Tải bản đầy đủ
Check HTTP 111 die right pane of protocol assigned to port 8080, and click Configure HTTP for port 8080

Check HTTP 111 die right pane of protocol assigned to port 8080, and click Configure HTTP for port 8080

Tải bản đầy đủ

Module 03 - Scanning Networks

HTTP Properties
General

C On the web server, connect to port:
(• Connect via another proxy
Proxy server

|10.0.0.7|

Port:

Iftfififi

^
Many people
understand sockets much
better then they
think. W hen you surf the
web and go to a web site
called www.altavista.com,
you are actually directing
your web browser to open
a socket connection to the
server called
"www.altaviata.com" with
p ort num ber 80

OK

Cancel

FIGURE 13.9: Prosy Workbench HTTP for Port 8080

18. Click C lose in die Configure Proxy W orkbench wizard after completing die
configuration settin g s
Configure Proxy Workbench
Proxy Ports
3orts to listen on:

T he real time logging
allows you to record
everything Proxy
W orkbench does to a text
file. This allows the
inform ation to be readily
im ported in a spreadsheet
or database so that the
m ost advanced analysis can
be perform ed o n the data

Port | Description
25
SMTP • Outgoing e-mail
POP3 ‫ ־‬Incoming e-mail
110
8080 HTTP Proxy - Web
443
HTTPS Proxy-Secure Web
21
FTP ‫ ־‬File Transfer Protocol
1000 Pass Through - For Testing Apps

Add

delete

Protocol assigned to port 8080
___________
□ Pass Through
□ HTTPS
□ POP3
□FTP

Configure HTTP for pent 8080
Close

W Show this screen at startup
FIGURE 13.10: Proxv Workbench Configured proxy

19. Repeat die configuration steps o f Proxy Workbench from S tep 11 to Step
15 in Windows Server 2008 Virtual Machines.

C E H L ab M an u al P ag e 217

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

20. 111 W indows Server 2008 type die IP address o f Windows 7 Virtual
Machine.
21. Open a Firefox browser in W indows Server 2008 and browse web pages.
& Proxy
Workbench
ch a n g es this. Not
only is it an
a w e so m e proxy
server, but you
can s e e all of th e
data flowing
through it,
visually display a
so c k e t
con n ection
history and s a v e it
to HTML

22. Proxy Workbench Generates die traffic will be generated as shown in die
following figure o f W indows Server 2008
23. Check die To Column; it is forwarding die traffic to 10.0.0.3 (Windows
Server 2008 virtual Machine).

McnfanjMN1r2CtU.2 0010|43‫|׳;־‬
| MAOAOy
^ ship 0.*!>>‫ ו\»*<»׳‬1‫מ ן‬

^1CQC•)

I.(flff J'.f'AIBI'/tllilUII
y HT‫ מ ז‬F W - Sioim W.b (4431
6 FTp.Fteriattfa *
V p*m111*h11-f«r»»njA«c*no30)

0‫ ל‬7
uv r.-‫י‬
11 ‫׳‬
‫־־‬.**»
fJ'•
U

w
anton
aaa aca!
la
ooitCM
maiaxo
1

1000 )•CB)

10011 > rw

ra a a ir a
M00 )•CIO

laaaiKm

.41• •I
>1. ‫נ‬

160527496
£605275.*
*0 5 27 59?
(6052702
£05£27 ‫ ט‬3

laaa iax a

uaaiaceo
lOOOKW

2—1

1 ( 0 17 34 <3TT
E x t e r n Sot 26
S .. : : t l 00 52
4‫ י‬a i r 1 u > - ) u
t f «J F r i . 23 0
c« 2* 1‫ י‬.'0 10 • 4
:•dta-C aat
c : . J i- a g e >: 3«0

1
>
3n

060527*3

tSOlJMM HB700 *AttkaacaiNMt
h■■aita‫ •׳״‬a
» 05;‫יי»י‬
»ct00127
J2n0331 ««27»
De«r?«e
M 0*27 411

