ncat - proxy behavior / dns lookup / bug?

[Florian Roth <venom14 () gmail com>]

Hi all,

Recently I carried out of an audit at a client's network in which I
tried to connect trough the clients proxy server (HTTP, HTTPS) to
another ncat instance running on a remote server.
Workstations in the clients internal network cannot resolve host names
located in the Internet. The internal DNS only resolves internal host
names. I though - wow, cool, ok, it's safer that way. But than I
noticed that ncat tries to resolve the DNS addresses given as
parameters and fails.

ncat --proxy proxy.company.net:8080 www.web.de 80
.. cannot resolve www.web.de ...

Therefore I tried this

ncat --nodns --proxy 10.1.1.250:8080 www.web.de 80
.. cannot resolve www.web.de ...

I tried to connect to the IP but the proxy was configured to deny all
requests made to IP addresses.

My final impression is that this is a bug, because ncat should not try
to resolve the host name to an IP address before sending the request
to the proxy server.
It should be the task of the proxy server to resolve the IP.

What do you think?


=== NCAT request to the proxy server (already resolved)
CONNECT 217.72.200.132:80 HTTP/1.0

=== Browser request to the proxy
CONNECT www.web.de:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Proxy-Connection: keep-alive
Host: www.web.de


-- 
Florian
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/