pxytest

Summary: 
test for open proxy server that allows mail relay
Current release: 
1.36
Last updated: 
2002-12-27

pxytest is a command line utility to test a host for open proxies that are vulnerable to spammer abuse. It is written in perl.

Unsecured proxies can be a conduit of spam. This is a particularly vexing problem, because open proxies, unlike open mail relays, hide the origin of the spam, making it impossible to trace. This utility
tests a host to see if it is vulnerable to such abuse.

It works something like this ...

$ pxytest 192.108.105.34
Using mail server: 207.200.4.66 (mail.soaustin.net)
Testing addr "192.108.105.34" port "80" proto "http-connect" ... connected
>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "80" proto "http-post" ... connected
>>> POST http://207.200.4.66:25/ HTTP/1.0\r\n
>>> Content-Type: text/plain\r\n
>>> Content-Length: 6\r\n\r\n
>>> QUIT\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "3128" proto "http-connect" ... cannot connect
Testing addr "192.108.105.34" port "8080" proto "http-connect" ... connected

>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "8080" proto "http-post" ... connected
>>> POST http://207.200.4.66:25/ HTTP/1.0\r\n
>>> Content-Type: text/plain\r\n
>>> Content-Length: 6\r\n\r\n
>>> QUIT\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "8081" proto "http-connect" ... connected
>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "1080" proto "socks4" ... connected

>>> binary message: 4 1 0 25 207 200 4 66 0
<<< binary message: 0 91 200 221 236 146 4 8
socks reply code = 91 (request rejected or failed)
Testing addr "192.108.105.34" port "1080" proto "socks5" ... connected
>>> binary message: 5 1 0
>>> binary message: 4 1 0 25 207 200 4 66 0
<<< binary message: 0 90 72 224 236 146 4 8
socks reply code = 90 (request granted)
<<< 220 mail.soaustin.net ESMTP Postfix [NO UCE C=US L=TX]\r\n
*** ALERT - open proxy detected
Test complete - identified open proxy 192.108.105.34:1080/socks4

In this example, correctly secured web servers (or caches or proxies)
were observed on ports 80, 8080, and 8081. A vulnerable SOCKS (version 4)
proxy, however, was found on port 1080. (If you are finding all the crud
in the above listing a bit overwhelming rather than useful, have no fear.
Say -v2 to make it less chatty.)

The following types of unsecured proxies are detected:
http-connect, http-post socks4, socks5, wingate, telnet and cisco. See the manual page for descriptions of these proxy
types.

If you like this utility, you also may be interested in its sister
utility, the rlytest open relay tester.

AttachmentSize
pxytest-1.36.gz16.37 KB
pxytest-1.19.gz10.16 KB
Release history: 

Version 1.36 (28-Dec-2002) - Significant update. One bugfix, one new proxy type, and many new features added. Please see my weblog entry for a summary of changes in this release.

Version 1.19 (20-Nov-2002) - First public release.