8/6/2023 0 Comments Proxy scannerz![]() While some other addresses returned various web content or authentication requests:Ĭontent-Type: text/html charset=iso-8859-1 Once an address was reached which was live, but did not have an HTTP service available a "Connection refused" error message was returned. The system returned: (61) Connection refused The error messages returned by the proxy were relatively helpful, for instance: It was possible to issue HTTP requests for sequential IPv4 addresses typically used for internal networks (see: RFC1918) and monitor the responses given by the proxy. ![]() Thankfully in this instance, the target was using a legacy IPv4 internal network giving a much smaller possible address space. Potentially this could be used to attack third parties or perform malicious activities such as spamming online forums.īut what about if instead of browsing the public Internet, you request internal addresses from the proxy? Now on a modern IPv6 network, even if you knew the address range being used by the client, enumerating it would be impractical as the smallest subnet size typically used would be a "/64" giving 18446744073709551616 possible addresses. Now, this is already bad enough, since an arbitrary external attacker could browse the internet using the vulnerable client's address space. The scanner identified 3 systems that could be used as HTTP proxies, and sure enough, configuring these devices as a proxy in Firefox I was able to browse the Internet while appearing to come from the affected device's address. The most interesting findings are the discovery of open HTTP proxies. So on a recent external network pentest, the vulnerability scanner flagged up a number of "Info" findings: Not only will scanners often report information that might indicate the scan was not configured correctly as an "Info" finding, but other potentially very serious risks can also be reported as "Info" findings because the scanner is unaware of the context. However, this can be dangerous for a number of reasons. ![]() Many people who read such reports will generally ignore all of the "Info" findings, and focus only on anything labeled "Critical" or "High". Typically this is meant to convey general information about the target systems which does not pose any risk. Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |