Re: testing webapp - socks and http proxy question

[jack.a.mannino () gmail com]

Burp itself only supports proxying upstream to an http proxy.  If you want SOCKS, then you need to chain Burp to go 
through an http proxy capable of forwarding to a SOCKS proxy. That is why Iike using Privoxy.  I forward my Burp 
traffic to it, and then chain Privoxy through Tor.  You can substitute the proxies of your choice, but that is the 
basic idea.

-Jack
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: learn lids <learnlids () yahoo com>

Date: Wed, 14 Jan 2009 18:47:16 
To: <pen-test () securityfocus com>; <security-basics () securityfocus com>; <webappsec () securityfocus com>; Amardeep 
Singh<Amardeep_Singh () symantec com>
Subject: Re: testing webapp - socks and http proxy question


amardeep : http is an application layer (7) protocol; while socks is a session layer (5) protocol. afaik paros supports 
only a layer-7 outgoing proxy.

-learner

--- On Fri, 1/9/09, Amardeep Singh <Amardeep_Singh () symantec com> wrote:

> From: Amardeep Singh <Amardeep_Singh () symantec com>
> Subject: testing webapp - socks and http proxy question
> To: pen-test () securityfocus com, security-basics () securityfocus com, webappsec () securityfocus com
> Cc: learnlids () yahoo com
> Date: Friday, January 9, 2009, 4:54 AM
> Hello,
>
> I am not sure for Burp Configuration, But on same lines If
> you use Paros
> Proxy (On same lines to Burp) then you can configure your
> requirements
> by going to Tolls-->Options--->Connection
>
> Amardeep Singh
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of learn lids
> Sent: Friday, January 09, 2009 10:05 AM
> To: pen-test () securityfocus com;
> webappsec () securityfocus com;
> security-basics () securityfocus com
> Subject: testing webapp - socks and http proxy question
>
> hello everybody, 
>
> moderators : sorry about the cross-post, but i thoght this
> question is
> relevant to all these 3 lists. 
>
> i am trying to test a web app which is accessible by only a
> socks proxy.
> so i want to redirect the http traffic through the socks
> proxy to access
> th webapp. the setup is: 
>  
> browser {OUT 127.0.0.1:8080} ---> burp proxy -->
> socks proxy to webapp 
>
> i am not sure how to make burp talk to the socks proxy. i
> used
> proxychains but i am not able to make it work. 
>
> any suggestions are much appreciated. any other alternate
> methods would
> be nice. 
>
> thank you, 
> learner


      

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------