Penetration Testing mailing list archives
Re: Tool to find hidden web proxy server
From: Rogan Dawes <discard () dawes za net>
Date: Thu, 02 Sep 2004 09:08:55 +0200
vinay mangal wrote:
Dear all, Thanks for your suggestions. May be I am not able to define my question properly. This problem is strictly with in company internet access firewall and in the LAN only. In a company, policy for Internet access says it is through IP only. The others can not browse the internet. This policy is implemented on firewall. Few smart guys have installed free proxy server running on non default ports and distributed the internet access to their friends. The firewall sees the traffic coming from the authorized IP and does not stop them. We want to know who has installed proxy on there machine. I hope, I am able to clearly define my question. Thanks vinay
In that case, you should be looking for traffic destined for a proxy server in your network.
e.g. ngrep "HTTP/1" dst net yournetwork or something similar.Of course, if your network is switched, you will not see the traffic you need unless your sniffer is attached to a mirrored port on your switch.
My recommendation is to have the security policy redistributed (if it already contains such prohibitions) or updated, and then point out to all your users that contravention of the security policy is a firing offence.
Your best bet to identify violators is to use (a variation of) the ngrep mentioned above, but make sure that you are seeing the necessary traffic via the switched port.
Hope this helps. Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net" ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Tool to find hidden web proxy server, (continued)
- Re: Tool to find hidden web proxy server Christine Kronberg (Sep 02)
- Re: Tool to find hidden web proxy server Paulo Henrique Fisch de Brito (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server R. DuFresne (Sep 02)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 03)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
- Re: Tool to find hidden web proxy server Chris Brenton (Sep 02)
- Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
- Re: Tool to find hidden web proxy server hashem (Sep 02)
- Re: Tool to find hidden web proxy server Rogan Dawes (Sep 02)
- Re: Tool to find hidden web proxy server Thor (Sep 03)
- RE: Tool to find hidden web proxy server Aditya Deshmukh (Sep 03)
- Re: Tool to find hidden web proxy server Balaji Prasad (Sep 05)
- Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)
- Re: Tool to find hidden web proxy server Alexandre Verriere (Sep 07)