Software Archive: pxytest

pxytest is a command line utility to test a host for open proxies that are vulnerable to spammer abuse. It is written in perl.

Unsecured proxies currently are the most significant conduit of junk email. This is a particularly vexing problem, because open proxies, unlike open mail relays, hide the origin of the spam, making it impossible to trace. This utility tests a host to see if it is vulnerable to such abuse.

It works something like this ...

$ pxytest 192.108.105.34
Using mail server: 207.200.4.66 (mail.soaustin.net)
Testing addr "192.108.105.34" port "80" proto "http-connect" ... connected
>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "80" proto "http-post" ... connected
>>> POST http://207.200.4.66:25/ HTTP/1.0\r\n
>>> Content-Type: text/plain\r\n
>>> Content-Length: 6\r\n\r\n
>>> QUIT\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "3128" proto "http-connect" ... cannot connect
Testing addr "192.108.105.34" port "8080" proto "http-connect" ... connected
>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "8080" proto "http-post" ... connected
>>> POST http://207.200.4.66:25/ HTTP/1.0\r\n
>>> Content-Type: text/plain\r\n
>>> Content-Length: 6\r\n\r\n
>>> QUIT\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "8081" proto "http-connect" ... connected
>>> CONNECT 207.200.4.66:25 HTTP/1.0\r\n\r\n
<<< HTTP/1.1 405 Method Not Allowed\r\n
Testing addr "192.108.105.34" port "1080" proto "socks4" ... connected
>>> binary message: 4 1 0 25 207 200 4 66 0
<<< binary message: 0 91 200 221 236 146 4 8
socks reply code = 91 (request rejected or failed)
Testing addr "192.108.105.34" port "1080" proto "socks5" ... connected
>>> binary message: 5 1 0
>>> binary message: 4 1 0 25 207 200 4 66 0
<<< binary message: 0 90 72 224 236 146 4 8
socks reply code = 90 (request granted)
<<< 220 mail.soaustin.net ESMTP Postfix [NO UCE C=US L=TX]\r\n
*** ALERT - open proxy detected
Test complete - identified open proxy 192.108.105.34:1080/socks4

In this example, correctly secured web servers (or caches or proxies) were observed on ports 80, 8080, and 8081. A vulnerable SOCKS (version 4) proxy, however, was found on port 1080. (If you are finding all the crud in the above listing a bit overwhelming rather than useful, have no fear. Say -v2 to make it less chatty.)

The following types of unsecured proxies are detected: http-connect, http-post socks4, socks5, wingate, telnet and cisco. See the manual page for descriptions of these proxy types.

If you like this utility, you also may be interested in its sister utility, the rlytest open relay tester.

ATTENTION ISPs and Network Managers: This utility is designed for single-address testing. For protective scanning of your own networks, you may be interested in the pxytest/rlytest Enterprise product. Please contact me for cost and licensing information. (Spammers need not apply. License terms will require you limit scanning to networks you own or manage.)

Files

Release History

$Id: Package.def,v 1.5 2002/12/28 22:01:26 chip Exp $