Penetration Testing mailing list archives
RE: Reverse Proxy Pen Testing
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Sat, 26 Mar 2005 18:51:36 -0500
I have found some proxies to be set up incorrectly when doing pen-testing by simply configuring IE to use the public IP address as a proxy. One in particular, I was able to use their internet proxy to access anything on their 10... from the internet simply by pointing IE's proxy config at the public IP address. That wasn't a "proxy problem", it was a configuration problem but still, a pretty big problem! ...internal servers, printers, really not good! -----Original Message----- From: FF 647 [mailto:ff_647 () yahoo com] Sent: Friday, March 25, 2005 7:41 PM To: pen-test () securityfocus com Subject: Reverse Proxy Pen Testing Does anyone know of a way to test a netcache to see if it will return content from web sites on an internal network -- intranet sites that would otherwise not be viewable by the public? Any info would be appreciated as we are investigating techniques to simulate Internet based attack vectors against our reverse proxy. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Reverse Proxy Pen Testing FF 647 (Mar 26)
- Re: Reverse Proxy Pen Testing Andres Riancho (Mar 27)
- RE: Reverse Proxy Pen Testing Jerry Shenk (Mar 27)