--- title: "3128 - Squid" weight: 3128 date: "2026-03-10T10:03:28+08:00" lastmod: "2026-03-10T13:26:55+08:00" --- 💡 **学习提示**: 本文档介绍 **3128 - Squid** 的渗透测试方法,适合信息安全初学者和从业人员参考。 ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。 --- **默认 port:** 3128 ``` PORT STATE SERVICE VERSION 3128/tcp open http-proxy Squid http proxy 4.11 ``` ### 信息收集 #### Web 代理 You can try to set this discovered service as proxy in your browser. However, if it's configured with HTTP authentication you will be prompted for usernames and password. ```bash ## Try to proxify curl curl --proxy http://10.10.11.131:3128 http://10.10.11.131 ``` #### Nmap proxified You can also try to abuse the proxy to **scan internal ports proxifying nmap**.\ Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: `http 10.10.10.10 3128` For proxies requiring authentication, append credentials to the configuration by including the username and password at the end: `http 10.10.10.10 3128 username passw0rd`. Then run nmap with proxychains to **scan the host from local**: `proxychains nmap -sT -n -p- localhost` #### SPOSE Scanner Alternatively, the Squid Pivoting Open 端口 Scanner ([spose.py](https://github.com/aancw/spose)) can be used. ```bash python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131 ``` #### Pivot & tooling configuration *Use Squid as a discovery pivot and a transparent upstream hop for CLI and browser tools.* - **Scan “from” the proxy:** run SPOSE through Squid to enumerate ports reachable from the proxy host/loopback. With [uv](https://github.com/astral-sh/uv) you can install deps and scan all TCP ports directly: ```bash uv add --script spose.py -r requirements.txt uv run spose.py --proxy http://SQUID_IP:3128 --target localhost --allports ``` - **Proxychains for HTTP interaction:** append a strict HTTP entry at the bottom of `/etc/proxychains.conf`: ```ini [ProxyList] http SQUID_IP 3128 ``` Then interact with internal listeners (e.g., a web UI bound to 127.0.0.1) transparently through Squid: ```bash proxychains curl http://127.0.0.1:9191 -v ``` - **Chaining Burp/Browser → Squid:** configure Burp *代理 → Settings → 网络 → Connections → Upstream proxy servers* to point to `http://SQUID_IP:3128`. Requests to internal hosts such as `http://127.0.0.1:9191` will traverse Browser → Burp → Squid → target, enabling full interception of services otherwise not reachable externally. --- ### 搜索引擎语法 #### FOFA ```bash # FOFA 搜索语法 port="3128" ``` #### Shodan ```bash # Shodan 搜索语法 port:3128 ``` #### ZoomEye ```bash # ZoomEye 搜索语法 port:3128 ``` --- ## 📖 参考资料 - [HackTricks - 3128-squid](https://book.hacktricks.wiki/en/network-services-pentesting/3128-squid.html)