Webpentest through socks proxy
From pentestwiki.org
Auditing locally through a SOCKS proxy/jumpbox
Target | V Ssh server (ssh -D) | V burp: Lan or Wifi | V Tools: nikto, firefox, curl, sqlmap, proxychains-ng
Adapted syntax for different tools with support:
$
curl -k -x http://burp:8080 http://$IP
$
sqlmap --proxy=http://burp:8080 $IP
$
nikto -useproxy http://burp:8080 -host http://$IP
+ ERROR: Proxy error: opening stream: can't connect: proxy connect failed: proxy connect to 192.168.1.14:8000 failed: Invalid argument at /var/lib/nikto/plugins/LW2.pm line 5157.
Sometimes nikto shows an error in perl library LWP.pm, if cannot verify the identity of the certificate. Use gobuster instead.
$
gobuster -k -u https://$IP -p http://$PROXY:9090 -w /usr/share/wordlists/dirb/common.txt