bowler Posted April 14, 2014 Share Posted April 14, 2014 When I set up the tunnel socat and then set nmap to use localhost and my port selection, nmap quickly returns with a result that port is open (which it is) and unknown. What I would like nmap to do is to tunnel thru the port and not actually scan the port itself. Possible? Quote Link to comment Share on other sites More sharing options...
cooper Posted April 14, 2014 Share Posted April 14, 2014 Doubtful. SOCAT (which I didn't know about, so thanks for that) enables the byte transfer once the connection is made. NMAP does its thing by playing tricks with the bits in the packet sent to a port prior to the actual creation of a socket. As you probably know a socket is created by the client sending a SYN, the server responding with an ACK and the client sending a SYN+ACK. NMAP's SYN packet is received by the local host, delivered to SOCAT's listener who will probably start sending a new, bog-standard SYN to the other side of the tunnel. Same with the other packets. What makes things worse is that this tunnel is itself packaged inside TOR so effectively another tunnel. Your packets will almost certainly not be replicated bit-for-bit, but rather concept by concept. So rather than a SYN with a few weird bits up it's just a regular SYN at the other end. Same with the other packets. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted April 14, 2014 Share Posted April 14, 2014 Proxychains nmap -sP www google com Proxychains conf needs a proxy list Tits! Quote Link to comment Share on other sites More sharing options...
bowler Posted April 14, 2014 Author Share Posted April 14, 2014 Thanks guys! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.