Squid - Port 3128
Become VeryLazyTech member! 🎁
Follow us on:
✖ Twitter @VeryLazyTech.
👾 Github @VeryLazyTech.
📜 Medium @VeryLazyTech.
📺 YouTube @VeryLazyTech.
📩 Telegram @VeryLazyTech.
🕵️♂️ My Site @VeryLazyTech.
Visit our shop for e-books and courses. 📚
Basic info
Port 3128 is widely associated with Squid, a caching and forwarding HTTP web proxy. While it can improve performance and control web access, misconfigured instances can expose systems to security vulnerabilities. In this article, we’ll explore how to identify, assess, and safely exploit Squid proxies during a penetration test—strictly in authorized environments.
🔍 What is Squid Proxy?
Squid is an open-source proxy server that supports HTTP, HTTPS, FTP, and more. It is commonly used for:
Caching frequently accessed web content.
Filtering traffic (e.g., for parental controls or company policies).
Controlling internet usage via ACLs (Access Control Lists).
Squid typically listens on port 3128, though this can be configured.
Enumeration
Use tools like nmap
to detect open port 3128 and identify the service:
nmap -sV -p 3128 --script http-proxy nmap_target
If Squid is detected, note its version.
PORT STATE SERVICE VERSION
3128/tcp open http-proxy Squid http proxy 4.11
Banner Grabbing
nc target_ip 3128
Type something like GET http://example.com HTTP/1.0
to see if it responds. A valid response indicates the proxy is open or misconfigured.
Checking for Open Proxy
Use curl
to see if you can proxy through it:
curl -x http://target_ip:3128 http://example.com
If you get a successful response, the proxy is likely open.
Internal Network Access via Proxy
Try accessing internal IP ranges:
curl -x http://target_ip:3128 http://192.168.1.1
If successful, the proxy is leaking internal network data—critical misconfiguration.
Using ProxyChains
Configure /etc/proxychains.conf
and run:
proxychains nmap -sT 192.168.1.0/24
This shows if the proxy can be abused to scan internal networks.
SPOSE Scanner
Alternatively, the Squid Pivoting Open Port Scanner (spose.py) can be used.
python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131
Learn & practice For the Bug Bounty
Last updated
Was this helpful?