Often when conducting penetration tests, there is a need to carry out full-fledged black box testing. This is where a security professional has to deal with firewalls or other restriction mechanisms on the customer’s end. This can be an interference as penetration testers try executing checks which may be blocked periodically by, for instance, user-agent or IP address.
If there wasn’t a gray or white box testing model and our IP is not whitelisted, what can be done to bypass limitations regulated by a customer? There’s of course the possibility to evade limitations by switching our user-agent and IP address.
When we talk about user-agent, it’s easier as you may only need to install a plugin for your web browser, or switch agent in your script through a particular function. But what about the IP address? Let’s look at the pros and cons of some available methods that you can use to hide your IP address, mask your activities, evade firewalls and bypass bans.
Proxy servers have several forms.
HTTP relays GET/POST request. It can add your IP address to request header and store your entire history of interaction with the site.
For a SOCKS Proxy, the browser will open TCP (sometimes UDP) sockets on the server’s behalf. Depending on the browser, you can also use the local DNS server and the site can track you by issuing a unique name for every request and remembering the addresses from where the DNS queries come.
A VPN allows a user to send and receive any data across public or shared networks. Hence, applications that run on a device across a Virtual Private Network can take advantage from the security, management and functionality of the private network. When using a VPN, the most common solution is an OpenVPN. It provides many features such as the possibility to work through UDP, undergoing NAT using SSL/TLS, split tunnelling and much more.
Tor network is an anonymising technology to help you get access to Tor network along with hiding your real IP address. You can either install the Tor browser or run your Tor service on a remote server used as a proxy.
You can switch your IP by using the option provided in your browser or by restarting your server’s Tor service
Whether you are looking for a whitebox or blackbox assessment, Aardwolf security can fulfill your requirement. Get in touch today to find out more or use our interactive pen test quote form.
The post Black Box Red Teaming: Proxy, Virtual Private Network or TOR appeared first on Aardwolf Security.
Click to Open Code Editor