[WEB SECURITY] automatically detecting transparent web proxies

robert at webappsec.org robert at webappsec.org
Tue Feb 8 13:10:30 EST 2011


> Hey anyone got ideas on how to automatically detect transparent web
> proxies?
> 
> I'm thinking maybe a cooperating web server on the outside or one that can
> accomplish HTTP response splitting could be used somehow, but I haven't
> figured it out yet.

I wrote a paper on a transparent proxy flaw that still exists in many products (http://www.kb.cert.org/vuls/id/435052)
(like squid, bluecoat by default, etc) and outlines an abuse case which can be used to detect transparent proxies.

Paper + Slides
http://www.thesecuritypractice.com/the_security_practice/2010/03/abusing-transparent-proxies-with-flash-presentation-available-paper-update.html

I also have a method for detect caching proxies that I should be posting in the next week or so (I'll reply to this thread once
it is posted).

Regards,
- Robert Auger
WASC Co Founder/Moderator of The Web Security Mailing List
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/


> --=20
> Effing the ineffable since 1997. | http://www.subspacefield.org/~travis/
> My emails do not usually have attachments; it's a digital signature
> that your mail program doesn't understand.
> If you are a spammer, please email john at subspacefield.org to get blackliste=
> d.
> 
> --/NkBOFFp2J2Af1nK
> Content-Type: application/pgp-signature
> Content-Disposition: inline
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (OpenBSD)
> 
> iQIcBAEBAgAGBQJNULsbAAoJEGQVZZEDJt9HbRQQAIoIsabauKo9Up2LltkUdXA+
> 6IG9+hy3Arlu1YGqukw569e8DGvnihvJm7Yt0az3QAZbXgQcyP8/0X5dx4BGfRSn
> XxE6DYvTNyi9AIW0X8cvDyby+BIlaArfBn+Nyz8Rw6Id+pVmi9bto9YC8nZNlHoU
> qkli1y+nKvwW2lAmOkpZDWpgPfOxpd6uMxgs7FxAUJuzVF6BC1GYwgxnygjMsrM4
> Oj+XGpq1zt5qY/RCbiBQ1jpE2/0ab4xmEoI01chq7ajfW0pxXNFbXxBjzYwfVDAN
> Dj49GROeL/WCVQvwbJJSg37gLodHurtBjQfBx1hkud9PY+B8Wej7E0E3G3EDtRO1
> X+DdkKTdQbcFIRTSF3A2nLdeoAWl8ARITBOgg/jZywhAKoLltwfdbt+9PGsrRfAD
> LV9oWp79v+vF6AAkoY8CbrWt/ysIuLZLbQGi23ggRhRRaaUQg84w2UiBZ6OtMTzo
> YowCLRUQeQXTBxfTqYw0uAn8lCF+RWFyh33auX9Xwj6yonx9XvY/MObsRfeuocNJ
> pKyyPOryQDJgbxrNXH39HLA2BpvWE37uBhkmvjtgfUpPT1BtGDyHTT2pWrBwdG4X
> s56FdLD70nefgEY40y30s0Ez3ZOTUaeh3DBMhobiDYCpuEOrLX9yYnv1uch+aB0h
> F8Wa7OzbWu3ohtgt/Djb
> =onSV
> -----END PGP SIGNATURE-----
> 
> --/NkBOFFp2J2Af1nK--
> 
> 
> --===============5149206312402474788==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> 
> --===============5149206312402474788==--
> 





More information about the websecurity mailing list