Penetration Testing mailing list archives
Re: Tool to find hidden web proxy server
From: Daniel Staal <DStaal () usa net>
Date: Wed, 08 Sep 2004 10:31:59 -0400
--As of Tuesday, September 7, 2004 8:47 PM +0200, Jose Maria Lopez is alleged to have said:
From what I have understood from the original poster what he wants to find it's the transparent proxy that it's redirecting his traffic. But if you are finding an application proxy installed on one of the desktop computers then it could be possible to do it just using nmap to see what ports are open in all the computers in the network, or using nessus to find strange programs listening on strange ports. Nessus can do a great job in portscanning the network, it has the nmap capabilities and some more techniques to find open ports.
--As for the rest, it is mine.Yes, but which is actually easier/better? Depending on the circumstances, either way could be.
If you step back and take a look at it the problem isn't 'find the proxy server' it is 'shut down the hole in our network', or possibly 'chastise the user who is breaking regulations'. I wanted to point out that you could use the authority of being the sysadmin (which I presume the original poster is) to solve the latter two problems.
I'm not going to say one way or the other *is* better. They both have benefits and disadvantages. The exact balance depends on (among other things): scripting ability, familiarity with network monitoring, corporate culture, and what else you want/need done. I'm just saying that people here were looking at this exclusively from the network monitoring/cracking viewpoint, when there are other resources available to the poster. They might be worth considering, that's all.
Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: Tool to find hidden web proxy server, (continued)
- RE: Tool to find hidden web proxy server Aditya Deshmukh (Sep 03)
- Re: Tool to find hidden web proxy server Balaji Prasad (Sep 05)
- Re: Tool to find hidden web proxy server Thomas Loch (Sep 07)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- Re: Tool to find hidden web proxy server Alexandre Verriere (Sep 03)
- Re: Tool to find hidden web proxy server Alexandre Verriere (Sep 07)
- Re: Tool to find hidden web proxy server Ben Timby (Sep 05)
- ProxyFinder v1.0 released shadown (Sep 07)
- Re: Tool to find hidden web proxy server Daniel Staal (Sep 07)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- Re: Tool to find hidden web proxy server Daniel Staal (Sep 08)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- RE: Tool to find hidden web proxy server Kara, Pravesh (Sep 02)
- RE: Tool to find hidden web proxy server Jeff Gercken (Sep 02)
- RE: Tool to find hidden web proxy server Burnett, Robert (Sep 02)
- RE: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- RE: Tool to find hidden web proxy server Scovetta, Michael V (Sep 02)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
- RE: Tool to find hidden web proxy server Singh, Yashpal (Sep 03)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)
- RE: Tool to find hidden web proxy server okrehel (Sep 08)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 07)