Penetration Testing mailing list archives
RE: Tool to find hidden web proxy server
From: okrehel () loews com
Date: Wed, 8 Sep 2004 10:41:33 -0400
Product as winroute and one spare NIC card on PC will do the trick. Winroute comes with build in FW as well so maping "the new network" behind it is limited. ondrej Jose Maria Lopez <jkerouac@bgsec.c om> To pen-test () securityfocus com 09/03/2004 06:13 cc PM Subject RE: Tool to find hidden web proxy server El vie, 03 de 09 de 2004 a las 10:32, Singh, Yashpal escribió:
1. I think, you monitor the network traffic and see which authorized
machines are generating the most of the traffic. And hen you can conclude who is running the proxy server on their machines.
That could be perfectly a router to other network, and maybe you can't see behind that device.
2. Or you can use npulse to check all the machines in ur LAN and see
which ports are open on these machines.
This approach is defective because if the transparent proxy is implemented in the router or firewall then you will only see port 80 open, if the administrator has done his work well then the port 8080 or 3128 will be closed for the internal network.
Thanks Yash -----Original Message----- From: hashem () macxperts com [mailto:hashem () macxperts com] Sent: Thursday, September 02, 2004 1:05 PM To: pen-test () securityfocus com Subject: Re: Tool to find hidden web proxy server Perhaps if you are on linux you can use nmap to scan your whole subnet
and
output the scan to a text file then you can grep it for the word proxy ( means you gotta be root and do an -sV ) correct me if im wrong. ----- Original Message ----- From: "vinay mangal" <vinay.mangal () eil co in> To: "Pen" <pen-test () securityfocus com> Sent: Thursday, September 02, 2004 4:36 AM Subject: Re: Tool to find hidden web proxy serverDear all, Thanks for your suggestions. May be I am not able to define my question properly. This problem is strictly with in company internet access firewall and
in
theLAN only. In a company, policy for Internet access says it is through
IP
only. The others can not browse the internet. This policy is
implemented
onfirewall. Few smart guys have installed free proxy server running on
non
default ports and distributed the internet access to their friends. The firewall sees the traffic coming from the authorized IP and does not
stop
them. We want to know who has installed proxy on there machine. I hope, I am able to clearly define my question. Thanks vinay ----- Original Message ----- From: "wnorth" <wnorth () verizon net> To: "'vinay mangal'" <vinay.mangal () eil co in>; "'Pen'" <pen-test () securityfocus com> Sent: Wednesday, September 01, 2004 11:41 PM Subject: RE: Tool to find hidden web proxy serverI'm not sure of a tool, but simply scanning your network for TCP/8080
or
TCP/80 or TCP/8000 may give you the results you are looking for.
Simple
NMAPwould work. -Wes -----Original Message----- From: vinay mangal [mailto:vinay.mangal () eil co in] Sent: Wednesday, September 01, 2004 4:27 AM To: Pen Subject: Tool to find hidden web proxy server Dear all, I am looking for a tool to find the hidden web proxy server in my
local
network. Any hint will be useful. with regards Vinay
--------------------------------------------------------------------------
----Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one
interaction
with one of our expert instructors. Check out our Advanced Hacking
course,
learn to write exploits and attack security infrastructure. Attend acoursetaught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------
-----
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking
course,
learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking
course,
learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------------- -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Tool to find hidden web proxy server, (continued)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- Re: Tool to find hidden web proxy server Daniel Staal (Sep 08)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- RE: Tool to find hidden web proxy server Kara, Pravesh (Sep 02)
- RE: Tool to find hidden web proxy server Jeff Gercken (Sep 02)
- RE: Tool to find hidden web proxy server Burnett, Robert (Sep 02)
- RE: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- RE: Tool to find hidden web proxy server Scovetta, Michael V (Sep 02)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
- RE: Tool to find hidden web proxy server Singh, Yashpal (Sep 03)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- RE: Tool to find hidden web proxy server okrehel (Sep 08)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server Christopher Adickes (Sep 04)
- RE: Tool to find hidden web proxy server Bénoni MARTIN (Sep 04)
- Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)
- Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Shashank Rai (Sep 08)
- Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 08)
- Re: Rogue activity methodology (was: Tool to find hidden web proxyserver) Dejan Markovic (Sep 09)
- Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)