Nmap Development mailing list archives
Scan with nmap over a CONNECT proxy?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 29 Apr 2010 17:34:48 +0000
Hello I was checking one of my servers on the internet and curiously I found it support CONNECT method to everywhere, so I could connect into it from internet and CONNECT for example at google, or even establish a telnet session with another machine in another network. While it may be very useful for a spammer I was thinking that a hacker can do much more and probable use this open CONNECT proxy to connect to my internal servers, since I have two interfaces, one external and another internal. I tested with ncat and I connected to a internal server with a command like ncat --proxy MyExternalProxy --proxy-type http 10.10.2.3 23 And I got the telnet screen asking for the username. However it was easy because I know my internal IP address, an hacker would need to guess my internal IP addresses and opened ports and do it by hand may be very hard. So, I was thinking, there is a option at nmap to scan over a CONNECT proxy? Something like nmap -sV -sC --proxy MyExternalProxy --proxy-type http10.10.2.0/24 It would be awesome. There is any patch or way to do it? I also tried just to test nmap with -sV and -sC in a exclusive port in conjunction with ncat, but I couldn't, since ncat appear to do not allow to bind IP and connect to a remote proxy at the same time. I was thinking in something like ncat -l 3333 --proxy MyExternalProxy --proxy-type http 10.10.2.3 23 So, I could test it like nmap -sV -sC -p 23 localhost Ideas? Well, anyone knows any portscanner that is able to scan a remote internal network over a CONNECT proxy? I would love to see it. Thanks _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Scan with nmap over a CONNECT proxy? Richard Miles (Apr 29)
- Re: Scan with nmap over a CONNECT proxy? David Fifield (May 03)