How to tell if a port is an HTTP proxy












4














An Nmap result shows an HTTP proxy on port 8080. Without trying out the proxy, how can you tell if it's a proxy or not?



8080/tcp open http-proxy









share|improve this question









New contributor




Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    4














    An Nmap result shows an HTTP proxy on port 8080. Without trying out the proxy, how can you tell if it's a proxy or not?



    8080/tcp open http-proxy









    share|improve this question









    New contributor




    Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      4












      4








      4


      1





      An Nmap result shows an HTTP proxy on port 8080. Without trying out the proxy, how can you tell if it's a proxy or not?



      8080/tcp open http-proxy









      share|improve this question









      New contributor




      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      An Nmap result shows an HTTP proxy on port 8080. Without trying out the proxy, how can you tell if it's a proxy or not?



      8080/tcp open http-proxy






      proxy






      share|improve this question









      New contributor




      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 26 mins ago









      Peter Mortensen

      2,09742124




      2,09742124






      New contributor




      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 16 hours ago









      Bob Ebert

      1211




      1211




      New contributor




      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Bob Ebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          2 Answers
          2






          active

          oldest

          votes


















          7














          It depends on the exact options you use for a port scan with nmap




          • at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on /etc/services or a similar table.
            the actual service on a specific port such as 8080 may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual service


          • when you use some of the more comprehensive options for service and version detection such as -sV —version-all Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate







          share|improve this answer





























            0














            You can't tell.



            Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!



            HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.



            Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.






            share|improve this answer





















            • In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
              – kasperd
              2 hours ago










            • In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
              – kasperd
              1 hour ago











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            Bob Ebert is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f946556%2fhow-to-tell-if-a-port-is-an-http-proxy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            7














            It depends on the exact options you use for a port scan with nmap




            • at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on /etc/services or a similar table.
              the actual service on a specific port such as 8080 may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual service


            • when you use some of the more comprehensive options for service and version detection such as -sV —version-all Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate







            share|improve this answer


























              7














              It depends on the exact options you use for a port scan with nmap




              • at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on /etc/services or a similar table.
                the actual service on a specific port such as 8080 may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual service


              • when you use some of the more comprehensive options for service and version detection such as -sV —version-all Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate







              share|improve this answer
























                7












                7








                7






                It depends on the exact options you use for a port scan with nmap




                • at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on /etc/services or a similar table.
                  the actual service on a specific port such as 8080 may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual service


                • when you use some of the more comprehensive options for service and version detection such as -sV —version-all Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate







                share|improve this answer












                It depends on the exact options you use for a port scan with nmap




                • at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on /etc/services or a similar table.
                  the actual service on a specific port such as 8080 may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual service


                • when you use some of the more comprehensive options for service and version detection such as -sV —version-all Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 13 hours ago









                HBruijn

                52.7k1087143




                52.7k1087143

























                    0














                    You can't tell.



                    Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!



                    HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.



                    Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.






                    share|improve this answer





















                    • In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                      – kasperd
                      2 hours ago










                    • In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                      – kasperd
                      1 hour ago
















                    0














                    You can't tell.



                    Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!



                    HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.



                    Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.






                    share|improve this answer





















                    • In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                      – kasperd
                      2 hours ago










                    • In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                      – kasperd
                      1 hour ago














                    0












                    0








                    0






                    You can't tell.



                    Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!



                    HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.



                    Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.






                    share|improve this answer












                    You can't tell.



                    Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!



                    HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.



                    Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 6 hours ago









                    juhist

                    15218




                    15218












                    • In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                      – kasperd
                      2 hours ago










                    • In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                      – kasperd
                      1 hour ago


















                    • In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                      – kasperd
                      2 hours ago










                    • In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                      – kasperd
                      1 hour ago
















                    In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                    – kasperd
                    2 hours ago




                    In SSH it used to be the case that clients would wait for the server to send its banner before the client would respond. However if you completely disable support for version 1 of the protocol it is possible for the client to send its banner without waiting for the server to say anything. For maximum compatibility SSH servers still need to send a banner before it has heard anything for the client. In the case of TLS it is different. The hello message from the server cannot be sent until after the client has sent a hello message.
                    – kasperd
                    2 hours ago












                    In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                    – kasperd
                    1 hour ago




                    In TLS the client hello message contains a list of supported cipher suites. And the server picks one of the cipher suites supported by the client and in the server hello message tells the client which one it picked. For this reason it's not possible for the server to send a server hello message before it has received the client hello message. Moreover in some setups (usually involving a reverse proxy) the SNI field from the client hello is required before the server will be able to terminate the TLS connection.
                    – kasperd
                    1 hour ago










                    Bob Ebert is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    Bob Ebert is a new contributor. Be nice, and check out our Code of Conduct.













                    Bob Ebert is a new contributor. Be nice, and check out our Code of Conduct.












                    Bob Ebert is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f946556%2fhow-to-tell-if-a-port-is-an-http-proxy%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    404 Error Contact Form 7 ajax form submitting

                    How to know if a Active Directory user can login interactively

                    Refactoring coordinates for Minecraft Pi buildings written in Python