[WEB SECURITY] automatically detecting transparent web proxies

robert at webappsec.org robert at webappsec.org
Tue Feb 8 13:26:13 EST 2011


> My usual is:
> 
> telnet 1.2.3.4 80
> 
> If you get a connection, you've got a transparent proxy (or some
> inconsiderate bugger has finally put a web server on 1.2.3.4)

Some ISPS respond with placeholder pages for non existent domains, and they accomplish this
by responding to DNS requests to point to their web server IP. In this use case simply telnetting
will not prove reliable. Network solutions did this years ago and stopped, however there are likely some
isps doing the same thing somewhere. 

Just an edge case to be aware of.

Regards,
- Robert Auger

 
> 
> 
> On 08/02/2011 03:40, travis+ml-webappsec at subspacefield.org wrote:
> > Hey anyone got ideas on how to automatically detect transparent web
> > proxies?
> > 
> > I'm thinking maybe a cooperating web server on the outside or one that can
> > accomplish HTTP response splitting could be used somehow, but I haven't
> > figured it out yet.
> 
> -- 
> Pentest - When a tick in the box is not enough
> 
> Paul Johnston - IT Security Consultant / Tiger SST
> Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)
> 
> Office: +44 (0) 161 233 0100
> Mobile: +44 (0) 7817 219 072
> 
> Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
> Registered Number: 4217114 England & Wales
> Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> 





More information about the websecurity mailing list