Penetration Testing mailing list archives

Re: Tool to find hidden web proxy server

From: "Balaji Prasad" <bp1974 () comcast net>
Date: Wed, 01 Sep 2004 22:10:21 -0700

Vinay:

Couple of options for you ... based on the size and connectivity of yournetwork:


Option 1.  (Requires no change to FW policy)

1. If your LAN is hub based, the skip to step 3. If there is a centralswitch go to step 2.2. Most high-end switches have an option for port mirroring. If yourshas one, then connect a linux box with tcpdump/ethereal/ntop to themirrored port.3. If you are using ntop or any other network packet monitoring tool,you will notice one or more systems originating a disproportionatelyhigher volume of http traffic. Those are your rogue proxy servers


Option 2.(Small change to FW policy)
  Install a policy that does the following:
        a. Your default policy will be to block all traffic out of your network.

b. Prohibits all traffic to destination:port80 or destination:port443 ifnot originating from your proxy server.c. You will need to punch holes in your FW one by one to allow allauthorized services (SMTP,IMAP,DNS etc.)

This way you will end up with a more secure installation in general.

Balaji

On Thu, 2 Sep 2004 09:06:44 +0530, vinay mangal <vinay.mangal () eil co in>wrote:

Dear all,

Thanks for your suggestions. May be I am not able to define my question
properly.

This problem is strictly with in company internet access firewall and inthe

LAN only. In a company, policy for Internet access says it is through IP

only. The others can not browse the internet. This policy is implementedon

firewall. Few smart guys have installed free proxy server running on non
default ports and distributed the internet access to their friends. The
firewall sees the traffic coming from the authorized IP and does not stop
them. We want to know who has installed proxy on there machine.

I hope, I am able to clearly define my question. Thanks


vinay


----- Original Message -----
From: "wnorth" <wnorth () verizon net>
To: "'vinay mangal'" <vinay.mangal () eil co in>; "'Pen'"
<pen-test () securityfocus com>
Sent: Wednesday, September 01, 2004 11:41 PM
Subject: RE: Tool to find hidden web proxy server

I'm not sure of a tool, but simply scanning your network for TCP/8080 or
TCP/80 or TCP/8000 may give you the results you are looking for. Simple

NMAP

would work.

-Wes

-----Original Message-----
From: vinay mangal [mailto:vinay.mangal () eil co in]
Sent: Wednesday, September 01, 2004 4:27 AM
To: Pen
Subject: Tool to find hidden web proxy server

Dear all,

I am looking for a tool to find the hidden web proxy server in my local
network.

Any hint will be useful.

with regards
Vinay



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction

with one of our expert instructors. Check out our Advanced Hackingcourse,learn to write exploits and attack security infrastructure. Attend acourse

taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------




--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

Re: Tool to find hidden web proxy server, (continued)
- - - Re: Tool to find hidden web proxy server R. DuFresne (Sep 02)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
    - Re: Tool to find hidden web proxy server Gary E. Miller (Sep 03)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
    - Re: Tool to find hidden web proxy server Chris Brenton (Sep 02)
    - Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
    - Re: Tool to find hidden web proxy server hashem (Sep 02)
    - Re: Tool to find hidden web proxy server Rogan Dawes (Sep 02)
    - Re: Tool to find hidden web proxy server Thor (Sep 03)
    - RE: Tool to find hidden web proxy server Aditya Deshmukh (Sep 03)
    - Re: Tool to find hidden web proxy server Balaji Prasad (Sep 05)
  - Re: Tool to find hidden web proxy server Thomas Loch (Sep 07)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- Re: Tool to find hidden web proxy server Alexandre Verriere (Sep 03)
  - Re: Tool to find hidden web proxy server Alexandre Verriere (Sep 07)
- Re: Tool to find hidden web proxy server Ben Timby (Sep 05)
- ProxyFinder v1.0 released shadown (Sep 07)
- Re: Tool to find hidden web proxy server Daniel Staal (Sep 07)
  - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
    - Re: Tool to find hidden web proxy server Daniel Staal (Sep 08)
- RE: Tool to find hidden web proxy server Kara, Pravesh (Sep 02)

(Thread continues...)