Re: Reverse Proxy Pen Testing
From: Andres Riancho (andresit_at_fibertel.com.ar)
Date: 03/27/05
- Previous message: FF 647: "Reverse Proxy Pen Testing"
- In reply to: FF 647: "Reverse Proxy Pen Testing"
- Next in thread: Jerry Shenk: "RE: Reverse Proxy Pen Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "FF 647" <ff_647@yahoo.com>, <pen-test@securityfocus.com> Date: Sat, 26 Mar 2005 20:37:37 -0300
FF 647 ,
This is kind of hard to do because you dont really know the subnet they
are using on their internal lan ( 10.* , 192.168.* or 172.16.* ) so the
worse part is to "guess" where they have the internal web servers. Some time
ago i asked myself this same question and i got to this answer :
a ) configure proxychains to use the netcache
b ) run : proxychains nmap -sT -sV -p80 -P0 192.168.1-15.1-50
Also , netcache can be configured to retrieve only external web pages if
this is the case , i dont know how to bypass that.
Hope this helps .
Cheers ,
Andres Riancho
----- Original Message -----
From: "FF 647" <ff_647@yahoo.com>
To: <pen-test@securityfocus.com>
Sent: Friday, March 25, 2005 9:40 PM
Subject: Reverse Proxy Pen Testing
> Does anyone know of a way to test a netcache to see if
> it will return content from web sites on an internal
> network -- intranet sites that would otherwise not be
> viewable by the public? Any info would be appreciated
> as we are investigating techniques to simulate
> Internet based attack vectors against our reverse proxy.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
- Previous message: FF 647: "Reverse Proxy Pen Testing"
- In reply to: FF 647: "Reverse Proxy Pen Testing"
- Next in thread: Jerry Shenk: "RE: Reverse Proxy Pen Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
