Penetration Testing mailing list archives
Re: Tool to find hidden web proxy server
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 2 Sep 2004 11:36:07 +0200
On Thu, Sep 02, 2004 at 09:06:44AM +0530, vinay mangal wrote:
In a company, policy for Internet access says it is through IP only. The others can not browse the internet. This policy is implemented on firewall. Few smart guys have installed free proxy server running on non default ports and distributed the internet access to their friends.
There is not a single way of hiding the proxy and so there is not a single bulletproof tool to find it. If they are not so smart, they are running the proxies on ports 3128 or 8000-8888. $ nmap -sSV -p3128,8000-8888 suspected [...] (of course, double check the proxy with netcat/telnet or amap) If they are less smarter they run it on obscured port but with unrestricted access. $ nmap -sSV -p- suspected [...] (I recommend nmap-3.70 or later, it scans much faster) If they are smarter they limit access to proxy by IP and/or user:password. Try sniffing the LAN traffic for HTTP communication between the stations (ethereal or ngrep, exclude the IP of gateway). Smart guys will tunnel HTTP through SSH or similar and the proxy will not be accessible on external interfaces (only loopback). Then analyze the outgoing HTTP traffic. Look for X-Forwarded-For: headers, User-Agent: headers, cookies, POST requests values (names) etc. so you can see that the requests from on IP are actually from 2 different people and/or 2 different browsers. Good luck. Remember, they can always be smarter and they could be subscribed too :-) Martin Mačok IT Security Consultant ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Tool to find hidden web proxy server vinay mangal (Sep 01)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 01)
- Re: Tool to find hidden web proxy server Miles Stevenson (Sep 01)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- Re: Tool to find hidden web proxy server grutz (Sep 02)
- RE: Tool to find hidden web proxy server wnorth (Sep 02)
- Re: Tool to find hidden web proxy server vinay mangal (Sep 01)
- Re: Tool to find hidden web proxy server Javier Fernandez-Sanguino (Sep 02)
- Re: Tool to find hidden web proxy server Marc (Sep 02)
- Re: Tool to find hidden web proxy server Martin Mačok (Sep 02)
- Re: Tool to find hidden web proxy server Christine Kronberg (Sep 02)
- Re: Tool to find hidden web proxy server Paulo Henrique Fisch de Brito (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server R. DuFresne (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 03)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
- Re: Tool to find hidden web proxy server vinay mangal (Sep 01)
- Re: Tool to find hidden web proxy server Chris Brenton (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- Re: Tool to find hidden web proxy server hashem (Sep 02)