Nmap Development mailing list archives
Re: Request for testing: proxy support
From: Henri Doreau <henri.doreau () gmail com>
Date: Sun, 7 Apr 2013 00:33:25 +0200
2013/2/6 Henri Doreau <henri.doreau () gmail com>:
Hello, I've been working on adding proxy support to nsock. The concept, which has been described on this list already, is fairly simple. TCP connection requests are transparently hooked and redirected through a chain of proxies. Each proxy type provides, among other things, an event handler to the library. The handler of a node in the proxy chain is called repeatedly, until connection is fully established with the next node. Nsock iterates that way over the entire chain until it reaches the target. At this point, the connect event is finally delivered to the caller. The current state of the connection is stored in the IOD. This means that the proposed implementation has no parallelism issue. For now, HTTP CONNECT and SOCKS4 are supported. Name resolution isn't implemented. Also, ultrascan doesn't benefit (or suffer? :) proxy support as it doesn't use nsock. That would be something to implement. A chain is expressed as a comma-separated list of URLs. e.g.: "http://localhost:8080,socks4://someproxy.example.com". Such a chain can be passed to nmap via --proxies <chain>. The chain is parsed once and reused everytime a nsock pool is instanciated by nmap. Authentication is not supported. As agreed before[1], I aim to first validate the core layers. refguide is also not updated yet, though I have no excuse for that. :) You can get the code at: https://svn.nmap.org/nmap-exp/henri/nmap-proxies This branch is being developed and tested under linux and freebsd, I'm not 100% sure how it'd behave on other platforms. I'd really like to see this tested and get feedback about it. Regards [1] http://seclists.org/nmap-dev/2012/q4/526 -- Henri
Hello, even though I'm getting convinced that the absence of reaction is directly imputable to the absence of defect in the code, I'd still like to be proven wrong! ;) There is still a lot of work to do before we have a complete proxy support (like rewriting connect() scan...) and this patch is just a first step. How would you feel about merging it to trunk? Regards -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Request for testing: proxy support Henri Doreau (Apr 06)
- Re: Request for testing: proxy support David Fifield (Apr 11)
- Re: Request for testing: proxy support Henri Doreau (Apr 22)
- Re: Request for testing: proxy support David Fifield (Apr 11)