Webpentest through SOCKS proxy

Penetration Testing Wiki

Auditing locally through a SOCKS proxy or jumpbox:

Target
    |
    V
Ssh server  (ssh -D)
   |
   V
burp: Lan or Wifi
   |
   V
Tools: nikto, firefox, curl, sqlmap, proxychains-ng

Adapted syntax for different tools with proxy support:

curl -k -x http://burp:8080 http://$IP
sqlmap --proxy=http://burp:8080 $IP
wfuzz -z file,wordlist/general/common.txt -p localhost:8080 http://$DOMAIN/FUZZ
nikto -useproxy http://burp:8080 -host http://$IP
+ ERROR: Proxy error: opening stream: can't connect: proxy connect failed: proxy connect to 192.168.1.14:8000 failed: Invalid argument at /var/lib/nikto/plugins/LW2.pm line 5157.

Sometimes nikto shows an error in perl library LWP.pm, if cannot verify the identity of the certificate. Use gobuster instead.

gobuster -k -u https://$IP -p http://$PROXY:9090 -w /usr/share/wordlists/dirb/common.txt

About me

My name is Jacobo Avariento. I got a Master’s Degree in Computer Science and specialized in cybersecurity in 2001. With more than 15 years in the cybersecurity industry as a consultant and penetration tester working for top tier banks, the European Central Bank, pharmaceutical, automotive and gaming companies.

I hold Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) and Certified Blockchain Security Professional (CBSP) certifications.

OSCP Certification

CEH Certification

© 2021 DEFENSAHACKER Academy