3128 - Pentesting Squid
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
From Wikipedia:
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support.
Default port: 3128
You can try to set this discovered service as proxy in your browser. However, if it's configured with HTTP authentication you will be prompted for usernames and password.
You can also try to abuse the proxy to scan internal ports proxifying nmap.
Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: http 10.10.10.10 3128
For proxies requiring authentication, append credentials to the configuration by including the username and password at the end: http 10.10.10.10 3128 username passw0rd
.
Then run nmap with proxychains to scan the host from local: proxychains nmap -sT -n -p- localhost
Alternatively, the Squid Pivoting Open Port Scanner (spose.py) can be used.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)