Re: check the presence of a reverse proxy

• Previous message: xyberpix: "RE: physical security pentesting procedures, tips, audit programs?"
• Maybe in reply to: hvjuan_at_kanux.com: "Re: check the presence of a reverse proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 06 Dec 2004 13:22:34 +0100
To: Maria Da Re <pentestml@yahoo.it>

First, make a traceroute (also on TCP port 80, 443, ... look at tcptraceroute) to check if you can see the final machine or if the Firewall (or another router) block icmp_exceeded packets....

But, if you just want to check if the RP works correctly, you'll have to have a look at the HTML protocol. If you uses an HTML proxy, you can look at what is send and received by your browser. By the end, if you discover any information about your Apache Web server, the your proxy is not correctly configured.

Sincerly,

alan

On 30-11-2004 22:38:01 Maria Da Re <pentestml@yahoo.it> was overheard saying:
---------------------------------------------------
> Can i check the presence of a reverse proxy
> between me and some webservers?
>
> The pen-test scenario (target network) is:
>
> - 2 level of firewall (pix and iptables)
> - one dmz with a squid configured as reverse proxy
> (and other things)
> - one internal network with 4 webserver with apache
> and public ip address (and other things)
>
> So i would to check if my request to one of webserver
> is natted (by external firewall) to the proxy and
> redirected by the proxy to the webserver. I can work
> from Internet, from a subnet connected to external
> firewall, from a subnet connected to internal
> firewall.
>
> Some suggestions?
>
> Many thanks
>
> m.
>
>
>
>
> ___________________________________
> Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica… Scaricalo ora!
> http://it.messenger.yahoo.it

---------------------------------
Melimail -- Une adresse @melimail.com gratuite ?
Viens réserver ton pseudo avant tout le monde !!
http://www.melimail.com

• Previous message: xyberpix: "RE: physical security pentesting procedures, tips, audit programs?"
• Maybe in reply to: hvjuan_at_kanux.com: "Re: check the presence of a reverse proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to secure a webserver in a DMZ ... If your webserver gets comprised, your DB is open as well. ... How easy would it be for an "advanced agressor" to load evil code (for ssh-over-https-tunneling i.e.) from the internet, if the only connection to the webserver is encrypted http inbound and outbound traffic is not allowed? ... If anybody was able to compromise the Reverse proxy over https, than he could even go further and compromise the backand webserver through tricky-http stuff also? ... (Security-Basics) check the presence of a reverse proxy ... Can i check the presence of a reverse proxy ... The pen-test scenario (target network) is: ... - 2 level of firewall ... So i would to check if my request to one of webserver ... (Pen-Test) RE: check the presence of a reverse proxy ... check the presence of a reverse proxy ... The pen-test scenario (target network) is: ... - 2 level of firewall ... So i would to check if my request to one of webserver ... (Pen-Test) Re: which firewall ... Take a reverse proxy. ... This will at least ensure syntactically correct questions to the webserver ... IIS as webserver is bad, if you can reach it directly,) ... (comp.security.firewalls) Re: which firewall ... Take a reverse proxy. ... This will at least ensure syntactically correct questions to the webserver ... IIS as webserver is bad, if you can reach it directly,) ... (comp.security.firewalls)