Nmap Development mailing list archives
Request for testing: proxy support
From: Henri Doreau <henri.doreau () gmail com>
Date: Wed, 6 Feb 2013 21:26:07 +0100
Hello, I've been working on adding proxy support to nsock. The concept, which has been described on this list already, is fairly simple. TCP connection requests are transparently hooked and redirected through a chain of proxies. Each proxy type provides, among other things, an event handler to the library. The handler of a node in the proxy chain is called repeatedly, until connection is fully established with the next node. Nsock iterates that way over the entire chain until it reaches the target. At this point, the connect event is finally delivered to the caller. The current state of the connection is stored in the IOD. This means that the proposed implementation has no parallelism issue. For now, HTTP CONNECT and SOCKS4 are supported. Name resolution isn't implemented. Also, ultrascan doesn't benefit (or suffer? :) proxy support as it doesn't use nsock. That would be something to implement. A chain is expressed as a comma-separated list of URLs. e.g.: "http://localhost:8080,socks4://someproxy.example.com". Such a chain can be passed to nmap via --proxies <chain>. The chain is parsed once and reused everytime a nsock pool is instanciated by nmap. Authentication is not supported. As agreed before[1], I aim to first validate the core layers. refguide is also not updated yet, though I have no excuse for that. :) You can get the code at: https://svn.nmap.org/nmap-exp/henri/nmap-proxies This branch is being developed and tested under linux and freebsd, I'm not 100% sure how it'd behave on other platforms. I'd really like to see this tested and get feedback about it. Regards [1] http://seclists.org/nmap-dev/2012/q4/526 -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Request for testing: proxy support Henri Doreau (Feb 06)