By default the Netsparker Desktop web vulnerability scanner does not support SOCKS proxy, however you can run the web security scan though a third party proxy which then reroutes the traffic to your SOCKS proxy. This document explains how you can use the free proxy server Privoxy to scan a website with Netsparker via a SOCKS proxy.
Privoxy is a free proxy server and is licensed under the GNU GPLv2. You can download it from http://www.privoxy.org. Once downloaded, install it and when setup and running open the main configuration file.
To redirect the Privoxy traffic to the SOCKS proxy use the directive forward-socks for the version of SOCKS proxy you are running to specify where to redirect the traffic. Therefore if the SOCKS proxy server uses the 4A protocol, listens on port 1080 and its address is sockspoxy.mycompany.com add the following directive in the Privoxy configuration:
Below is a screenshot of the configuration we are running in our test environment.
For more information on the SOCKS proxy directives and forwarding traffic with Privoxy refer to the Forwarding section in the Privoxy documentation (https://www.privoxy.org/user-manual/config.html).
By default the Privoxy proxy server listens on port 8118 on localhost (127.0.0.1). To configure Netsparker to redirect the traffic through the Privoxy proxy server, which is running on the same machine, follow this procedure:
For more information on Scan Policies and the Scan Policy Editor read Create your own Scan Policies with the Netsparker Scan Policy Editor. Now Netsparker Desktop will forward all the traffic via the Privoxy server, which will route the traffic through the SOCKS proxy, as will be shown in the bottom left corner of the scanner.