Scanning Networks - p.14

LAB 13

Daisy Chaining using Proxy Workbench

Proxy Workbench is a unique pivxy server, ideal for developers, security experts, and twiners, which displays data in real time.

Lab Scenario

You have learned in the previous lab how to hide your actual IP using a Proxy Switcher and browse anonymously. Similarly an attacker with malicious intent can pose as someone else using a proxy server and gather information like account or bank details o f an individual by performing so c ia l engineering. Once attacker gains relevant information he or she can hack into that individual’s bank account for online shopping. Attackers sometimes use multiple proxy servers for scanning and attacking, making it very difficult for administrators to trace die real source of attacks. As an administrator you should be able to prevent such attacks by deploying an intrusion detection system with which you can collect network information for analysis to determine if an attack or intrusion has occurred. You can also use Proxy Workbench to understand how networks are scanned.

Lab Objectives

This lab will show you how networks can be scanned and how to use Proxy Workbench. It will teach you how to:

■ Use the Proxy Workbench tool
■ Daisy chain the Windows Host Machine and Virtual Machines

Lab Environment

To carry out the lab, you need:
■ Proxy Workbench is located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Proxy Tools\Proxy Workbench

You can also download die latest version o f Proxy Workbench from this link http://proxyworkbench.com

I f you decide to download the latest version, then screenshots shown in the lab might differ

A computer running Windows Server 2012 as attacker (host machine)

Another computer running Window Server 2008, and Windows 7 as victim (virtual machine)

A web browser widi Internet access

Follow Wizard-driven installation steps to install Proxy Workbench

Administrative privileges to run tools

Lab Duration

Time: 20 Minutes

Overview of Proxy Workbench

Proxy Workbench is a proxy server diat displays its data in real time. The data flowing between web browser and web server even analyzes FTP in passive and active modes.

Lab Tasks

1. Install Proxy Workbench on all platforms of die Windows operating system ׳Windows Server 2012. Windows Server 2008. and Windows 7)
2. Proxy Workbench is located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Proxy Tools\Proxy Workbench
3. You can also download the latest version o f Proxy Workbench from this link
http ://proxyworkbench.com
4. Follow the wizard-driven installation steps and install it in all platforms of Windows operating sy stem
5. This lab will work in the CEFI lab environment - on Windows Server 2012, Windows Server 2 0 0 8 י and Windows 7
6. Open Firefox browser in your Windows Server 2012, and go to Tools and click options

FIGURE 13.1: Firefox options tab

7. Go to Advanced profile in die Options wizard of Firefox, and select die Network tab, and dien click Settings.

FIGURE 13.2 Firefox Network Settings

8. Check Manual proxy configuration 111 the Connection Settings wizard.
9. Type HTTP Proxy a s 127.0.0.1 and enter die port value as 8080 י and check die option of Use this proxy server for all protocols, and click OK.

FIGURE 13.3: Firefox Connection Settings

10. While configuring, if you encounter any port error please ignore it

11. Launch the Start menu by hovering die mouse cursor in the lower-left corner of the desktop.

FIGURE 13.4: Windows Server 2012 - Desktop view

12. Click die Proxy Workbench app to open die Proxy Workbench window

FIGURE 13.5: Windows Server 2012 - Apps

13. The Proxy Workbench main window appears as shown in die following figure.

FIGURE 13.6: Proxv Workbench main window

14. Go to Tools on die toolbar, and select Configure Ports

FIGURE 13.7: Proxy Workbench ConFIGURE Ports option

15. 111 die Configure Proxy Workbench wizard, select 8080 HTTP Proxy - Web IN THE left pane of Ports to listen on.
16. Check HTTPin the right pane of protocol assigned to port 8080, and click Configure HTTP for port 8080

FIGURE 13.8: Prosy Workbench Configuring HTTP for Port 8080

17. The HTTP Properties window appears. Now check Connect via another proxy, enter your Windows Server 2003 virtual machine IP address in  Proxy Server, and enter 8080 in Port and dien click OK

FIGURE 13.9: Prosy Workbench HTTP for Port 8080

18. Click Close in die Configure Proxy Workbench wizard after completing die configuration settings

FIGURE 13.10: Proxv Workbench Configured proxy

19. Repeat die configuration steps o f Proxy Workbench from Step 11 to Step 15 in Windows Server 2008 Virtual Machines

20. 111 Windows Server 2008 type die IP address of Windows 7 Virtual Machine.
21. Open a Firefox browser in Windows Server 2008 and browse web pages.
22. Proxy Workbench Generates die traffic will be generated as shown in die following figure of Windows Server 2008
23. Check die To Column; it is forwarding die traffic to 10.0.0.3 (Windows Server 2008 virtual Machine).

FIGURE 13.11: Proxy Workbench Generated Traffic in Windows Server 2012 Host Machine

24. Now log in in to Windows Server 2008 Virtual Machine, and check die To column; it is forwarding die traffic to 10.0.0.7 (Windows 7 Virtual Machine).

FIGURE 13.12 Proxy Workbench Generated Traffic in Windows Serve! 2003 Virtual Machine

25. Select On die web server, connect to port 80 in Windows 7 virtual machine, and click OK

FIGURE 13.13: Configuring HTTP properties in Windows 7

26. Now Check die traffic in 10.0.0.7 (Windows 7 Virtual Machine) “TO” column shows traffic generated fiom die different websites browsed in Windows Server 2008

FIGURE 13.14: Prosy Workbench Generated Traffic in Windows 7 Virtual Machine

Lab Analysis

Document all die IP addresses, open ports and running applications, and protocols you discovered during die lab.

Questions
1. Examine the Connection Failme-Termination and Refusal.
2. Evaluate how real-time logging records everything in Proxy Workbench.