Download Netsparker
Pricing
Blog
Contact
Netsparker

How to Scan a Website with Netsparker Desktop via a SOCKS Proxy

Category: Product Docs & FAQS - Tags: netsparker desktop , faq , socks proxy , proxy - Thu, 01 Jan 2015, by Robert Abela

By default the Netsparker Desktop web vulnerability scanner does not support SOCKS proxy, however you can run the web security scan though a third party proxy which then reroutes the traffic to your SOCKS proxy. This document explains how you can use the free proxy server Privoxy to scan a website with Netsparker via a SOCKS proxy.

1.     Install Privoxy Proxy Server

Privoxy is a free proxy server and is licensed under the GNU GPLv2. You can download it from http://www.privoxy.org. Once downloaded, install it and when setup and running open the main configuration file.

2.     Configure Privoxy to Redirect to the SOCKS Proxy

To redirect the Privoxy traffic to the SOCKS proxy use the directive forward-socks for the version of SOCKS proxy you are running to specify where to redirect the traffic. Therefore if the SOCKS proxy server uses the 4A protocol, listens on port 1080 and its address is sockspoxy.mycompany.com add the following directive in the Privoxy configuration:

Forward-socks4a              socksproxy.mycompany.com:1080

Below is a screenshot of the configuration we are running in our test environment.

Configuring the SOCKS proxy redirect in the Prioxy Proxy Server

For more information on the SOCKS proxy directives and forwarding traffic with Privoxy refer to the Forwarding section in the Privoxy documentation (https://www.privoxy.org/user-manual/config.html).

Configure Netsparker to Use Privoxy Proxy

By default the Privoxy proxy server listens on port 8118 on localhost (127.0.0.1). To configure Netsparker to redirect the traffic through the Privoxy proxy server, which is running on the same machine, follow this procedure:

  1. Open the Scan Policy Editor.
  2. Open the Scan Policy you’d like to use and navigate to the Proxy node in the HTTP section (shown in the below screenshot).
  3. Select the option Use Custom Proxy.
  4. Enter the address, in this case 0.0.1 and the port, in this case 8118.
  5. Click the OK button to save the scan policy.

Configuring the proxy connection details in Netsparker Desktop

For more information on Scan Policies and the Scan Policy Editor read Create your own Scan Policies with the Netsparker Scan Policy Editor. Now Netsparker Desktop will forward all the traffic via the Privoxy server, which will route the traffic through the SOCKS proxy, as will be shown in the bottom left corner of the scanner.

Netsparker desktop successfully connected to the proxy server and can route traffic through it.

Netsparker Wep Application Security Scanner Find and Exploit vulnerabilities in Web Applications with Netsparker

Request Demo version of Netsparker ProfessionalorBuy Netsparker Professional

Follow us