Kali Study (ii)

Reverse proxy: Reverse proxy means to accept the connection request on the Internet with the agent server, then forward the request to the server on the internal network and return the results from the server to the client requesting the connection on the Internet. At this point the proxy server appears as a reverse proxy server externally.
1, access to the server can not access
2. Speed up access to Server B
3. Cache function
4. Client Access Authorization
5, hide the whereabouts of visitors

Forward Proxy: is a server located between the client and the original server (Origin server), in order to obtain content from the original server, the client sends a request to the agent and specifies the target (the original server), then the agent forwards the request to the original server and returns the obtained content to the client. The client can use a forward proxy.
1. Protect and hide the original resource server
2. Load Balancing

The transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your request fields and transmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies.



Intermediary Agent Framework: Mitmproxy Usage: http://drops.wooyun.org/tips/2943 Introduction
--------------------------------------------------------------------------------------------------------------- -----------------------------------
Mitmproxy-p 8800 start listening 8800 native port, firefox-"preferences-" advanced-"network-" settings-"Select Manual proxy configuration-" HTTP proxy fill in 127.0.0.1 8800 to access any of the Web page, you can see the HTTP request in the Mitmproxy.

Select a request with the mouse, enter to list the details of this request, you can use the TAB key to switch between request and response, enter Q to return to the main interface.

Enter L to fill in the filter conditions, such as fill/.js can be listed with JS file request

Input I can fill in the request to block, such as fill-u \.php blocked request will be highlighted red, if you want to release the selected press A, if you want to edit, select Enter, press E, you will be prompted to edit the options, enter the option to edit the first character switch to edit mode, after editing, enter the main interface and can be edited and released after interception.
--------------------------------------------------------------------------------------------------------------- -----------------------------------


Owasp-zap Attack Agent
--------------------------------------------------------------------------------------------------------------- -----------------------------------
Start command Owasp-zap
In the tools-"options-" Local proxy set 8800 port browser and the above settings similarly, the browser once visited a Web site can display an HTTP request in the right column in owasp, the HTTP request right-click to set a breakpoint, The next time the browser sends this request, it can be interrupted.
--------------------------------------------------------------------------------------------------------------- -----------------------------------


Paros proxy agent for evaluating vulnerabilities in Web applications
--------------------------------------------------------------------------------------------------------------- -----------------------------------
Start command Paros
Tool interface and Owasp-zap almost, mainly in the right bar request on the right button more than a spider's function
--------------------------------------------------------------------------------------------------------------- -----------------------------------


Burp Suite's integrated platform for attacking Web applications
--------------------------------------------------------------------------------------------------------------- -----------------------------------
The proxy-burp suite comes with an agent that runs on the default port 8080, and using this proxy, we can intercept and modify the packets from the client to the Web application
--------------------------------------------------------------------------------------------------------------- -----------------------------------


Proxystrike plug-in proxy tool, provides a lot of SQL injection, server-side attacks, cross-site scripting attacks plug-ins.
--------------------------------------------------------------------------------------------------------------- -----------------------------------
Configuration Port under Config
--------------------------------------------------------------------------------------------------------------- -----------------------------------


WebScarab an agent software
--------------------------------------------------------------------------------------------------------------- -----------------------------------
SOAP parsing
tools-"Proxies Configuration port
--------------------------------------------------------------------------------------------------------------- -----------------------------------

This article from the "Clear" blog, reproduced please contact the author!

Kali Study (ii)