SOCKS proxy support #229
Comments
|
Yes you are right. This seems like a niche feature and support for HTTP proxies should be more than enough, so there is no plan to support SOCKS proxies. |
|
I just ran into a situation where it would be extremely useful to be able to run sslyze using OpenSSH's dynamic proxy mode through a bastion host where I'd prefer not to have to install the entire build toolchain. I tried using proxychains-ng but that crashes partway through the scan. |
|
But is this OpenSSH proxy feature a SOCKS proxy? And why not use a normal HTTP proxy (which is already supported by SSLyze)? |
|
Yes: it's a full SOCKS 5 proxy: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding#Dynamic_Port_Forwarding The main selling point is not needing to install anything on the bastion host, especially not a new network service on what should be a very locked down system, and there are related points about reusing your existing authentication, logging, etc. |
|
I just tried Then doing works great. |
|
@BenjaminHae the advantage of the dynamic proxy mode is that it works for more than one host/port and doesn't break hostname validation. I never encourage that in standard usage since training admins to ignore security warnings inevitably leads to false negatives. |
|
This could be used https://github.com/Anorov/PySocks |
If I am right, SSlyze only supports HTTP/HTTPs proxy. Is there any plan to implement socks proxy support anytime soon?
The text was updated successfully, but these errors were encountered: