Re: Portscanning through HTTP proxy?

["uzy" <uzy () isecurelabs com>]

Right.
Proxychains hijacks the connect() library call for any TCP socket.
RAW/PACKET or UDP sockets cannot be redirected through this kind of proxies 
because, as far as I know, these proxies are designed to relay full TCP 
connections only. 

TCP connect scan (-sT) and service fingerprint on TCP (-sV) can be 
proxyfied. 

OS fingerprints (-O), RAW scans ( -f, -sI, -sO, -sS, -sA, and so on) or UDP 
fingerprints/scans (-sU) can not. 

cu 

MadHat writes: 

> On Dec 7, 2004, at 1:40 PM, Alex R wrote:
> > Can you proxy anything? For example could you proxy some -O stuff or -sS 
> > and
> > -sV?
>
> -O does not work with proxying as the proxy mangles the packets, -sV 
> should work fine. 
>
>
> > -----Original Message-----
> > From: uzy [mailto:uzy () isecurelabs com]
> > Sent: Tuesday, December 07, 2004 9:25 PM
> > To: nmap-dev () insecure org
> > Subject: Re: Portscanning through HTTP proxy? 
> >
> > You could consider using nmap -sT with proxychains. As simple as : 
> >
> > proxychains nmap -sT -p NN myIP 
> >
> > Edit proxychains.conf to specify your SOCKS or HTTP proxy. 
> >
> > http://proxychains.sf.net 
> >
> > Cheers 
> >
> > MadHat writes: 
> >
> > > On Dec 7, 2004, at 2:14 AM, Max wrote:
> > > > You might have better success with Nessus since it comes with its own
> > > > language
> > >
> > > Why not just patch nmap?  It has a language too, called C++ ;) 
> > >
> > > Fyodor has mention in the source code that there should probably be 
> > > SOCKS
> > > support as well.  Just if no one asks for it, he is going to work on 
> > > what
> > > he feels is most important.  If someone really wants a feature, they can
> > > request it, or try and write a patch (the glory of Open Source). 
> > >
> > > > M@x 
> > > >
> > > >
> > > > MadHat wrote:
> > > > > On Dec 6, 2004, at 3:58 PM, Mark Lachniet wrote:
> > > > > > Is there a decent way, similar to the FTP bounce approach, to do
> > > > > > portscanning through an insecure HTTP proxy using CONNECT verbs?  For
> > > > > > example, say I find a dual-homed host that has unrestricted proxy, 
> > > > > > and
> > > > > > am
> > > > > > too lazy to telnet to the proxy and type: 
> > > > > >
> > > > > > 'CONNECT http://10.1.1.1:25 HTTP/1.1' 
> > > > > >
> > > > > > and manually iterate it a hundred times.
> > > > > there is not an easy way right now built into nmap that I know of, but
> > > > > it should be easy to make a patch for it.
> > >  
> > >
> > > ---------------------------------------------------------------------
> > > For help using this (nmap-dev) mailing list, send a blank email to
> > > nmap-dev-help () insecure org . List archive: http://seclists.org 
> >  
> >
> >
> > ---------------------------------------------------------------------
> > For help using this (nmap-dev) mailing list, send a blank email to
> > nmap-dev-help () insecure org . List archive: http://seclists.org 
> >
> >  
> >
> >  
> >
> > ---------------------------------------------------------------------
> > For help using this (nmap-dev) mailing list, send a blank email to
> > nmap-dev-help () insecure org . List archive: http://seclists.org 
>  
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to 
> nmap-dev-help () insecure org . List archive: http://seclists.org 



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org