Wednesday, April 29, 2015

Proxy Auth Required Project

This is the last project I will be releasing to the public. I’m going underground to learn more. I will be back once I learn VB.NET and C++

My programs are made using VB6 so they don’t work on Windows 7 or Windows 8 by default.

If you want to have my programs work you will need…

XP or a virtual machine to run XP

Or

You can have VB6 programs work on Windows 7 and 8. You can find out how by google.

Since I started out by learning about proxies and how they worked before everything else. I decided to release my Proxy Auth Required Scanner.

First to find auth proxies we need a fast port scanner. I like nmap yes but not for this purpose. My port scanner uses winsock and sends a GET request for a response. So it’s pretty slow, that’s why my Advanced Port Scanner has extra options for purposes other port scanners can’t do. I’d rather use Angry IP Scanner then I edit my list using List Master by Markus in order to just make it a list of ip’s alone nothing else.

Once you get your list you load it up into my scanner and it will pull any Proxy Auth Required type of proxies it finds.

From there you can crack them because it uses Base64 encryption. You could create a cracker that does the same thing in PHP and have it encode the user:pass to Base64 on the fly while you’re cracking. I’m not into PHP so I’d rather just load already encoded base64 keys into my cracker which works but it’s more of a bitch.

To encode plain user:pass to Base64 it’s pretty simple.

<?php

$passes = file('swing.txt');
foreach($passes as $key => $pass)
$passes[$key] = base64_encode($pass);
$passes = implode("\n", $passes);
file_put_contents(doggy, $passes);

?>

You would upload swing.txt which would have your username:password in list format to your FTP.

admin:1234
admin:12345
admin:123456
admin:1234567
so on...

You would also upload the encode php file itself to your FTP.

You would visit your php file through your web browser; you should see a white background.

Than visit yourwebsite/doggy

All those passwords will be encoded to Base64 now on the doggy page.

Save them to a text and load the file into my v1 cracker and start brute forcing.

If you end up cracking one decode the Base64 key online.

The v2 scanner is great for finding Proxy Auth Required type of proxies. Leech those proxies using whatever proxy puller you use but don’t test them. Instead save your leech list and load it into my v2 scanner and it will find all those Proxy Auth Required type of proxies for you.

Proxy Auth Required type of proxies are like 401 unauthorized but instead of accessing info you get access to someone’s private proxy. A lot of people pay big money for proxies so with this you can attempt to not have to. I would advise you to keep your traffic low if you crack one so your ip isn’t blasted all over their logs. Withier it’s running off of a VPN or a VNC you can still crack them.

I love the idea of thinking outside the box and I know hydra, nmap or brutus can’t do this and I have yet to find a program that tries to crack Proxy Auth Required Protocol.

Cracking private proxies is tough though, I have managed to crack a few. It's tough because it could be any username and any password.

I don't use a lot of usernames.

I use.....

admin
root
squid


I provided a Base64 user:pass list for you guys to save you from having to do the work.

Pay close attention to the Content-Length from the Return. If you see it's not changing and staying the same after it was changing it means you're banned.


Enjoy this program because it's new, nothing like this has been made for hackers and crackers.






 


Good luck fellow hackers & crackers


privateroot

Proxy Auth Required Project