ush.it - a beautiful place

Proxy tools

January 29, 2006 at 6:35 pm - 2123 words, reading time ~7 minutes

What is a proxy?

To acquire a basic background consider these reading: Wikipedia - Proxies, Wikipedia - Reverse_Proxy, Wikipedia - Open_proxies.

The process of finding good proxies

In the case you don't trust our proxy list or our judgment follow these simple steps to build your very own proxy list.

First of all you need to have a public page that show the headers sent by the "browser" and the remote address of the client connecting to it; the tests should to be conducted against both HTTP and HTTPS because the connection process is handled in a slightly different manner.

Then you need a good proxy checking program: you could use our API (listed above) or an host based application (listed below) to check the proxy against the mentioned page (like an environment page, a phpini() page and so on). Now you have all the components to check the real anonymity given by the selected proxy.

The last thing to find is the IP:PORT combo to check, you could port scan common ports like 80, 8080, 9090, 8181 (note that port scanning could be illegal in your country so check before) or start from a given list of proxies.

Most important things to check (assumed that the combo actually works) are the various abilities of the proxy (like HTTP, HTTPS, SOCKS4, SOCKS5, HTTP CONNECT, etc.) and the anonymity level guaranteed (basically the proxy should send no header revealing your IP address or any other information useful to track you back).

A complete comparison should consider the final scope and these aspects:

Server location Where is the server located?
Performance Connect time, Bandwith
Type Tracking/Scam, Transparent, Anonymous, Distorting, Hight anonymous/Elite
Chainability Has CONNECT support?

Below both the various anonymity levels and tracking tricks are explained in detail.

Proxy types

Tracking and/or Scam A proxy designed to track and memorize requests and responses and/or to hijack the client.

A tracking proxy could add special header to identify the connection (like an hash or encrypted string), watermark the connection (there are plenty ways to do this, an example? alternate /r/n to /n at the end of each line), or act as an hight anonymity proxy but memorize the complete data stream along with ips and timestamps.

A scam proxy could inject malicious code in the response data. In the case of action injection usually JS or specially crafted HTML is sent back to trick the browser in an unwanted action potentially using already stored credentials (antecedently stored cookies for example). If the purpose of the evil proxy administrator is to hijack the client machine he will inject specific browser exploits trying to own the client machine.

Transparent

The term "transparent proxy" is most often used incorrectly to mean "intercepting proxy" (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied). However, RFC 2616 (Hypertext Transfer Protocol -- HTTP/1.1) offers different definitions:

  • "A 'transparent proxy' is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification."
  • "A 'non-transparent proxy' is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering."

Anonymous

An anonymous proxy server does not send the most obvious HTTP header HTTP_X_FORWARDED_FOR to the host, this improves privacy since many web servers and scripts only logs this header instead the full headers set. Except in the presence of custom logging at the network (tcpdump/some IDS/IPS) or application layer (mod_forensic/the application itself) your IP address will not be logged.

Hight anonymous/Elite

Elite proxy (high anonymity) does not send HTTP_X_FORWARDED_FOR, HTTP_VIA and HTTP_PROXY_CONNECTION variables or any other header that could be useful to directly spot their presence or reveal the identity of the service user. Host doesn't even know you are using proxy server and of course it doesn't know your IP address.

Distorting

Distorting proxies have the ability to fake/change requests and behavior. One of the most basic features of distorting proxies is changing the user agent header to a fixed, randomized or "hashed" value (the UA is initially choosed random and will be kept for all the consequent requests to that site).

Many distorting proxies just change http request headers but it's clear that the obfuscation can be deeper as in the case of Privoxy, "a web proxy with advanced filtering capabilities for protecting privacy, modifying web page data, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk". Privoxy is a great tool but is missing some key features like the ability to cycle trough a list of user agents, a neat trick is to chain it with an other local, home made, distorting proxy that implements just the missing features you need.

Normally distorting proxies are special cases of Hight anonymous/Elite proxies since they don't forward any personal information and don't publish their existence issuing HTTP_* headers. An exception is when HTTP_X_FORWARDED_FOR (and similar) headers are intentionally faked to avoid questions from the target sys-admins, the experience has demonstrated that people tend to trust the information and directly contact the net block owner of the (fake) IP instead asking proxy admins logs or ip/request/timestamp associations.

Microsoft Windows (TM) host based software

Hey, if you notice something has to be updated drop us a comment :)

Charon Freeware It provides a fully customisable way of filtering out unwanted proxies via control files, a proxy tester to check anonymity - and a fully functional search engine crawler to find lists of posted proxies. Included within the kit is a php checker which can be uploaded to your own webspace to spread the processor load and bandwidth of the actual testing. This is fully integrated into Charon where it will simply send your pages lists of proxies and harvest the results.

MultiProxy Freeware for non-commercial MultiProxy is a multifunctional personal proxy server that protects your privacy while on the Internet as well as speeds up your downloads, especially if you are trying to get several files form overseas or from otherwise rather slow server. It can also completely hide your IP address by dynamically connecting to non-transparent anonymizing public proxy servers. You can also test a list of proxy servers and sort them by connection speed and level of anonymity.

Proxyrama Opensource Proxyrama is a tool for finding and testing proxy servers. It will test them for anonymity, speed, if it's a gateway proxy, 'connect' support (=chainability), socks 4/5 support and geographical location. Furthermore, it can be used as a local proxy server that redirects your traffic through a arbitrarily long chain of anonymous proxies and lets you skip images, multimedia crap, ads, popups etc.

SocksCap Free for non-commercial SocksCap automatically enables Windows-based TCP and UDP networking client applications to traverse a SOCKS server. SocksCap intercepts the networking calls from WinSock applications and redirects them through the SOCKS server without modification to the orginal applications or to the operating system software or drivers.

Socks tester Freeware Program tests public socks server on access time and bandwidth.

Socks scanner Freeware Program searches public socks server.

Linux / BSD / *NIX host based software

Socat Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals.

Tsocks Opensource (BSD/CMU) Tsocks is a transparent SOCKS proxying library.

Dante Opensource (GNU GPL v2) Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity.

Proxycheck Opensource (GNU GPL v2) Proxycheck is a simple tool that will work on a reasonable *nix system and may be used to quickly check whenever a given host or set of hosts has open proxy server running.

BOPM Opensource (GNU GPL) BOPM is an open source open proxy monitor, designed for use with hybrid-based ircds, although it can be used with slight modification on any server which has the ability to show connects to opers and that supports KLINEs.

The process of remaining anonimous

Choose a good browser like Mozilla Firefox, uninstall or block Flash and Java, if possible disable JavaScript or install an extension like NoScript (will also disable Java). Set the proxy you choose for all the protocols or just for HTTP and HTTPS and then put an unexisting IP (like 192.168.99.99 or 127.0.0.99 or 10.0.99.99) for all the other protocols.

How to find environment pages

As you surely noted PERL environment script are commonly placed in /cgi-bin/ and named env.pl, textenv.pl, env.html or env.htm. PHP scripts don't reside in any specific folder and are called info.php, phpinfo.php, env.php. You can find yourself fresh environment pages using search engines (most of them support inurl: query) with the below search strings.

Search engine unspecific

inurl:textenv.pl REMOTE_ADDR Search for pages named textenv.pl containing the REMOTE_ADDR string.
inurl:env.pl REMOTE_ADDR Search for pages named env.pl containing the REMOTE_ADDR string.
inurl:env.html REMOTE_ADDR Search for pages named env.html containing the REMOTE_ADDR string.
inurl:env.htm REMOTE_ADDR Search for pages named env.htm containing the REMOTE_ADDR string.

inurl:info.php REMOTE_ADDR Search for pages named info.php containing the REMOTE_ADDR string.
inurl:phpinfo.php REMOTE_ADDR Search for pages named phpinfo.php containing the REMOTE_ADDR string.
inurl:env.php REMOTE_ADDR Search for pages named env.php containing the REMOTE_ADDR string.

Search engine specific

REMOTE_ADDR googlebot google.com bot html Google specific query.
REMOTE_ADDR slurp help.yahoo.com help us ysearch slurp Yahoo specific query.
REMOTE_ADDR msnbot search.msn.com msnbot htm MSN specific query.

THP USH Wisec DigitalBullets