During security penetration testing you may find web proxies, or web servers that will proxy connections. Like any red blooded penetration tester I set about testing for connections through the proxy, for example I’ll telnet to the proxy port a try stuff like;
CONNECT localhost:22 HTTP/1.1\n\n
- and -
GET HTTP://some-other-host/ HTTP/1.1\n\n
I couldn’t find a tool that would scan for hosts and ports through a web proxy, so I wrote one. This tool takes the leg work out of testing for connections through a proxy.
Here’s an example diagram.
proxyScan.pl currently supports the following options.
Options: -h --help this message. -v --verbose be verbose for debugging. -p --ports ports to scan for. Example: 80-90,8080-8090,443,23,22 -t --targets target hosts to scan for through proxy. Default is localhost. Example: localhost,10.1.1.1-10.1.1.100,myhost.somedomain.com -o --timeout timeout in seconds to wait for a response. default is 2 seconds -d --delay delay in seconds between requests. Default is 0.5. -m --method request method (CONNECT/GET/OPTIONS/TRACE/etc). default is GET. -x --proxy proxy server. default is localhost:8080