basics () securityfocus com Date: Friday, January 9, 2009, 11:09 AM I think I've solved this problem in the past by using proxy 'conversion' tools that will convert from one proxy type to another. It's been a while so I can't remember which tool I used, but I think socat or maybe ncat will do what you need. You configure *cat to listen on (e.g.) port 1234 as an HTTP proxy server, and chain it to the socks proxy server. On Fri, Jan 9, 2009 at 3:39 AM, Rogan Dawes <lists () dawes za net> wrote:learn lids wrote:hello everybody, moderators : sorry about the cross-post, but ithoght this questionis relevant to all these 3 lists. i am trying to test a web app which is accessibleby only a socksproxy. so i want to redirect the http trafficthrough the socks proxyto access th webapp. the setup is: browser {OUT 127.0.0.1:8080} ---> burp proxy--> socks proxy towebapp i am not sure how to make burp talk to the socksproxy. i usedproxychains but i am not able to make it work. any suggestions are much appreciated. any otheralternate methodswould be nice. thank you, learnerThe work-in-progress OWASP Proxy library (and sampleapp) supportsupstream and downstream SOCKS proxies. i.e. it can actas a SOCKS proxy,and it can connect through an upstream SOCKS proxy. Itcan also act as aregular HTTP proxy, allowing: [browser] --(HTTP Proxy)--> [burp] --(HTTPProxy)--> [OWASP Proxy]--(SOCKS)--> [socks proxy]--> [server] This is probably not ideal, though. You *may* be able to convince burp to use an upstreamSOCKS proxy bysetting the appropriate Java environment variables.See:<http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html>I don't think that this supports authentication tothe upstream SOCKSProxy, though. If you need upstream authentication,you may need to hacksomething together using JSOCKS, for example. Rogan
Current thread:
- Re: testing webapp - socks and http proxy question learn lids (Jan 15)
- <Possible follow-ups>
- Re: testing webapp - socks and http proxy question K (Jan 15)
- Re: testing webapp - socks and http proxy question learn lids (Jan 15)
- Re: testing webapp - socks and http proxy question learn lids (Jan 15)
- Re: testing webapp - socks and http proxy question jack . a . mannino (Jan 15)
- Re: testing webapp - socks and http proxy question K (Jan 15)