Proxy Bounce Scanner - Bounce a portscan off a web proxy server, a la 'FTP bounce attack'.
a32fae8c1fa6cd4bb5204d4cf2836f49/*
** pbs.c : Proxy Bounce Scanner - Bounce a portscan off an
** web proxy server, a la 'FTP bounce attack'
** Gus '98
**
** hi-5s to : Mr Darkcyde for his original idea.
** : #phuk, Ao12M, DM, DAC.
**
..
.. Problem : WWW Proxy servers may be an unrecognised source of
.. : hostile traffic.
..
.. Solution : Ensure that only authorised users may connect to the
.. : proxy server port.
..
**
**
**
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <errno.h>
#include <string.h>
#include <signal.h>
int proxy_scan(char *,char *,int ,int ,int);
int openhost(struct hostent *, int);
int usage(char *);
void handle_alarm(int signum);
int main(int argc, char *argv[]) {
int proxy_port = 8080;
int start_port = 20;
int end_port = 24;
char *target = NULL;
char *proxy = NULL;
if (argc < 6) exit(usage(argv[0]));
proxy = argv[1];
proxy_port = atoi(argv[2]);
target = argv[3];
start_port = atoi(argv[4]);
end_port = atoi(argv[5]);
exit(proxy_scan(target,proxy,proxy_port,start_port,end_port));
}
int usage(char *name) {
fprintf(stderr,"pbs.c - Gus'98\n");
fprintf(stderr,"Usage: %s <proxy host> <proxy port>",name);
fprintf(stderr," <target> <start> <end>\n");
return(1);
}
void handle_alarm(int signum) {
alarm(0);
signal(SIGALRM, SIG_DFL);
}
int openhost(struct hostent *he, int port) {
int sock;
struct sockaddr_in sa;
memcpy(&sa.sin_addr, he->h_addr, he->h_length);
sa.sin_port=htons(port);
sa.sin_family=AF_INET;
sock=socket(AF_INET,SOCK_STREAM,0);
if (sock < 0) {
perror ("cannot open socket");
exit(-1);
}
bzero(&sa.sin_zero,sizeof (sa.sin_zero));
if (connect(sock,(struct sockaddr *)&sa,sizeof sa)<0) {
perror("Could not connect to host");
exit(-1);
}
return(sock);
}
int proxy_scan(char *target,char *proxy,int p_port,int s_port,int e_port) {
char reqbuff[1024];
char respbuff[255];
struct hostent *he;
int curport = 0;
int sock,nread;
he = gethostbyname(proxy);
if (he == NULL) {
perror("Bad hostname");
return (1);
}
printf ("Bouncing off of : %s\nPorts: %d to %d\n", proxy,s_port,e_port);
for (curport = s_port; curport <= e_port ; curport++) {
sock = openhost(he,p_port);
printf ("Trying %d...",curport);
bzero(reqbuff,sizeof(char));
sprintf(reqbuff,"GET http://%s:%d HTTP/1.0\n\n", target,curport);
write(sock,reqbuff,strlen(reqbuff));
siginterrupt(SIGALRM, 1);
signal(SIGALRM, handle_alarm);
alarm(5);
nread = read(sock,respbuff,255);
if (nread <= 0) {
if (errno == EINTR) errno = ETIMEDOUT;
printf("timeout, probably open\n");
} else {
if (strstr(respbuff," 500 ")) printf("closed.\n");
if (strstr(respbuff," 200 ")) printf("open.\n");
}
alarm(0);
(void)shutdown(sock,2);
}
printf ("\nAll done.\n");
return 0;
}
/*
** pbs.c : Proxy Bounce Scanner - Bounce a portscan off an
** web proxy server, a la 'FTP bounce attack'
** Gus '98
**
** hi-5s to : Mr Darkcyde for his original idea.
** : #phuk, Ao12M, DM, DAC.
**
..
.. Problem : WWW Proxy servers may be an unrecognised source of
.. : hostile traffic.
..
.. Solution : Ensure that only authorised users may connect to the
.. : proxy server port.
..
**
**
**
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <errno.h>
#include <string.h>
#include <signal.h>
int proxy_scan(char *,char *,int ,int ,int);
int openhost(struct hostent *, int);
int usage(char *);
void handle_alarm(int signum);
int main(int argc, char *argv[]) {
int proxy_port = 8080;
int start_port = 20;
int end_port = 24;
char *target = NULL;
char *proxy = NULL;
if (argc < 6) exit(usage(argv[0]));
proxy = argv[1];
proxy_port = atoi(argv[2]);
target = argv[3];
start_port = atoi(argv[4]);
end_port = atoi(argv[5]);
exit(proxy_scan(target,proxy,proxy_port,start_port,end_port));
}
int usage(char *name) {
fprintf(stderr,"pbs.c - Gus'98\n");
fprintf(stderr,"Usage: %s <proxy host> <proxy port>",name);
fprintf(stderr," <target> <start> <end>\n");
return(1);
}
void handle_alarm(int signum) {
alarm(0);
signal(SIGALRM, SIG_DFL);
}
int openhost(struct hostent *he, int port) {
int sock;
struct sockaddr_in sa;
memcpy(&sa.sin_addr, he->h_addr, he->h_length);
sa.sin_port=htons(port);
sa.sin_family=AF_INET;
sock=socket(AF_INET,SOCK_STREAM,0);
if (sock < 0) {
perror ("cannot open socket");
exit(-1);
}
bzero(&sa.sin_zero,sizeof (sa.sin_zero));
if (connect(sock,(struct sockaddr *)&sa,sizeof sa)<0) {
perror("Could not connect to host");
exit(-1);
}
return(sock);
}
int proxy_scan(char *target,char *proxy,int p_port,int s_port,int e_port) {
char reqbuff[1024];
char respbuff[255];
struct hostent *he;
int curport = 0;
int sock,nread;
he = gethostbyname(proxy);
if (he == NULL) {
perror("Bad hostname");
return (1);
}
printf ("Bouncing off of : %s\nPorts: %d to %d\n", proxy,s_port,e_port);
for (curport = s_port; curport <= e_port ; curport++) {
sock = openhost(he,p_port);
printf ("Trying %d...",curport);
bzero(reqbuff,sizeof(char));
sprintf(reqbuff,"GET http://%s:%d HTTP/1.0\n\n", target,curport);
write(sock,reqbuff,strlen(reqbuff));
siginterrupt(SIGALRM, 1);
signal(SIGALRM, handle_alarm);
alarm(5);
nread = read(sock,respbuff,255);
if (nread <= 0) {
if (errno == EINTR) errno = ETIMEDOUT;
printf("timeout, probably open\n");
} else {
if (strstr(respbuff," 500 ")) printf("closed.\n");
if (strstr(respbuff," 200 ")) printf("open.\n");
}
alarm(0);
(void)shutdown(sock,2);
}
printf ("\nAll done.\n");
return 0;
}
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!