Mtaian

.*1 •

•d>?2

(C05:?(CT

taaaiacta
M00 )•CM
MaaiKHi
144a]•QM
1000)«:w
laaaiaao

11• ■‫י‬
U .‫נ‬

3C]‫׳‬141
• 00160

»11!»r 0IB;v?W
»».< * < * 1 1 9 9

100a )■m

>1 ‫י‬
11:‫נ־‬

2
••0
0C
)‫די‬11
:■«

ce05 25&43
« 052*100

Mtaiaon
taaa ‫•ו‬cm

>1 ‫י‬
u
11.‫«־‬
:‫«־‬

•0(448
•00D&4
•a [csc

»105‫גג‬.‫ זמ‬06.K2S.31T
A‫׳•«־־‬-=‫ ־‬UK
06052?‫סט‬
-*06052C92?
«0521102 06®274B M4ca1facc tWJ
1556
06052*16?
®0526217
O r» 9 rM 0 (a < rM . ‫נ מו‬
KOI.2t.3K
KKrT
1191
ccosjt*1 utre^riT
(tiiir,
SO
S?:1M
B K05267W
2110
4r,
arezrui
I’JK
« 05 2(. 734
» 05.‫י» י‬6 *v«**<*3ntrr»»t 3(85
n n ; 1 19,
KT , s z a
IVJ

1

C605275S7
31 20 10 30
45 78 70 63
4d £1 72 20 32 30 31
39 30 47 u 4; 41 0•
66 6‫ י‬65 64 38 20 >>

74 20 32 30 10 3» ?0

47 Id 14 Od Qo 13 11
t l I c 3a d« 20 61 71
Od 0 . 43 ?< bI «m Cm

31
4c
?2
32
(3
3d
<3

.* ‫״‬
I3S

1Wi

06052»»l
PAthtf06052*173

FV»9hn<*co
sauszs

t£3524:45

06052• 3‫ י‬3

ro
11
W
3d
U
41
74

‫»ה‬9►«•*»«‫ *■*׳״‬1120

0‫נ‬
7i
2c

K
k(1

2‫ת‬

Sf <4

2300 I«I(

450‫ ל‬MtC61$‫ י‬7* «} MH

FIGURE 13.11: Proxy Workbench Generated Traffic in Windows Server 2012 Host Machine

24. Now log in in to W indows Server 2008 Virtual Machine, and check die To
column; it is forwarding die traffic to 10.0.0.7 (Windows 7 Virtual
Machine).
Fife View Tod*

Hrip

M irilcrrfj y1cbncni<2(’.3|10Q0 3|

9

r**»h':1H TIP P n» y‫'־‬Veb(0C8])
T rd

1

1

or, 05 4n !00

K
F
K

1)• (h 41 070

F

CB OG ■41 625

F

HUP

06.(E *3 375
(£ 0 6 41437

(COS 41 015

F

HTTP

0506 *3 531

(C 05 41 281

F

HTTP
HTTP

06.05 4Q 546
0E
06.05 41.281
05 05 40 B43

F
F

06 05:41.828
(KOS415Q3

F
F
F

1 0 0 0 7 0 1 CO

HTTP

POP3 •IruM fiinjoniilplC I

4J10.QO.6SWO

1 a o .a ? ;» 8 0
lQ 0 D ;- m m

HUP
HUP

£ J ' ] . 0 0.69615
£ J 6 ; 0 : ‫־‬snt

1aoa7.83E0

HTTP

‫ ו‬0 0 0 7 : ‫ש נט‬

£ J 1 0 0 0 6 9819

100 07:83 EO
100.07:8360
1aoa7!m E 0

jU ': a : f c 3 1 i4

HITP5 Ro«v - Seojic Web(4431
"W

FTP ■ Fie 1 lend® FVolard |211 • Nol L ila
£ J 1 a a 0.6 9620
PdssThioj^i F01 Tastro^oo*nOOOl f«
j h J ' I Q 0.&9B22

£ 7 A nd now, Proxy
W orkbench includes
connection failure
simulation strategies. W hat
this means is that you can
simulate a poor network, a
slow Internet or
unresponsive server. This
is makes it the definitive
TC P application tester

