# Squid - Port 3128

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}

* Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**
* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses.  📚
  {% endtab %}
  {% endtabs %}

## Basic info

**Port 3128** is widely associated with **Squid**, a caching and forwarding HTTP web proxy. While it can improve performance and control web access, misconfigured instances can expose systems to security vulnerabilities. In this article, we’ll explore how to identify, assess, and safely exploit Squid proxies during a penetration test—strictly in authorized environments.

### 🔍 What is Squid Proxy?

**Squid** is an open-source proxy server that supports HTTP, HTTPS, FTP, and more. It is commonly used for:

* Caching frequently accessed web content.
* Filtering traffic (e.g., for parental controls or company policies).
* Controlling internet usage via ACLs (Access Control Lists).

Squid typically listens on **port 3128**, though this can be configured.

***

## Enumeration

Use tools like `nmap` to detect open port 3128 and identify the service:

```bash
nmap -sV -p 3128 --script http-proxy nmap_target
```

If Squid is detected, note its version.

```
PORT     STATE  SERVICE      VERSION
3128/tcp open   http-proxy   Squid http proxy 4.11
```

### Banner Grabbing

```bash
nc target_ip 3128
```

Type something like `GET http://example.com HTTP/1.0` to see if it responds. A valid response indicates the proxy is open or misconfigured.

***

### Checking for Open Proxy

Use `curl` to see if you can proxy through it:

```bash
curl -x http://target_ip:3128 http://example.com
```

If you get a successful response, the proxy is likely open.

### Internal Network Access via Proxy

Try accessing internal IP ranges:

```bash
curl -x http://target_ip:3128 http://192.168.1.1
```

If successful, the proxy is leaking internal network data—critical misconfiguration.

### Using ProxyChains

Configure `/etc/proxychains.conf` and run:

```bash
proxychains nmap -sT 192.168.1.0/24
```

This shows if the proxy can be abused to scan internal networks.

***

### SPOSE Scanner <a href="#spose-scanner" id="spose-scanner"></a>

Alternatively, the Squid Pivoting Open Port Scanner ([spose.py](https://github.com/aancw/spose)) can be used.

```bash
python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131
```

***

{% hint style="success" %}
Learn & practice [**For the Bug Bounty**](https://shop.verylazytech.com)

<details>

<summary>Support VeryLazyTech 🎉</summary>

* Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**
* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses.  📚

</details>
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.verylazytech.com/squid-port-3128.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.