Re: Tool to find hidden web proxy server

From: Chris Brenton (cbrenton_at_chrisbrenton.org)
Date: 09/02/04

  • Next message: tclahr_at_br.ibm.com: "Web direcroty and files browser" 
    To: vinay mangal <vinay.mangal@eil.co.in>
Date: Thu, 02 Sep 2004 14:06:22 -0400

    On Wed, 2004-09-01 at 23:36, vinay mangal wrote:
    >
    > Few smart guys have installed free proxy server running on non
    > default ports and distributed the internet access to their friends. The
    > firewall sees the traffic coming from the authorized IP and does not stop
    > them. We want to know who has installed proxy on there machine.

    This will be easy or hard, depending on just how smart the "smart guys"
    are. ;-)

    Someone else posted saying to use ngrep. Its still your friend in this
    case. Most proxies stamp an "X-Forwarded-For" field into the payload so
    you can use ngrep to key in on that. Something like:

    ngrep -q 'X-Forwarded-For' port 80

    in the path of the firewall will do the trick. Now for the bad news,
    most proxies also let you remove that "X-Forwarded-For" field, so if
    they are *really* smart and have done this you will not catch it.

    BTW, if you catch one box, do a full TCP port scan of that IP to find
    the proxy server, and then start checking all your internal IP's for
    that same open port. When I've seen this before one bad apple starts the
    whole thing and then others just copy their config.

    HTH!
    Chris

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.

    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: tclahr_at_br.ibm.com: "Web direcroty and files browser"

    Relevant Pages

    • Re: debian squid proxy server
      ... Firewall is setup, proxy server is squid. ... The internet application is using different ports, ... the users can also go to https sites (which are using port 443). ... Squid maintains an access control list called "Safe_ports". ...
      (Debian-User)
    • Re: XP SP2 and cache settings
      ... I normally use either port 80 or port 8080. ... that is where the proxy server is set. ... > proxy server to be able to access the internet. ... > "Will Denny" wrote: ...
      (microsoft.public.windowsxp.general)
    • Aw: Re: How to use apt-get through proxy server
      ... Betreff: Re: How to use apt-get through proxy server ... > internet connection is only through http proxy server. ... > server of our LAN and also its port number. ...
      (Debian-User)
    • Re: Cannot access remote server from server which has ISA
      ... there is a workaround with ISA if this still needs to be done. ... there seems to be no way to change the port in the ... through the proxy server, ... other protocols like FTP and Telnet seem to work fine on the internet. ...
      (microsoft.public.isa)
    • Re: Linux als Router
      ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
      (de.comp.os.unix.linux.misc)