£ | - : . 0 : . 6 5824

1a0.a7:83EO

HTTP

0 6 0 = 4 :6 5 5

£ 1 1 0 .0 0 69626

‫ ו‬0 0 0 7 :‫ש ש‬

HTTP

06 0 5 *3 906

£1100069828

1000.7:8303

HTTP

06
£ 1 * 1 0 0 .6 9830

1ClO.a7.83EO

HTTP

06.0C 41 *09

06 05 41 406
06 05 41 718

£ 1 1 0 0 0 &9H32

m o n 7 rm g o

HUP

( K f f i 41 TIB

O, ( h 41 ‫׳׳‬HI

*1
cM s tei Hr TP Ptcay •V/H3 |B0B]|

: ‫ ״‬064

010080
‫ ־ ־ ־‬09*

060112
00012C

060144
060160
060176
080192

Mar a y 3ES KBylei

S x p iro D

ot
Hnx 2011S 0
a G226
<0 CUT T.m t Hrd

f t 1. 23 0
c t 2009 2 0 • 10 04
GMT. . C»ch0-C011t
ro L
m a x-o g e -3 6 0
0 . C on n e ct io a
k
o e p - o l iv c

76
4d
39
66
74
47

70
69 72
61
72 20
20
47 69
6564
20
32 30
4d
Od
6t 6 c 30 20
Od 0 9
43 61
65 70
2d 61

T»!mnale 01( RcIlbc Qr 'h rb »f‫־‬

Proxy Worfctxfyh

F

Fj

d

2J

1

ffe d

J Start |

| 1 ■.,* 1 •.f ‫״‬I
06 1*41 15 6

£ J *)O O G « fflO

Q■H
wpnm
am m
1QOQ2I0 1QQQ7
&10.00.6!0100.0?

S te M
05 flfl 0^7 3‫ג‬
06.05 40109
( E tft * 6 9 ‫נ נ‬

^ ,iMTP•IJ1*yt«nyvm«1l(2&|

65
32
64
30

6d
te
6c

73
30
Od
20
39
<3
61
in
69

3c
31

1e
20

61
78
15
6‫ל‬

S3
3a
4r
b'3
32
63
2d
63
65

i l 20 74
30
61
2c
30
b0
61
74
Od

30
73
2?
3.‫י‬
65
6?
69
0o

a
?‫פ‬

20 31
‫ ל‬rf?. 4
20 32
31 30
2d ■(3
65 3d
bl 6•
Od 0o

C m ^ ! ‫ ׳‬CK - o g g r g 01( 613A M

6:15AT1‫׳‬

AiLd
FIGURE 13.12 Proxy Workbench Generated Traffic in Windows Serve! 2003 Virtual Machine

C E H L ab M an u al P ag e 218

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

25. Select O n die web server, connect to port 80 in W indows 7 virtual machine,
and click OK
-TTTP P r o p e r tie s
G e n e ra l |

(•

O n th e * tcb s e rv e r, c o n n e c t to port:

C " Connect v b

0 T0*her p ro x y

ProPort:

[fiflffi

HI I t allows you to 'see'
h ow your email client
communicates w ith the
email server, how web
pages are delivered to your
browser and why your FTP
client is n ot connecting to
its server

OK

C«r>cd

il

FIGURE 13.13: Configuring HTTP properties in Windows 7

26. N ow Check die traffic in 10.0.0.7 (Windows 7 Virtual Machine) “TO”
column shows traffic generated fiom die different websites browsed in
W indows Server 2008
" Unix
p i?

«

w a»

'*w ts c « > » w

>•

<§>o

Wd

is o

11 1► ;>■
‫ הו‬7 ‫צ&ו‬

r*e

Toeli

Help

£< ‫& •ג&ל ! ־‬
nfl. Vicim-iT naOLCLTl
f t All«5ctr»*y
^ SMT P - Ouiflonfl e ‫ ״‬id |25|

