3128 - Squid
💡 学习提示: 本文档介绍 3128 - Squid 的渗透测试方法,适合信息安全初学者和从业人员参考。
⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。
默认 port: 3128
信息收集
Web 代理
You can try to set this discovered service as proxy in your browser. However, if it’s configured with HTTP authentication you will be prompted for usernames and password.
Nmap proxified
You can also try to abuse the proxy to scan internal ports proxifying nmap.
Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: http 10.10.10.10 3128
For proxies requiring authentication, append credentials to the configuration by including the username and password at the end: http 10.10.10.10 3128 username passw0rd.
Then run nmap with proxychains to scan the host from local: proxychains nmap -sT -n -p- localhost
SPOSE Scanner
Alternatively, the Squid Pivoting Open 端口 Scanner (spose.py) can be used.
Pivot & tooling configuration
Use Squid as a discovery pivot and a transparent upstream hop for CLI and browser tools.
- Scan “from” the proxy: run SPOSE through Squid to enumerate ports reachable from the proxy host/loopback. With uv you can install deps and scan all TCP ports directly:
- Proxychains for HTTP interaction: append a strict HTTP entry at the bottom of
/etc/proxychains.conf:
Then interact with internal listeners (e.g., a web UI bound to 127.0.0.1) transparently through Squid:
- Chaining Burp/Browser → Squid: configure Burp 代理 → Settings → 网络 → Connections → Upstream proxy servers to point to
http://SQUID_IP:3128. Requests to internal hosts such ashttp://127.0.0.1:9191will traverse Browser → Burp → Squid → target, enabling full interception of services otherwise not reachable externally.