During security penetration testing you may find web proxies, or web servers that will proxy connections. Like any red blooded penetration tester I set about testing for connections through the proxy, for example I’ll telnet to the proxy port a try stuff like;

CONNECT localhost:22 HTTP/1.1\n\n

- and -

GET HTTP://some-other-host/ HTTP/1.1\n\n

I couldn’t find a tool that would scan for hosts and ports through a web proxy, so I wrote one. This tool takes the leg work out of testing for connections through a proxy.

Here’s an example diagram.

proxyScan.pl example diagram

proxyScan.pl currently supports the following options.

   -h --help	this message.
   -v --verbose	be verbose for debugging.
   -p --ports	ports to scan for.
		Example: 80-90,8080-8090,443,23,22
   -t --targets	target hosts to scan for through proxy. Default is localhost.
		Example: localhost,,myhost.somedomain.com
   -o --timeout	timeout in seconds to wait for a response. default is 2 seconds
   -d --delay	delay in seconds between requests. Default is 0.5.
   -m --method	request method (CONNECT/GET/OPTIONS/TRACE/etc). default is GET.
   -x --proxy	proxy server. default is localhost:8080


MD5SUM: d188669d4f40454a187abe673f3e9b86

SHA1SUM:  69fe2390cffd6feecdf0e81c6abcb8c242420a9f

proxyScan.pl – scan for hosts and ports through a web proxy

  • July 4th, 2007
  • Posted in Tools

Leave a Reply

You must be logged in to post a comment.