Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 20:53:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

Translated ['network-services-pentesting/3128-pentesting-squid.md'] to s

Browse source
This commit is contained in:
Translator 2024-03-25 14:07:09 +00:00
parent cc7a5f7dad
commit 42274e2b18
1 changed files with 20 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
network-services-pentesting/3128-pentesting-squid.md
View file

@ -4,11 +4,11 @@
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
@ -17,9 +17,9 @@ Njia nyingine za kusaidia HackTricks:
Kutoka [Wikipedia](https://en.wikipedia.org/wiki/Squid\_\(software\)):
> **Squid** ni kache na mwendeshaji wa proksi ya wavuti ya HTTP. Ina matumizi mbalimbali, ikiwa ni pamoja na kuharakisha seva ya wavuti kwa kuhifadhi ombi zinazorudiwa, kuhifadhi wavuti, DNS na utafutaji mwingine wa kompyuta kwenye mtandao kwa kikundi cha watu wanaoshiriki rasilimali za mtandao, na kusaidia usalama kwa kuchuja trafiki. Ingawa inatumika kwa kiasi kikubwa kwa HTTP na FTP, Squid ina msaada mdogo kwa itifaki kadhaa zingine ikiwa ni pamoja na Internet Gopher, SSL, TLS na HTTPS. Squid haishikilii itifaki ya SOCKS, tofauti na Privoxy, ambayo Squid inaweza kutumika ili kutoa msaada wa SOCKS.
> **Squid** ni kache na mbele ya mtandao wa proksi wa HTTP. Ina matumizi mbalimbali, ikiwa ni pamoja na kuharakisha seva ya wavuti kwa kuhifadhi ombi zilizorudiwa, kuhifadhi wavuti, DNS na utafutaji mwingine wa mtandao wa kompyuta kwa kikundi cha watu wanaoshiriki rasilimali za mtandao, na kusaidia usalama kwa kufuta trafiki. Ingawa hutumiwa hasa kwa HTTP na FTP, Squid ina msaada mdogo kwa itifaki kadhaa zingine ikiwa ni pamoja na Internet Gopher, SSL, TLS na HTTPS. Squid haisaidii itifaki ya SOCKS, tofauti na Privoxy, ambayo Squid inaweza kutumika ili kutoa msaada wa SOCKS.
**Bandari ya chaguo-msingi:** 3128
**Bandari ya msingi:** 3128
```
PORT STATE SERVICE VERSION
3128/tcp open http-proxy Squid http proxy 4.11
@ -28,34 +28,35 @@ PORT STATE SERVICE VERSION
## Mtandao wa Proksi
Unaweza kujaribu kuweka huduma hii uliyoipata kama proksi kwenye kivinjari chako. Hata hivyo, ikiwa imeundwa na uthibitishaji wa HTTP utaulizwa majina ya watumiaji na nywila.
Unaweza kujaribu kuweka huduma hii uliyoigundua kama proksi kwenye kivinjari chako. Hata hivyo, ikiwa imeboreshwa na uthibitishaji wa HTTP utaulizwa majina ya watumiaji na nywila.
```bash
# Try to proxify curl
curl --proxy http://10.10.11.131:3128 http://10.10.11.131
```
## Nmap proxified
## Nmap imefanyiwa proxi
Unaweza pia jaribu kutumia proxy kwa **kuchunguza bandari za ndani kwa kutumia nmap kupitia proxy**.\
Sanidi proxychains kutumia squid proxy kwa kuongeza mstari ufuatao mwishoni mwa faili ya proxichains.conf: `http 10.10.10.10 3128`
Unaweza pia jaribu kutumia proxi kufanya **uchunguzi wa bandari za ndani kwa kutumia nmap**.\
Sanidi proxychains kutumia proxi ya squid kwa kuongeza mstari ufuatao mwishoni mwa faili ya proxichains.conf: `http 10.10.10.10 3128`
Kwa proxi zinazohitaji uwakiki, ongeza siri kwenye usanidi kwa kuingiza jina la mtumiaji na nywila mwishoni: `http 10.10.10.10 3128 jina_la_mtumiaji nywila`.
Kisha endesha nmap na proxychains ili **kuchunguza mwenyeji kutoka kwa kompyuta ya ndani**: `proxychains nmap -sT -n -p- localhost`
Kisha endesha nmap kwa kutumia proxychains kufanya **uchunguzi wa mwenyeji kutoka kwa eneo la ndani**: `proxychains nmap -sT -n -p- localhost`
## SPOSE Scanner
Kwa hiari, unaweza kutumia Squid Pivoting Open Port Scanner ([spose.py](https://github.com/aancw/spose)).
Kwa upande mwingine, Skana ya Bandari Zilizofunguliwa za Squid Pivoting ([spose.py](https://github.com/aancw/spose)) inaweza kutumika.
```bash
python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131
```
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>