Metasploit mailing list archives

New auxiliary module (http_open_proxy)

From: Matteo Cantoni <matteo.cantoni () gmail com>
Date: Sun, 16 May 2010 21:38:57 +0200

Hi list,

I am attaching a new auxiliary module to check/search HTTP proxy. Some features:

- HTTP return code verification;
- pattern matching verification;
- CONNECT method verification;
- multi-ports;
- randomize-ports;

Hopefully it helps somebody else, so feel free to include/modify/delete it.

///
msf > use auxiliary/scanner/http/http_open_proxy
msf auxiliary(http_open_proxy) > set RHOSTS 192.168.1.2
RHOSTS => 192.168.1.2
msf auxiliary(http_open_proxy) > set RPORT 3128
RPORT => 3128
msf auxiliary(http_open_proxy) > set DEBUG true
DEBUG => true
msf auxiliary(http_open_proxy) > set VERIFY_CONNECT true
VERIFY_CONNECT => true
msf auxiliary(http_open_proxy) > run

[*] Checking 192.168.1.2:3128 [www.google.com]
[*] 192.168.1.2:3128 is a potentially OPEN proxy [302] (squid/2.7.STABLE3)
[*] 192.168.1.2:3128 CONNECT method successfully tested
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(http_open_proxy) > set MULTIPORTS true
MULTIPORTS => true
msf auxiliary(http_open_proxy) > set RANDOMIZE_PORTS true
RANDOMIZE_PORTS => true
msf auxiliary(http_open_proxy) > set SITE www.openbsd.org
SITE => www.openbsd.org
msf auxiliary(http_open_proxy) > set ValidPattern <title>OpenBSD</title>
ValidPattern => <title>OpenBSD</title>
msf auxiliary(http_open_proxy) > run

[*] Checking 192.168.1.2:8080 [www.openbsd.org]
[*] Checking 192.168.1.2:80 [www.openbsd.org]
[*] Checking 192.168.1.2:8123 [www.openbsd.org]
[*] Checking 192.168.1.2:3128 [www.openbsd.org]
[*] 192.168.1.2:3128 is a potentially OPEN proxy [200] (squid/2.7.STABLE3)
[*] 192.168.1.2:3128 CONNECT method successfully tested
[*] Checking 192.168.1.2:1080 [www.openbsd.org]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(http_open_proxy) >
///

Regards,
Matteo

---
Matteo Cantoni - http://www.nothink.org/
"Statistics, data and others stuff about malware and their network activity"

Attachment: http_open_proxy.rb
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

New auxiliary module (http_open_proxy) Matteo Cantoni (May 16)
- Re: New auxiliary module (http_open_proxy) Matteo Cantoni (Jun 01)