Web Proxy Penetration Lab Setup Testing using Squid
in this article we are going to setup Squid to use it as a Proxy Server on Ubuntu/Debian machines and will try to penetrate it.
Table of content
- Introduction to Proxy Setting
- Squid Proxy Installation
- Squid Proxy Server Configuration
- Configuring Apache service for Web Proxy
- Web Proxy Penetration Testing
- Directory Brute force Attack on Proxy Server Using DIRB Tool
- Vulnerability Scanning on Proxy Server Using Nikto Tool
- SQL Injection on Proxy Server Using Sqlmap Tool
- WordPress Scanning on Proxy Server Using WPScan Tool
Introduction to Proxy Setting
A proxy is a computer system or program that acts as a kind of middle-man or an intermediary to come between your web browser and another computer. Your ISP operates servers– computers designed to deliver information to other computers. It uses proxy servers to accelerate the transfer of information between the server and your computer.
For Example: Two users say A and B both has requested to access same website of the server then Instead of retrieving the data from the original server, the proxy has “stored or cached” a copy of that site and sends it to User A without troubling the main server.
Squid Proxy Installation
Squid is a cross functional web proxy cache server application which offers proxy and cache services for HTTP, FTP, and other common network protocols such as proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and implement transparent caching. Moreover it also maintains a wide variety of caching protocols.
Let’s Begin!!
Open the host file in your local machine to add localhost address and hostname, because by default squid3 search for Ubuntu as hostname for connection implementation.
Full Article Read Here