‫ ד‬ClClCl3 to 10 0 0 5
1a a a 3 h> 203.85.231.83 |m‫־‬j .Brc>
’ 0 00 3 1# 68 71 209 176 |abc goc
1 00031a 50 27 06 207 |edn>m)k|
1a a a 3 la 58.27.86.123 ledue qua
100031a 68 71 220 165 |abc cm
100031a 202 79 210 121 Ibi tav
1QOCl3 b1 205 128 84.126 l£ « to
100031a 50 27 86 105 | f « * \ 1ur
100031a 58 27 86 217
100031a 157 166 255 216 |4d1‫ ׳‬c
100031a 157 166 255 31 im iiv,
100031a 203 85 231 148 lilt
100031a 203 106 85 51 |b kcmc
100031a 50 27 06 225 |s etrrcd
100031a 157.166.226.26 Iw m c
100031a 199 93 62 126 |i2.« * \u
100031a 203.106.85.65 liF c.^r
100031a 207 46 148 32|vi*va(£
100031a 66 235 130 59 Ix-ffccm
10.0031a 203.106.85.177 Ib.scc‫״‬
100031a 0 26 207 126 ledn vrtt
100031a 157 166 226 32 |tve± a
100031a 58 27 22 72 |r.«*\h4m
100031a 190 70 206 126 |icchk
100031a 157 166 226.46 ledlnr^
100031a 66 235 142 24 |rre41b)<
100031a 203 106 05 176 Idi Mrw
1 0 0 Q3 I1 157.166.255.13 Immma
1000310 68 71 209173 |4bc fl0<

12L

D c U I1 taH T T P IW -W « b 180801

m il►

From
*010.0 D 32237
) 0 1 0 0 0 32239

­ ‫י‬:
.‫ גן‬.*3
‫ ד‬26E0 I1:..h <.
•571SS22G.aK:£0|adi

)8 100032239
;0 1 0 0 0 3 2 2 4 0
) 0 1 0 0 0 3 2241
) 0 10 0 0 3 2242

‫ * י‬78206126 »0 &‫»*<י‬
i3 8 7 8 2 0 S 1 2 6 £ 0 ( a h t
133 73 336126.tC |ic ‫ *־‬U
2027921012140 (t*K 1

50100032243
) 0 10 0 0 3 2244
) 0 1 0 0 0 3 2245

57‫ י‬if f i 2262(68(U *te
56 ZJ5 14311 l&C0lme*c
201l0&9517&a>fd»1e1
1-: ►1.
‫ ־‬, ‫ ־ ׳‬I..:

) B 1 0 0 0 3 224S
)010 0 0 22 ‫ נ‬c
)610 0 0 3 2 2 9
) 0 10 0 0 3 224)
',W10 0 0 3 2250
) 0 10 0 0 3 2251
)01O O O 3 2 2 C
‫־‬M 1 0 0 0 3 2253
)0 1 0 0 0 3 2 2 5 4
) 0 10.0.0 3 2255
)01O O O 322S
) 0 1 0 0 0 3 2257
)010.0.0.32258

I

Q2 In the
C onnection Tree,
if a protocol or a
client/server pair
is s e le c te d , the
D etails Pane
displays th e
summary
information of all
o f th e s o c k e t
co n n ectio n s that
are in progress for
th e s e le c te d item
on th e C onnection
Tree.

VWwr

Pidocoi
HUP
HTTP
HTTP
HTTP

06:0634.627
0&£634643

HTTP
HTTP
HTTP

|U * E - * r l 1 LMlSUto
06.C635.436 FV»B ho? dfOcmecC..
CE<62SG 3 fVt'B hai d ; c f r r « l

C6(6 3 4 6 6 6
(6:0634.836
060634.336
C&C634963

0 6 (6 3 6 3 9 0
0 6 (6 3 5 6 2 4
060636624
cec& x21e

P*J»3 l « J i « r r « l . . .
f*■‫ ? ״‬t e d t a r r e d .
FV»B h n J ‫־‬.ccrreO ...
Km d : « r r « l

(6(6S6(E3C
CC.Ct.X.X^
0 f e » 35 4 »

(6 (6 3 6 1 8 6
C60& X 3W
C M & X T tS

FWB hat d n c r m l .
hat d i f f r r w l

06:0636483
06C03BW 3
CC.CVXUC
flf.r»3570?

