hacktricks/pentesting/3128-pentesting-squid.md

# 3128 - Pentesting Squid

## Basic Information

**Squid** is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support. (From [here](https://en.wikipedia.org/wiki/Squid\_\(software\))).

**Default port:** 3128

```
PORT     STATE  SERVICE      VERSION
3128/tcp open   http-proxy   Squid http proxy 4.11
```

## Enumeration

### Web Proxy

You can try to set this discovered service as proxy in your browser. However, if it's configured with HTTP authentication you will be prompted for usernames and password.

```bash
# Try yo proxify curl
curl --proxy http://10.10.11.131:3128 http://10.10.11.131
```

### Nmap proxified

You can also try to abuse the proxy to **scan internal ports proxifying nmap**.\
Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: `http 10.10.10.10 3128`

Then run nmap with proxychains to **scan the host from local**: `proxychains nmap -sT -n -p- localhost`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00			`# 3128 - Pentesting Squid`

			`## Basic Information`

GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support. (From [here](https://en.wikipedia.org/wiki/Squid\_\(software\))).
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
			`Default port: 3128`

GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			```
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00			`PORT STATE SERVICE VERSION`
			`3128/tcp open http-proxy Squid http proxy 4.11`
			```

			`## Enumeration`

			`### Web Proxy`

			`You can try to set this discovered service as proxy in your browser. However, if it's configured with HTTP authentication you will be prompted for usernames and password.`

GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			```bash
			`# Try yo proxify curl`
			`curl --proxy http://10.10.11.131:3128 http://10.10.11.131`
			```

GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00			`### Nmap proxified`

GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			`You can also try to abuse the proxy to scan internal ports proxifying nmap.\`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00			Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: `http 10.10.10.10 3128`

			Then run nmap with proxychains to scan the host from local: `proxychains nmap -sT -n -p- localhost`