hacktricks/network-services-pentesting/3128-pentesting-squid.md

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsieplanne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}


# Basiese Inligting

Van [Wikipedia](https://en.wikipedia.org/wiki/Squid\_\(software\)):

> **Squid** is 'n caching en forwarding HTTP web proxy. Dit het 'n wye verskeidenheid gebruike, insluitend die versnel van 'n webbediener deur herhaalde versoeke te cache, die cache van web-, DNS en ander rekenaar netwerksoektogte vir 'n groep mense wat netwerkbronne deel, en die bevordering van sekuriteit deur verkeer te filter. Alhoewel dit hoofsaaklik vir HTTP en FTP gebruik word, sluit Squid beperkte ondersteuning in vir verskeie ander protokolle, insluitend Internet Gopher, SSL, TLS en HTTPS. Squid ondersteun nie die SOCKS-protokol nie, anders as Privoxy, waarmee Squid gebruik kan word om SOCKS-ondersteuning te bied.

**Standaard poort:** 3128
```
PORT     STATE  SERVICE      VERSION
3128/tcp open   http-proxy   Squid http proxy 4.11
```
# Opname

## Web Proxie

Jy kan probeer om hierdie ontdekte diens as 'n proxy in jou blaaskas te stel. As dit egter met HTTP-outeentifikasie geconfigureer is, sal jy gevra word vir gebruikersname en wagwoorde.
```bash
# Try to proxify curl
curl --proxy http://10.10.11.131:3128 http://10.10.11.131
```
## Nmap proxified

Jy kan ook probeer om die proxy te misbruik om **interne poorte te skandeer deur nmap te proxify**.\
Konfigureer proxychains om die squid proxy te gebruik deur die volgende lyn aan die einde van die proxichains.conf-lêer toe te voeg: `http 10.10.10.10 3128`\
Vir proxies wat verifikasie vereis, voeg akrediteerbesonderhede by die konfigurasie deur die gebruikersnaam en wagwoord aan die einde in te sluit: `http 10.10.10.10 3128 gebruikersnaam wagwoord`.

Hardloop dan nmap met proxychains om **die gasheer van plaaslik te skandeer**: `proxychains nmap -sT -n -p- localhost`

## SPOSE Scanner

Alternatiewelik kan die Squid Pivoting Open Port Scanner ([spose.py](https://github.com/aancw/spose)) gebruik word.
```bash
python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131
```
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Opleiding AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Opleiding GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`<summary>Ondersteun HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`* Kyk na die [subskripsieplanne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`# Basiese Inligting`
a 2024-02-08 21:36:50 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`Van [Wikipedia](https://en.wikipedia.org/wiki/Squid\_\(software\)):`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			> Squid is 'n caching en forwarding HTTP web proxy. Dit het 'n wye verskeidenheid gebruike, insluitend die versnel van 'n webbediener deur herhaalde versoeke te cache, die cache van web-, DNS en ander rekenaar netwerksoektogte vir 'n groep mense wat netwerkbronne deel, en die bevordering van sekuriteit deur verkeer te filter. Alhoewel dit hoofsaaklik vir HTTP en FTP gebruik word, sluit Squid beperkte ondersteuning in vir verskeie ander protokolle, insluitend Internet Gopher, SSL, TLS en HTTPS. Squid ondersteun nie die SOCKS-protokol nie, anders as Privoxy, waarmee Squid gebruik kan word om SOCKS-ondersteuning te bied.
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`Standaard poort: 3128`
GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			```
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00			`PORT STATE SERVICE VERSION`
			`3128/tcp open http-proxy Squid http proxy 4.11`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`# Opname`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`## Web Proxie`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`Jy kan probeer om hierdie ontdekte diens as 'n proxy in jou blaaskas te stel. As dit egter met HTTP-outeentifikasie geconfigureer is, sal jy gevra word vir gebruikersname en wagwoorde.`
GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			```bash
Update 3128-pentesting-squid.md Typo fix 2023-07-10 18:14:36 +00:00			`# Try to proxify curl`
GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00			`curl --proxy http://10.10.11.131:3128 http://10.10.11.131`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`## Nmap proxified`
GitBook: [#2984] No subject 2022-02-03 02:15:45 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`Jy kan ook probeer om die proxy te misbruik om interne poorte te skandeer deur nmap te proxify.\`
			Konfigureer proxychains om die squid proxy te gebruik deur die volgende lyn aan die einde van die proxichains.conf-lêer toe te voeg: `http 10.10.10.10 3128`\
			Vir proxies wat verifikasie vereis, voeg akrediteerbesonderhede by die konfigurasie deur die gebruikersnaam en wagwoord aan die einde in te sluit: `http 10.10.10.10 3128 gebruikersnaam wagwoord`.
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			Hardloop dan nmap met proxychains om die gasheer van plaaslik te skandeer: `proxychains nmap -sT -n -p- localhost`
GitBook: [master] 2 pages modified 2021-04-02 11:54:47 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`## SPOSE Scanner`
add spose scanner 2022-09-01 00:21:26 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`Alternatiewelik kan die Squid Pivoting Open Port Scanner ([spose.py](https://github.com/aancw/spose)) gebruik word.`
add spose scanner 2022-09-01 00:21:26 +00:00			```bash
			`python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Opleiding AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Opleiding GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`<summary>Ondersteun HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`* Kyk na die [subskripsie planne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:49 +00:00			`{% endhint %}`