SlideShare a Scribd company logo

The Patsy Proxy

Download as PPTX, PDF
B
BaronZor

How to use systems not designed for use as proxies to pass traffic for you.

Technology
1 of 27
The Patsy Proxy Getting Others To Do Your Dirty Work
Who we are  Jen Savage ◦ Software Developer ◦ @savagejen  Dan Crowley ◦ Managing Consultant at Trustwave SpiderLabs ◦ @dan_crowley
What is a patsy proxy?  Patsy (noun): A person who is easily taken advantage of  Proxy (noun): A person authorized to act on the behalf of another  A patsy proxy is anything that can be used to unwittingly perform an attack on the behalf of another.
Advantages of a patsy proxy  Proxy owner is unaware of proxy  Target is unaware that victim acts as proxy ◦ Not publicly listed as a proxy ◦ No traditional proxy service on victim  Logging unlikely  IP may be privileged
Disadvantages of a patsy proxy  Attack capabilities may be limited ◦ May be blind ◦ May change the traffic ◦ May have a time delay ◦ May pass only certain types of traffic  What is inside the black box? ◦ May be logged
On patsy limitations  Patsy only allows GET params ◦ Many applications accept POST params in GET  Patsy only makes HEAD requests ◦ Many applications process HEAD/GET the same  No data will be returned  DoS capability severely limited  Patsy is blind ◦ Many attacks can be launched blind
Malicious uses of a patsy proxy
Frame Someone  Post threats, harass people, etc  Access illegal materials  Launch attacks
Anonymize an attack  Attack will trace back to the patsy ◦ Is the patsy logging?  Traditional attacks ◦ SQLi ◦ RFI ◦ DoS
Bypass IP address filtering  Evade IP blacklist ◦ IP ban ◦ Sites which disallow proxies  Exploit IP trust relationships ◦ Business partnerships ◦ Proxies usually disallow internal access  Not the case with unintentional proxying
Methods to achieve a patsy proxy
Automated Services  URL shorteners & un-shorteners  Web Spiders  Twitter bots  “Upload from URL” functionality  Webpage translation utilities  Link preview functionality
GOOGLE TRANSLATE “Translate” a web page
FACEBOOK Status update preview
Automated Services  Malware Scanning Utilities  Mail Gateway Scanners ◦ Thanks to Jcran for his Project Tuna data: tuna.pentestify.com/emails  Other  Good job Google on the Google Safe Browsing Database!
CLAMAV In certain configurations, URLs in emails are checked for malware
GEOCITIES-IZER Hack like it’s 1996
UNKNOWN MAIL GATEWAY AV With ROT13 power
Traditional Vulns  XSS / HTML Injection  XML injection (XXE)  SQLi  RFI
Social Engineering  Worth mentioning  Not worth in-depth explanation
Could it be a vulnerability?
Recursive DoS  Point the patsy back at itself  Traffic amplification factor: ◦ MAX_URI / patsy URI length * 2  Tack a large resource onto the last iteration  20 requests resulted in 30 minutes downtime ◦ Over the LAN!
RECURSIVE DOS “If it’s stupid but it works, it isn’t stupid.” patsy.php contained fopen($_GET['site'], 'r');
WAF bypass  Recurse once  Double encode attack Web Server WAF Mal
DDoS through patsies  I have 2MB up  I have 30 patsies, each 15MB up  I have Python  By your powers combined…  …I AM CAPTAIN DOWNTIME
Access to Internal Networks  Modern proxies enforce boundaries between internal / external  Unintentional proxies may allow boundary violation ◦ http://patsy.com/?site=http://10.0.0.1/admi n.htm
Conclusion  Attribution is Hard(er) ◦ An IP address is not a person  IP address filtering is ineffective  Think before generating traffic for users  User education is valuable for users, too ◦ Don’t Take Candy from Internet Strangers

Recommended

Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseIntroduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseSurya Subhash
 
AppSec Bug Classification Table
AppSec Bug Classification TableAppSec Bug Classification Table
AppSec Bug Classification TableDavid Cintz
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksDEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksRuss McRee
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Lior Rotkovitch
 

Recommended

Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseIntroduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseSurya Subhash
 
AppSec Bug Classification Table
AppSec Bug Classification TableAppSec Bug Classification Table
AppSec Bug Classification TableDavid Cintz
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksDEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still WorksRuss McRee
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Lior Rotkovitch
 
Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxRomania Testing
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsShane Stanley
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
Broken access controls
Broken access controlsBroken access controls
Broken access controlsAkansha Kesharwani
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Controlstevil1224
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8Pavan M
 
