SBN

Penetration testing: TOR, VPN or proxy

Introduction

If you’re reading this article, chances are good that you already know what penetration testing is. Let’s take things a step further and look at the specific case of applying proxies, VPNs and Tor in the process of performing penetration testing.

There is often a need to conduct full-fledged black box penetration testing. This is a form of testing in which security professionals have to deal with such things as firewalls other mechanisms of restriction on the customer’s side. This is an interference while pentesters execute checks and periodically block them by, for example, IP address or user-agent.

If we didn’t agree on a gray- or white-box model and our IPs were not whitelisted, what can we do to bypass those limitations which are regulated by the customer and their firewall? Here, we can see only one possibility to evade those limitations: by switching both our IP address and user-agent. If we speak about user-agent here, things seem easier, as it will be enough just to install a specific plugin for your web browser or, for example, to switch agents in your script with help of specific function.

So what are we going to do with the IP address? Below, I will describe several available methods, as well as their pros and cons.

There are lots of differences between proxy, VPN and Tor, but their common goal is to hide our IP address, mask our activities, help to evade firewall restrictions, and by extension, bypass bans. TOR and proxy are much easier to use in cases when you need to switch your IP address very often (e.g., proxychains). Proxies seems more complex for usage, as they can’t proxy all the traffic, but only for one port or service. Below, I will provide more detailed information about each (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Uladzislau Murashka. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/mWA7mSyuFug/