Squid proxy server for penetration testing drop boxes

I perform network penetration testing from headless Kali boxes. This is limiting when I want to test internally available web apps. I can get away with SSH tunneling (aka port forwarding) for basic applications or RDP interface but it quickly becomes a pain once you start interacting with dynamic content and especially with redirections. And thats where the Squid proxy comes in handy. So the goal is to run internally available web pages that were found during the assessment through the instance of Burp Pro on my local machine.

Steps:

  1. Spin up a Squid proxy server on the remote instance:

apt-get install squid3

Modify the config file:

Find and uncomment this line in your /etc/squid/squid.conf: #http_access allow localnet

Add your gateway to the acl: acl localnet scr 192.168.0.1/255.255.255.0

Restart the server: service squid restart

Always good idea to double check yourself. Your nmap output for localhost should look like this:

2. On your local machine’s browser send all the traffic through the remote box on port 3128.

3. In Burp set upstream proxy server in the ‘User options’ tab to your remote IP and port 3128 and leave listener proxy as the default.

You can now browse webpages in Firefox using internal IPs from your remote network and scan them with Burp.

W00t!!