Re: check the presence of a reverse proxy

[H D Moore <hdm () digitaloffense net>]

A request like the one below usually works for me (with squid and apache 
reverse proxy servers):

echo -ne "GET /%00 HTTP/1.0\r\n\r\n" | nc host port

The response from the proxy server is a 404 for the "/" URL. This may have 
been "fixed" in newer versions of apache and often works when an invalid 
HTTP method does not.

-HD

On Tuesday 30 November 2004 15:15, Maria Da Re wrote:
> Can i check the presence of a reverse proxy
> between me and some webservers?
>
> The pen-test scenario (target network) is:
>
> - 2 level of firewall (pix and iptables)
> - one dmz with a squid configured as reverse proxy
> (and other things)
> - one internal network with 4 webserver with apache
> and public ip address (and other things)
>
> So i would to check if my request to one of webserver
> is natted (by external firewall) to the proxy and
> redirected by the proxy to the webserver. I can work
> from Internet, from a subnet connected to external
> firewall, from a subnet connected to internal
> firewall.
>
> Some suggestions?
>
> Many thanks
>
> m.
>
>
>
>
> ___________________________________
> Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar,
> Webcam, Giochi, Rubrica… Scaricalo ora! http://it.messenger.yahoo.it