Penetration Testing mailing list archives
Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Tue, 10 Mar 2009 12:46:22 -0300
Hi Amardeep and Rchard Thomas, Thank you for the input. Well, I did look at the Paros for example and BurpSuite, however I only found a way to do it manualy (request by request), and I need a way to do it transparent - without user interaction (in the case, I), like a header rewrite on the fly. Ex.: Find header "Cookie: user=XXXXXXXXccxcxscscs; tamp=23434732674272" and replace it on the fly with "Cookie: user=YYYYYYYccxcxscscs; tamp=111111111111111111; admin=1", and we can't forget that the proxy have to deal and fix the size of the content-lenght - so just send the packet to the webserver. Not so easy, ahn? Check for example the manual of Paros, it only explain a manual section named: Trapping HTTP requests and responses. Thanks for the input. On Tue, Mar 10, 2009 at 6:50 AM, Amardeep Singh <Amardeep_Singh () symantec com> wrote:
Paros, Burp, WebScrab are some of the really god options you can try. I know Paros is the easiest to install and get going. Amardeep Singh -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Richard Miles Sent: Tuesday, March 10, 2009 3:01 AM To: pen-test () securityfocus com Subject: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Hello I'm doing a pen-test in a Cisco 3015 concentrator - ipsec connections tunneled over TCP port 10000. By the way, ike-scan do not work with this vpn. Also the common tools to brute force like THC-pptp, THC-Hydra and Medusa do not work also. Nmap neither regoganize the port as opened (but it doesn't matter), it say filtered, but I can telnet and estabilish a connection to it. Do you have some experience with this device? Can you give me some hints? And point me to some tools for identify, enumerate and brute-force this Cisco implementation? A bit off-topic: Does anyone know a easy to install and configure web proxy for windows which enable headers rewrite? I need to setup a fast web proxy at my windows box to replace all headers (before they are sent to the webserver) of the "Cookie" field and a proprietary header. Thanks folks.
Current thread:
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?, (continued)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Message not available
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)
- RE: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Alex Eden (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Message not available
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Wasim Halani (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)