196
HTTP Proxy port tcp/8080 detection
Firewalls
2004/09/09
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
2004/11/13
1.3
Added a NetRecon rating and CVE number in version 1.2. Corrected the plugin structure and added the accuracy values in 1.3
tcp
8080
open|send GET / HTTP/1.0\nProxy-Connection: Keep-Alive\n\n|sleep|close|pattern_exists *HTTP/1.[0-1] 200 * OR *HTTP/1.[0-1] 50[2-3] *
80
Check is inspired by the Nessus plugin. See also ATK plugin 34 for a Squid specific version of this plugin.
Misconfigured or unsecure HTTP proxy servers
Other solutions
Configuration
The remote host is running an HTTP web proxy that is misconfigured because he accepts requests coming from anywhere. This allows attackers to gain some anonymity when browsing some sensitive sites using your proxy, making the remote sites think that the requests come from your network. An attacker may also use this one to do further analysis or attacking of the proxy host.
You should install or upgrade the proxy to the latest version to prevent the exploitation of known vulnerabilities. Also limit unwanted connections and communications with ACL and firewalling.
Approx. 40 minutes
Yes
Yes
Yes
Medium
9
7
6
7
Low / Medium
42
Nessus is able to do the same check.
CVE-1999-0633
10195
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://www.computec.ch