Understanding CSRF
Understanding CSRFUnderstanding CSRF
Understanding CSRFPotato
 
Csrf not all defenses are created equal
Csrf not all defenses are created equalCsrf not all defenses are created equal
Csrf not all defenses are created equalAri Elias-Bachrach
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Frank Victory
 
Is your app secure
Is your app secureIs your app secure
Is your app secureChathuranga Bandara
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
Uses of proxies
Uses of proxiesUses of proxies
Uses of proxiesProxies Rent
 
cybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecuritycybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecurityJayaMishra170943
 
How does proxy works?
How does proxy works?How does proxy works?
How does proxy works?proxiesforrentp
 
Case Study on Property Portal Data Security
Case Study on Property Portal Data SecurityCase Study on Property Portal Data Security
Case Study on Property Portal Data SecurityProperty Portal Watch
 
Web Services Security
Web Services SecurityWeb Services Security
Web Services Securityamiable_indian
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationMd Mahfuzur Rahman
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 

More Related Content

What's hot

Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxRomania Testing
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsShane Stanley
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Controlstevil1224
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8Pavan M
 
Understanding CSRF
Understanding CSRFUnderstanding CSRF
Understanding CSRFPotato
 
Csrf not all defenses are created equal
Csrf not all defenses are created equalCsrf not all defenses are created equal
Csrf not all defenses are created equalAri Elias-Bachrach
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Frank Victory
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 

What's hot (12)

Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolbox
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and Forwards
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitch
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Control
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8
 
Understanding CSRF
Understanding CSRFUnderstanding CSRF
Understanding CSRF
 
Csrf not all defenses are created equal
Csrf not all defenses are created equalCsrf not all defenses are created equal
Csrf not all defenses are created equal
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
 
Is your app secure
Is your app secureIs your app secure
Is your app secure
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web Services
 

Similar to The Patsy Proxy

Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
cybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecuritycybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecurityJayaMishra170943
 
Case Study on Property Portal Data Security
Case Study on Property Portal Data SecurityCase Study on Property Portal Data Security
Case Study on Property Portal Data SecurityProperty Portal Watch
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationMd Mahfuzur Rahman
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Landmines in the API Landscape
Landmines in the API LandscapeLandmines in the API Landscape
Landmines in the API LandscapeMatt Tesauro
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the livingJaredPeck
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Proxy Server: A Comprehensive Guide
Proxy Server: A Comprehensive GuideProxy Server: A Comprehensive Guide
Proxy Server: A Comprehensive GuideHTS Hosting
 
Web api security
Web api securityWeb api security
Web api security9xdot
 

Similar to The Patsy Proxy (20)

Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Uses of proxies
Uses of proxiesUses of proxies
Uses of proxies
 
cybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecuritycybersecurity unit 5 basics of cybersecurity
cybersecurity unit 5 basics of cybersecurity
 
How does proxy works?
How does proxy works?How does proxy works?
How does proxy works?
 
Case Study on Property Portal Data Security
Case Study on Property Portal Data SecurityCase Study on Property Portal Data Security
Case Study on Property Portal Data Security
 
Web Services Security
Web Services SecurityWeb Services Security
Web Services Security
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web Application
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Landmines in the API Landscape
Landmines in the API LandscapeLandmines in the API Landscape
Landmines in the API Landscape
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the living
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Proxy Servers & Firewalls
Proxy Servers & FirewallsProxy Servers & Firewalls
Proxy Servers & Firewalls
 
Proxy Server: A Comprehensive Guide
Proxy Server: A Comprehensive GuideProxy Server: A Comprehensive Guide
Proxy Server: A Comprehensive Guide
 
Web api security
Web api securityWeb api security
Web api security
 

More from BaronZor

No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksBaronZor
 
Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013BaronZor
 
Why UPnP is awesome and terrifying
Why UPnP is awesome and terrifyingWhy UPnP is awesome and terrifying
Why UPnP is awesome and terrifyingBaronZor
 
Advanced SQL Injection with SQLol
Advanced SQL Injection with SQLolAdvanced SQL Injection with SQLol
Advanced SQL Injection with SQLolBaronZor
 
Jack of all Formats
Jack of all FormatsJack of all Formats
Jack of all FormatsBaronZor
 
Daniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesDaniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesBaronZor
 
Windows File Pseudonyms
Windows File PseudonymsWindows File Pseudonyms
Windows File PseudonymsBaronZor
 

More from BaronZor (7)

No-Knowledge Crypto Attacks
No-Knowledge Crypto AttacksNo-Knowledge Crypto Attacks
No-Knowledge Crypto Attacks
 
Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013
 
Why UPnP is awesome and terrifying
Why UPnP is awesome and terrifyingWhy UPnP is awesome and terrifying
Why UPnP is awesome and terrifying
 
Advanced SQL Injection with SQLol
Advanced SQL Injection with SQLolAdvanced SQL Injection with SQLol
Advanced SQL Injection with SQLol
 
Jack of all Formats
Jack of all FormatsJack of all Formats
Jack of all Formats
 
Daniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic OraclesDaniel Crowley - Speaking with Cryptographic Oracles
Daniel Crowley - Speaking with Cryptographic Oracles
 
Windows File Pseudonyms
Windows File PseudonymsWindows File Pseudonyms
Windows File Pseudonyms
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

The Patsy Proxy

  • 1. The Patsy Proxy Getting Others To Do Your Dirty Work
  • 2. Who we are  Jen Savage ◦ Software Developer ◦ @savagejen  Dan Crowley ◦ Managing Consultant at Trustwave SpiderLabs ◦ @dan_crowley
  • 3. What is a patsy proxy?  Patsy (noun): A person who is easily taken advantage of  Proxy (noun): A person authorized to act on the behalf of another  A patsy proxy is anything that can be used to unwittingly perform an attack on the behalf of another.
  • 4. Advantages of a patsy proxy  Proxy owner is unaware of proxy  Target is unaware that victim acts as proxy ◦ Not publicly listed as a proxy ◦ No traditional proxy service on victim  Logging unlikely  IP may be privileged
  • 5. Disadvantages of a patsy proxy  Attack capabilities may be limited ◦ May be blind ◦ May change the traffic ◦ May have a time delay ◦ May pass only certain types of traffic  What is inside the black box? ◦ May be logged
  • 6. On patsy limitations  Patsy only allows GET params ◦ Many applications accept POST params in GET  Patsy only makes HEAD requests ◦ Many applications process HEAD/GET the same  No data will be returned  DoS capability severely limited  Patsy is blind ◦ Many attacks can be launched blind
  • 7. Malicious uses of a patsy proxy
  • 8. Frame Someone  Post threats, harass people, etc  Access illegal materials  Launch attacks
  • 9. Anonymize an attack  Attack will trace back to the patsy ◦ Is the patsy logging?  Traditional attacks ◦ SQLi ◦ RFI ◦ DoS
  • 10. Bypass IP address filtering  Evade IP blacklist ◦ IP ban ◦ Sites which disallow proxies  Exploit IP trust relationships ◦ Business partnerships ◦ Proxies usually disallow internal access  Not the case with unintentional proxying
  • 11. Methods to achieve a patsy proxy
  • 12. Automated Services  URL shorteners & un-shorteners  Web Spiders  Twitter bots  “Upload from URL” functionality  Webpage translation utilities  Link preview functionality
  • 15. Automated Services  Malware Scanning Utilities  Mail Gateway Scanners ◦ Thanks to Jcran for his Project Tuna data: tuna.pentestify.com/emails  Other  Good job Google on the Google Safe Browsing Database!
  • 16. CLAMAV In certain configurations, URLs in emails are checked for malware
  • 19. Traditional Vulns  XSS / HTML Injection  XML injection (XXE)  SQLi  RFI
  • 20. Social Engineering  Worth mentioning  Not worth in-depth explanation
  • 21. Could it be a vulnerability?
  • 22. Recursive DoS  Point the patsy back at itself  Traffic amplification factor: ◦ MAX_URI / patsy URI length * 2  Tack a large resource onto the last iteration  20 requests resulted in 30 minutes downtime ◦ Over the LAN!
  • 23. RECURSIVE DOS “If it’s stupid but it works, it isn’t stupid.” patsy.php contained fopen($_GET['site'], 'r');
  • 24. WAF bypass  Recurse once  Double encode attack Web Server WAF Mal
  • 25. DDoS through patsies  I have 2MB up  I have 30 patsies, each 15MB up  I have Python  By your powers combined…  …I AM CAPTAIN DOWNTIME
  • 26. Access to Internal Networks  Modern proxies enforce boundaries between internal / external  Unintentional proxies may allow boundary violation ◦ http://patsy.com/?site=http://10.0.0.1/admi n.htm
  • 27. Conclusion  Attribution is Hard(er) ◦ An IP address is not a person  IP address filtering is ineffective  Think before generating traffic for users  User education is valuable for users, too ◦ Don’t Take Candy from Internet Strangers

Editor's Notes

  1. Jen, Dan
  2. Dan, Jen
  3. Dan
  4. Jen
  5. Jen
  6. Dan
  7. Jen
  8. Dan
  9. Jen
  10. Jen
  11. Jen
  12. Dan
  13. Jen
  14. Dan