How to view your website from the outside while being on the inside

Sound cryptic, doesn’t it?

In most situations where you do configuration, tuning or other settings of web environments (apache, oracle http server, OC4J, weblogic, websphere, etc.) you have access from ‘the inside’, most of the time access via a separate LAN (often called ‘administration LAN’) which let’s you get access in another way than the regular web traffic, which comes in from ‘the outside’ which is firewalled different (or is the only connection being firewalled), thus is handled different.

There are situations where you want to see what traffic from ‘the outside’ does instead of your ‘inside connection’, for example:
– ssl/certificates/wallets
– connecting webservers with the webcache
– altering hostnames
– review firewalling and webtraffic routing
– review NIDS (network intrusion detection)

This is where tor comes in.

What does Tor do? The best explanation is on the tor website. What it does is route your traffic encrypted through an anonymous, distributed network. Tor accomplishes much security related things, for this subject it’s important it setups an connection randomly on the internet.

Tor is not available on the RHEL/OEL/CentOS CD/DVD’s and network repositories. It’s also not present in EPEL (extra packages for Enterprise Linux), so it must be downloaded from the tor download page (choose ‘stable’).

In order to fully use it, you need privoxy, which is present in the repository (thus can be installed using yum).

After the installation of both, there’s a little configuration necessary, but then you’ve got a proxy setup which let’s you browse the internet (anonymously) from a random place on the internet!

For people who have security considerations, and/or doubts about anonymity of their traffic, anything which can use a proxy can use it.

This means nikto can be used entirely anonymous, whilst things like nmap, nessus can’t with this setup.

1 comment
  1. Pingback: Alexander

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: