Socks Proxy Penetration Lab Setup using Microsocks

at 6:44 AM Friday, November 16, 2018

Socks Proxy Penetration Lab Setup using Microsocks
Hello friends!! In our previous article we have disccuss “Web Proxy Penetration Lab Setup Testing using Squid” and today’s article we are going to setup SOCKS Proxy to use it as a Proxy Server on Ubuntu/Debian machines and will try to penetrate it.
Table of Content
·         Intoduction to proxy
·         What is socks proxy
·         Difference Between Socks proxy and HTTP Proxy
·         Socks proxy Installation
·         Web Proxy Penetration Testing
·         SSH Proxy Penetration Testing
·         FTP Proxy Penetration Testing
Intoduction to Proxy
A proxy is a computer system or program that acts as a kind of middle-man or an intermediary to come between your web browser and another computer. Your ISP operates servers– computers designed to deliver information to other computers. It uses proxy servers to accelerate the transfer of information between the server and your computer.
For Example: Two users say A and B both has requested to access same website of the server then Instead of retrieving the data from the original server, the proxy has “stored or cached” a copy of that site and sends it to User A without troubling the main server.

What is SOCKS Proxy?
A SOCKS server is a all-purpose proxy server that creates a TCP connection to another server on the client’s behalf, then exchanges network packets between a client and server. The Tor onion proxy software serves a SOCKS interface to its clients. Even SSH tunnel makes all the connections as per the SOCKS protocol.
For high security you can go with SOCKS5 protocol that provides various authentication options which you cannot get with the SOCKS4 protocol.
Difference Between Socks proxy and HTTP Proxy
§  SOCKS Proxy is low-level which is designed to be an general proxy that will be able to accommodate effectively any protocol, program, or type of traffic.
§  SOCKS proxies support both TCP and UDP transfer protocols
§  SOCKS performs at Layer 5 of the OSI model SOCKS server
§  Accepts incoming client connection on TCP port 1080.
§  HTTP proxies proxy HTTP requests, while SOCKS proxies proxy socket connections
§  HTTP proxies is High-Level which are designed for a specific protocol.
§  HTTP proxies can only process requests from applications that use the HTTP protocol.
§  An HTTP proxy is for proxying HTTP or web traffic at layer 7
§  Accepts incoming client connection on HTTP port 3128.
Socks Proxy Installation
For socks proxy lab set-up we are going to download microsocks through github. MicroSocks is multithreaded, small, efficient SOCKS5 server. It's very lightweight, and very light on resources too. Even for every client, a thread with a stack size of 8KB is spawned.

Lest’s start!!
Open the terminal with sudo rights and enter the following command:
git clone https://github.com/rofl0r/microsocks.git



Once downloading is completed run the following command for its installation:
cd microsocks
make
make install



Now execute the following command to run socks proxy on port 1080 without authentication.
microsocks -p 1080


As you can observe FTP, SSH, HTTP and Socks is running in our local machine and now let’s go for socks penetration testing on various protocol to ensure whether it is all-purpose program or not as said above.


Web Proxy Penetration Testing
Now Configuring Apache service for Web Proxy, therefore, open the “000-default.conf” file from the path: /etc/apache2/sites-available/ and add following line to implement the following rules on /html directory over localhost or Machine IP (192.168.1.103).
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order deny,allow
                deny from all
        allow from 127.0.0.1 192.168.1.103
Now the save the file and restart the apache service with the help of following command.
service apache2 start

Now when someone try to access web services through our network i.e. 192.168.1.103, he/she will welcome by following web page
“Error 403 Forbidden- You don’t have permission to access ”.
When you face such type of situation where port 80 is open but you are unable to access it, hence proved the network is running behind proxy server.



For web Proxy penetration testing we had already set-up lab for web application server such as DVWA (Read Article from here).
Now to test whether our  proxy server is working or not by configuring , let’s open Firefox and go to Edit –> Preferences –> Advanced –> Network –> Settings and then select “Manual proxy configuration” and enter SOCKS proxy server IP address (192.168.1.103) and Port (1080) to be used for all protocol.


BOOMMM!! Connected to Proxy server successfully using HTTP Proxy in our Browser.


SSH Proxy Penetration Testing

Now configuring host.allow file for SSH Proxy therefore open /etc/host.allow file and following line to allow SSH connection on localhost IP and restrict for others.
sshd : localhost : allow
sshd : 192.168.1.103: allow
sshd : ALL: deny



Now open proxychains configuration file from the given path /etc/proxychains.conf in your kali Linux and then add following line at the bottom.
socks5 192.168.1.103 1080

Now when we try to connect with target machine via port 22 for SSH connection we got an error message “Connection reset by peer” as shown in below image after executing 1st command.
ssh pentest@192.168.1.103  
When you face such type of situation where port 22 is open but you are unable to access it, hence proved the network is running behind proxy server.
But if you will use proxychains along with the command after saving the configuration as said above then you can easily connect with target network via port 22 for ssh connection as shown in below image after executing 2nd command.
proxychains ssh pentest@192.168.1.103 

FTP Proxy Penetration Testing
Now configuring vsftpd.conf file for FTP Proxy therefore open /etc/vsftpd.conf file and add thefollowing line to allow FTP connection on localhost IP and restrict for others networks.

Order Allow, Deny
Allow from 127.0.0.1 192.168.1.103
Deny from all


Using fileZilla when we try to connect 192.168.1.103 via port 21 for accessing FTP service, we got an Error “Connection closed by server”.
When you face such type of situation where port 21 is open but you are unable to access it, hence proved the network is running behind proxy server.



But FileZilla has multi features as it offers generic proxy option that forced passive mode on FTP connection. Go to Settings > Connection > FTP and select “generic proxy” option and made the following configuration settings.
§  Choose SOCKS 5 as generic Proxy
§  Proxy HOST IP: 192.168.1.103
§  Proxy Port: 1080

 

Now again when you will try to connect the target machine via port 21 for accessing FTP service then you will be easily able to access it as shown in the last image.
Hence Proved the SOCKS is actually all-purpose proxy server and Hopefully, you have found this article very helpful and completely understood the working of Proxy server and other related topic cover in this article.


Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)