Penetration Testing mailing list archives

RE: Tool to find hidden web proxy server

From: "Wozny, Scott (US - New York)" <swozny () deloitte com>
Date: Wed, 8 Sep 2004 16:19:30 -0400

To point 1, a router wouldn't change the SIP of the packet so the only reason a router would show up in an outbound web 
'top talker' list is if it was proxying outbound connections using it's 'approved' IP (more accurately NATing rather 
than proxying but with the same effect of unauthorized IPs getting web access).  In this case this is exactly what the 
original poster is looking for.  I think it's one of the better options to find LIKELY proxy servers or NAT devices 
without the ability to look at the process table on every device on your network.  It is, however, by no means 
foolproof.  Likely you'll catch the most grievous offenders (dozens or hundreds of users on the same proxy) but those 
giving out access to only a couple of people probably won't pop to the top of your list.

Scott

-----Original Message-----
From: Jose Maria Lopez [mailto:jkerouac () bgsec com] 
Sent: Friday, September 03, 2004 6:13 PM
To: pen-test () securityfocus com
Subject: RE: Tool to find hidden web proxy server


El vie, 03 de 09 de 2004 a las 10:32, Singh, Yashpal escribió:

1. I think, you monitor the network traffic and see which authorized machines are generating the most of the traffic. 
And hen you can conclude who is running the proxy server on their machines.


That could be perfectly a router to other network, and maybe you can't
see behind that device.



This message (including any attachments) contains confidential information intended for a specific individual and 
purpose, and is protected by law.  If you are not the intended recipient, you should delete this message.  Any 
disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

RE: Tool to find hidden web proxy server, (continued)
- - - RE: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server caleb . dods (Sep 03)
- RE: Tool to find hidden web proxy server Christopher Adickes (Sep 04)
- RE: Tool to find hidden web proxy server Bénoni MARTIN (Sep 04)
  - Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 07)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Shashank Rai (Sep 08)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxy server) Chris Brenton (Sep 08)
    - Re: Rogue activity methodology (was: Tool to find hidden web proxyserver) Dejan Markovic (Sep 09)
- RE: Tool to find hidden web proxy server Jeff Gercken (Sep 07)
- RE: Tool to find hidden web proxy server Wozny, Scott (US - New York) (Sep 08)