Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Understanding Network Hacks
< Prev   CONTENTS   Next >

7.13 Proxy Scanner

Open proxies are practical for surfing the internet anonymously. Depending on their configuration you can even combine several proxies in a row by issuing the CONNECT command. Besides that proxies provide the opportunity to connect to hosts and ports that would be otherwise be blocked by a firewall, misconfigured proxies can even be a hole into your intranet. In 2002 Adrian Lamo was able to walk the intranet of the New York times by abusing such a security hole which is documented under securityfocus.com/news/340.

More than enough reasons to write a program that scans an IP frame for open proxy servers by trying to make a direct socket connection to well-known proxy ports like 3128 and 8080. If not told otherwise it will attempt to access Google in order to realize if the proxy is really open and working as expected. An automated detection is not as trivial as it seems, thus a webserver could also respond with HTTP code of 200 and a custom error page if it denies the access. Therefore the tool dumps the whole HTML code so the user can decide for himself if the request was successfully or not.

1 #!/usr/bin/python

2

3 import sys

4 import os

5 import socket

6 import urllib

7 from random import randint

8

9 # Often used proxy ports

10 proxy_ports = [3128, 8080, 8181, 8000, 1080, 80]

11

12 # URL we try to fetch

13 get_host = "google.com"

14 socket.setdefaulttimeout(3)

15

16 # get a list of ips from start / stop ip

17 def get_ips(start_ip, stop_ip):

18 ips = []

19 tmp = []

20

21 for i in start_ip.split('.'):

22 tmp.append("%02X" % long(i))

23

24 start_dec = long(''.join(tmp), 16)

25 tmp = []

26

27 for i in stop_ip.split('.'):

28 tmp.append("%02X" % long(i))

29

30 stop_dec = long(''.join(tmp), 16)

31

32 while(start_dec < stop_dec + 1):

33 bytes = []

34 bytes.append(str(int(start_dec / 16777216)))

35 rem = start_dec % 16777216

36 bytes.append(str(int(rem / 65536)))

37 rem = rem % 65536

38 bytes.append(str(int(rem / 256)))

39 rem = rem % 256

40 bytes.append(str(rem))

41 ips.append(".".join(bytes))

42 start_dec += 1

43

44 return ips

45

46

47 # try to connect to the proxy and fetch an url

48 def proxy_scan(ip):

49 # for every proxy port

50 for port in proxy_ports:

51 try:

52 # try to connect to the proxy on that port

53 s = socket.socket(socket.AF_INET,

54 socket.SOCK_STREAM)

55 s.connect((ip, port))

56 print ip + ":" + str(port) + " OPEN"

57

58 # try to fetch the url

59 print "GET " + get_host + " HTTP/1.0 "

60 s.send("GET " + get_host + " HTTP/1.0 ")

61 s.send(" ")

62

63 # get and print response

64 while 1:

65 data = s.recv(1024)

66

67 if not data:

68 break

69

70 print data

71

72 s.close()

73 except socket.error:

74 print ip + ":" + str(port) + " Connection refused"

75

76 # parsing parameter

77 if len(sys.argv) < 2:

78 print sys.argv[0] + ": <start_ip-stop_ip>"

79 sys.exit(1)

80 else:

81 if len(sys.argv) == 3:

82 get_host = sys.argv[2]

83

84 if sys.argv[1].find('-') > 0:

85 start_ip, stop_ip = sys.argv[1].split("-")

86 ips = get_ips(start_ip, stop_ip)

87

88 while len(ips) > 0:

89 i = randint(0, len(ips) 1)

90 lookup_ip = str(ips[i])

91 del ips[i]

92 proxy_scan(lookup_ip)

93 else:

94 proxy_scan(sys.argv[1])

The call to socket.socket(socket.AF_INET, socket. SOCK_STREAM) creates a TCP socket and connects it with the remote host on the given port by issuing connect() to it. If this does not terminate with a socket.error we're in. By means of a HTTP GET command we now nicely ask to access the root URL of Google or any other given host, read the response in 1,024 byte blocks as long as there is data to receive and dump the result on the console.

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel