Nmap Development mailing list archives
Re: Portscanning through HTTP proxy?
From: "uzy" <uzy () isecurelabs com>
Date: Wed, 08 Dec 2004 17:23:12 +0100
Right. Proxychains hijacks the connect() library call for any TCP socket.RAW/PACKET or UDP sockets cannot be redirected through this kind of proxies because, as far as I know, these proxies are designed to relay full TCP connections only. TCP connect scan (-sT) and service fingerprint on TCP (-sV) can be proxyfied. OS fingerprints (-O), RAW scans ( -f, -sI, -sO, -sS, -sA, and so on) or UDP fingerprints/scans (-sU) can not. cu MadHat writes:
On Dec 7, 2004, at 1:40 PM, Alex R wrote:Can you proxy anything? For example could you proxy some -O stuff or -sS and-sV?-O does not work with proxying as the proxy mangles the packets, -sV should work fine.-----Original Message----- From: uzy [mailto:uzy () isecurelabs com] Sent: Tuesday, December 07, 2004 9:25 PM To: nmap-dev () insecure orgSubject: Re: Portscanning through HTTP proxy? You could consider using nmap -sT with proxychains. As simple as : proxychains nmap -sT -p NN myIP Edit proxychains.conf to specify your SOCKS or HTTP proxy. http://proxychains.sf.net Cheers MadHat writes:On Dec 7, 2004, at 2:14 AM, Max wrote:You might have better success with Nessus since it comes with its own languageWhy not just patch nmap? It has a language too, called C++ ;) Fyodor has mention in the source code that there should probably be SOCKS support as well. Just if no one asks for it, he is going to work on whathe feels is most important. If someone really wants a feature, they canrequest it, or try and write a patch (the glory of Open Source).M@xMadHat wrote:On Dec 6, 2004, at 3:58 PM, Mark Lachniet wrote:Is there a decent way, similar to the FTP bounce approach, to do portscanning through an insecure HTTP proxy using CONNECT verbs? Forexample, say I find a dual-homed host that has unrestricted proxy, andamtoo lazy to telnet to the proxy and type: 'CONNECT http://10.1.1.1:25 HTTP/1.1'and manually iterate it a hundred times.there is not an easy way right now built into nmap that I know of, but it should be easy to make a patch for it.--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email tonmap-dev-help () insecure org . List archive: http://seclists.org--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email tonmap-dev-help () insecure org . List archive: http://seclists.org--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email tonmap-dev-help () insecure org . List archive: http://seclists.org---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- nmap-service-probes - NTP support Martin Mačok (Dec 06)
- Re: nmap-service-probes - NTP support Fyodor (Dec 06)
- Portscanning through HTTP proxy? Mark Lachniet (Dec 06)
- Re: Portscanning through HTTP proxy? MadHat (Dec 06)
- Message not available
- Re: Portscanning through HTTP proxy? MadHat (Dec 07)
- Re: Portscanning through HTTP proxy? uzy (Dec 07)
- RE: Portscanning through HTTP proxy? Alex R (Dec 07)
- Re: Portscanning through HTTP proxy? MadHat (Dec 07)
- Re: Portscanning through HTTP proxy? uzy (Dec 08)
- RE: Portscanning through HTTP proxy? Alex R (Dec 08)
- Re[2]: Portscanning through HTTP proxy? Bo Cato (Dec 08)
- Re: Portscanning through HTTP proxy? Ron (Dec 08)
- Re: Portscanning through HTTP proxy? uzy (Dec 08)
- Portscanning through HTTP proxy? Mark Lachniet (Dec 06)
- Re: nmap-service-probes - NTP support Fyodor (Dec 06)
- Re: Portscanning through HTTP proxy? Nicolas Gregoire (Dec 07)