Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Reverse Proxy Pen Testing

From: "Jerry Shenk" <jshenk () decommunications com>
Date: Sat, 26 Mar 2005 18:51:36 -0500
I have found some proxies to be set up incorrectly when doing
pen-testing by simply configuring IE to use the public IP address as a
proxy.  One in particular, I was able to use their internet proxy to
access anything on their 10... from the internet simply by pointing IE's
proxy config at the public IP address.  That wasn't a "proxy problem",
it was a configuration problem but still, a pretty big problem!
...internal servers, printers, really not good!

-----Original Message-----
From: FF 647 [mailto:ff_647 () yahoo com] 
Sent: Friday, March 25, 2005 7:41 PM
To: pen-test () securityfocus com
Subject: Reverse Proxy Pen Testing


Does anyone know of a way to test a netcache to see if
it will return content from web sites on an internal
network -- intranet sites that would otherwise not be
viewable by the public? Any info would be appreciated
as we are investigating techniques to simulate
Internet based attack vectors against our reverse proxy.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: