Nmap Development mailing list archives
General web proxying with Ncat
From: David Fifield <david () bamsoftware com>
Date: Thu, 16 Apr 2009 16:55:35 -0600
Hi, Ncat's HTTP proxy now supports the GET, HEAD, and POST methods, so it can be used as a proxy with an ordinary web browser. Run ncat -l --proxy-type http Configure your web browser to use the proxy server at localhost:31337. The CONNECT method that enables SSL connections is also supported. Of course you can continue to make Ncat client connections through the proxy: ncat --proxy localhost:31337 scanme.nmap.org 80 The proxy allows authentication (credentials are sent in the clear): ncat -l --proxy-type http --proxy-auth user:pass I wrote this new code with special attention towards securing it against buffer overflows and like vulnerabilities. There are over a thousand new lines of parsing and memory allocation code, so I would appreciate a second opinion. The proxy as it stands now only supports HTTP/1.0, and not HTTP/1.1 features like connection persistence and pipelining. Using the proxy is likely to make your web browsing slower because all requests are serialized. I wouldn't expose the proxy to the Internet because of a lack of authentication mechanisms. (You can use --proxy-auth, --allow, and --deny, but they are not very strong.) David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General web proxying with Ncat David Fifield (Apr 16)