( 6 (C! 36 (66
c u r *124
0C.CtX.4V•
f f.f f T V
. • >

B/*5 C25 1 BylesS
1577
0
1555
0
1556
1950
1131
2110

0
0
0
0

4176
2710
1572
‫וי י‬
11«
IA »
2‫ ט‬3

0
0
112

'» r a 2 0 5 1 2 e w 0 a * u
1 » 7 8 a * 1 2 M 0 |l « h t . .
1 9 1vV..'X .;fflT11^1.

h i TP
HTTP
HI TP
HI IP
HUP
HTTP

1«7820612S8000,. ‫ ״‬: . • . . ! . u u ‫ ־‬..
•57166 2 ® 1 6 £ 0 (wmm....

HUP
h i IP
HTTP

t e a . 56 786
060U 36W 9
c tc e - x c 7 ?

8 2 6 >2» « 81 :6 ‫ י‬a h (u
'38JB20612t•3 8 7 3 2 0 6 1 2 6 t0 1 ic d n ..
•3a7320£1;& £C|1‫ «־‬fce
‫־‬i» 7 8 2 0 6 l2 6 0 H ic e h t
157.165Z262C6e0l«fc

HTTP
HI TP

(6:0636124
C6:Cfc36.166
0606X 216
CfcC&XSCS

0 6 (6 3 6 7 1 8
C6C63E7*9

8 * ‫ יי‬hoj 4 1 « f f « l ..

HTTP
HTTP
HTTP
HTTP

06.0636611
< £ ffiX fi2 7

F h o ! dtccrrccC..
PV.‫־‬B h atiic e rrc c t..

3333
2125
2421
112i

06*636396
06C 636606

(6 (6 3 6 8 (6
060637.436

P*v»8
FVjB h s d .c crre cl...

1120
1533

f . « ‫׳‬J n c r r « l
rv>V bm d iw r iK l...
►V.T1
dtecrreel
P * 8 tu a d K c r re c 1...
06C 6 XU>1 1 8 ‫ ״ י‬h o d i m r M l .
t t C f i X f ® M Km • i i t f r r f f l

0
0
0
0
0
0
0

1183
2103
.‫ »י‬5

0
398
0
0
0
0

p e al line dsis t i HTTP P * • / ■Web (9060)
0 0 01 60
000176
0 0 01 92
00 0206
000224
0 0 02 40
0 0 02 56
000272

C‫־‬S I
3 0 l«
5 e l.
2 6 b a r 2011 00
5 2 31 CUT C onn*
c t *oc
. : ! » • . Co

Btwt-Uimh 20

61
M
4f
55
20
3S
61

72
69
il
4e
32
32
74
60 ?4

75 3 a 20 4 1 6 3 63

60 6 ? Od 0a 6 0 33
20 i d 4 ? 5 6 61 20
4 ? 22
36 20
3a 33
6? 6(
65 6a

Od
4d
31
6■
?4


61
20
3•
2d

44
?2
47
20
4c

61
20
4d
6)
65

65
SO
if
74
32
?4
&c

?0
3a
?5
65
30
011
Cl
60 6 7

74
20
S2
3•
31
0a
?3
‫ל‬4

2d
43
20
20
31
4)
65
68

4 61 3 6 ‫ג‬
5 0 3d 2 2
4 2 5 ? 53
5 3 ( 1 74
2 0 30 3 0
i i 6e ( e
C J 0■ 43
3* 20 32

‫ ־‬.‫־‬
40
20
2c
3a
65
il
30

_
L*a

FIGURE 13.14: Prosy Workbench Generated Traffic in Windows 7 Virtual Machine

Lab Analysis
Document all die IP a d d resses, open ports and running applications, and
protocols you discovered during die lab.

C E H L ab M an u al P ag e 219

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

T o o l/U tility

In fo rm atio n C o llected /O b jectiv es A chieved
Proxy server U sed: 10.0.0.7

Proxy W o rk b en ch

P ort scan n ed : 8080
R esult: Traffic captured by windows 7 virtual
machine( 10.0.0.7)

P L E A S E TALK T O YO U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S
R E L A T E D T O T H I S L AB.

Questions
1. Examine the Connection Failme-Termination and Refusal.
2. Evaluate how real-time logging records everything in Proxy Workbench.

In tern e t C o n n ectio n R equired
0 Yes

□ No

P latform S u p p o rted
0

C E H L ab M an u al P ag e 220

C lassroom

□ iLabs

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited