Port 808 – HTTP-ALT (CCProxy HTTP)

Why It’s Open

Port 808 is commonly used as an alternative HTTP port, particularly by CCProxy, a popular Windows proxy server. This port provides an alternate access point for web traffic when the standard HTTP port (80) is unavailable or blocked. Organizations may deploy CCProxy or similar proxy services on port 808 to manage and control web traffic, implement content filtering, cache frequently accessed resources, or provide Internet access to internal networks through a centralized point. This port is also sometimes used by other web services requiring an alternative to the standard HTTP port.

Common Risks

• Open proxy abuse
  Misconfigured proxies can be used to relay malicious traffic and anonymize attacks
• Authentication bypass
  Weak or missing proxy authentication can allow unauthorized access
• Data interception
  Unencrypted proxy traffic can be monitored or modified in transit
• Cache poisoning
  Attackers can inject malicious content into proxy cache to affect multiple users
• Information leakage
  Proxy logs and headers may reveal sensitive internal network information
• Session hijacking
  Inadequate session management can allow credential theft
• Resource exhaustion
  DoS attacks targeting proxy services can disrupt network connectivity

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Basic Service Detection

nmap -sV -p 808 target_ip

Proxy Testing

curl -x http://target_ip:808 http://example.com

Authentication Testing

curl -x http://user:password@target_ip:808 http://example.com

Vulnerability Testing

curl -x target_ip:808 -H "X-Header: test%0d%0aX-Injected: value" http://example.com

What to Look For

Mitigation

• Implement strong authentication
  Require valid credentials for all proxy access
• Restrict proxy rules
  Limit which destinations and methods are allowed
• Block internal network access
  Prevent proxying to private IP ranges
• Enable comprehensive logging
  Track all proxy activities for security monitoring
• Deploy TLS for proxy connections
  Secure the communication between clients and proxy
• Use IP whitelisting
  Allow proxy access only from authorized networks
• Implement rate limiting
  Prevent abuse through request throttling
• Regular security audits
  Test proxy configuration for vulnerabilities

Real World Example

In 2019, security researchers discovered a large number of misconfigured CCProxy servers on port 808 that were accessible from the internet. These open proxies were being actively exploited by attackers to relay spam, conduct credential stuffing attacks, and mask the origin of malicious traffic. In one documented case, an organization’s CCProxy server was compromised due to weak authentication and subsequently used as part of a botnet to launch DDoS attacks against financial institutions. The proxy’s logging revealed over 50,000 malicious connection attempts in a single day before the security team identified and remediated the vulnerability.

TL;DR

• Port 808 = HTTP-ALT / CCProxy HTTP proxy service
• Protocol: TCP
• Used for: Alternative HTTP proxy services and web traffic management
• Security focus: Authentication, access control, and proxy rule enforcement
• Primary risk: Open proxy abuse for malicious traffic relay and anonymization

Known CVEs and Exploits

• CVE-2004-2061 – CCProxy HTTP proxy server buffer overflow vulnerability allowing remote code execution
• CVE-2015-7253 – CCProxy HTTP header injection vulnerability enabling response splitting attacks
• CVE-2018-19886 – Authentication bypass in proxy server allowing unauthorized access
• Open Proxy Detection – Misconfigured proxies used as anonymizers for malicious traffic
• SSRF via Proxy – Server-Side Request Forgery through poorly configured proxy rules
• Cache Poisoning – Web cache poisoning attacks through unvalidated headers and responses