How to tell if a port is an HTTP proxy
An Nmap result shows an HTTP proxy on port 8080. Without trying out the proxy, how can you tell if it's a proxy or not?
8080/tcp open http-proxy
It depends on the exact options you use for a port scan with nmap
at the most basic nmap will simply determine if a port is open and listening and do a name conversion of that port number to a service name based on
/etc/services
or a similar table. the actual service on a specific port such as8080
may be something completely different and you will indeed need to do a lot more connecting and testing to get the actual servicewhen you use some of the more comprehensive options for service and version detection such as
-sV
—version-all
Nmap will have already done a lot of finger printing and testing for you and then the service nmap reports will be pretty accurate
You can't tell.
Anybody can run any service on port 8080: regular HTTP proxy, HTTP CONNECT proxy, a regular HTTP server or even SSH server if you really want to!
HTTP is a protocol where the client sends a request before the server sends a greeting. Thus, if you connect to the port, you don't see anything. While this could be an indication of HTTP as the protocol, you can't tell if it's a server or a proxy, and also you can't be 100% certain the protocol is HTTP.
Many protocols have the server send a greeting before the client, like mail protocols, SSH, TLS (well, in SSH and TLS both client and server send a greeting). Thus, you can rule out some protocols by connecting to the port and observing whether there's a greeting. But you can't rule out them all, and even then, if you suspect the protocol is HTTP, you don't really know if it's a proxy or a server.