Re: testing webapp - socks and http proxy question

I think I've solved this problem in the past by using proxy
'conversion' tools that will convert from one proxy type to another.
It's been a while so I can't remember which tool I used, but I think
socat or maybe ncat will do what you need. You configure *cat to
listen on (e.g.) port 1234 as an HTTP proxy server, and chain it to
the socks proxy server.

On Fri, Jan 9, 2009 at 3:39 AM, Rogan Dawes <lists@xxxxxxxxxxxx> wrote:
learn lids wrote:
hello everybody,

moderators : sorry about the cross-post, but i thoght this question
is relevant to all these 3 lists.

i am trying to test a web app which is accessible by only a socks
proxy. so i want to redirect the http traffic through the socks proxy
to access th webapp. the setup is:

browser {OUT 127.0.0.1:8080} ---> burp proxy --> socks proxy to
webapp

i am not sure how to make burp talk to the socks proxy. i used
proxychains but i am not able to make it work.

any suggestions are much appreciated. any other alternate methods
would be nice.

thank you, learner

The work-in-progress OWASP Proxy library (and sample app) supports
upstream and downstream SOCKS proxies. i.e. it can act as a SOCKS proxy,
and it can connect through an upstream SOCKS proxy. It can also act as a
regular HTTP proxy, allowing:

[browser] --(HTTP Proxy)--> [burp] --(HTTP Proxy)--> [OWASP Proxy]
--(SOCKS)--> [socks proxy]--> [server]

This is probably not ideal, though.

You *may* be able to convince burp to use an upstream SOCKS proxy by
setting the appropriate Java environment variables. See:

<http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html>

I don't think that this supports authentication to the upstream SOCKS
Proxy, though. If you need upstream authentication, you may need to hack
something together using JSOCKS, for example.

Rogan




Relevant Pages

  • Re: testing webapp - socks and http proxy question
    ... thanks for the suggestion @ burp, i downloaded the new version, but i was getting an error. ... set burp to use proxy. ... The socks proxy is ... can accelerate the assessment process? ...
    (Pen-Test)
  • Re: testing webapp - socks and http proxy question
    ... thanks for the suggestion @ burp, i downloaded the new version, but i was getting an error. ... set burp to use proxy. ... The socks proxy is ... can accelerate the assessment process? ...
    (Security-Basics)
  • Re: testing webapp - socks and http proxy question
    ... thanks for the suggestion @ burp, i downloaded the new version, but i was getting an error. ... set burp to use proxy. ... The socks proxy is ... can accelerate the assessment process? ...
    (Security-Basics)
  • Re: clients not supporting proxy SOCKS
    ... but there are no chess clients that support ... > So is there an easy way to use SOCKS proxy anyway? ... > If you feel is a good idea, pleas correct my poor English ...
    (Debian-User)
  • Re: testing webapp - socks and http proxy question
    ... testing webapp - socks and http proxy question ... the socks proxy server. ... You *may* be able to convince burp to use an upstream ... the upstream SOCKS ...
    (Security-Basics)
Quantcast