[WEB SECURITY] automatically detecting transparent web proxies

Paul Johnston paul.johnston at pentest.co.uk
Tue Feb 8 12:26:38 EST 2011


My usual is:

telnet 1.2.3.4 80

If you get a connection, you've got a transparent proxy (or some
inconsiderate bugger has finally put a web server on 1.2.3.4)


On 08/02/2011 03:40, travis+ml-webappsec at subspacefield.org wrote:
> Hey anyone got ideas on how to automatically detect transparent web
> proxies?
> 
> I'm thinking maybe a cooperating web server on the outside or one that can
> accomplish HTTP response splitting could be used somehow, but I haven't
> figured it out yet.

-- 
Pentest - When a tick in the box is not enough

Paul Johnston - IT Security Consultant / Tiger SST
Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK




More information about the websecurity mailing list