Scanning through socks proxy

[Wolfric <wolfric1 () gmail com>]

I'm sure this has been brought up already before although I can't seem
to follow exactly what happened or what went wrong. Is there any
chance someone can clarify if it is foreseeable to have proxy support
in nmap or if not, why not.

I've found what seems to be a patch implementing HTTP proxy, however
it doesn't seem to be in the current build and there's no mention of
it being dismissed: http://seclists.org/nmap-dev/2009/q1/644

Tom also mentioned on irc chan this explanation:

12:30 < TomS> If I remember correctly there has been some discussion
about that on the list.. It seems that, at one point, basic socks
support was built
              it.. I *think* what it boils down to is that nmap does
some... um.. creative.. manipulation of the packets and any proxy
would have to be
              custom written to replicate this .. manipulation.. or
the results would be bad and, worse yet, you would not know it

What i perceive to be the problem if there is one is that it restricts
the usage of other features that are very often used since modes that
require writing anything underneath raw tcp won't work. Just as modes
conflict with each other, why not just have a basic connect scan with
service scanning available with proxy and just return an error if you
the user tries to use something that requires raw frames.

I realise you can hijack the connect() function and tunnel it that way
with another program (such as proxychains) however it would seem like
reasonably useful feature to include in nmap itself.

Can anyone shed some light

Wolfric
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/