~ Proxy Paradise ~
|
|
|
|
fjrp2 |
Published @ searchlores.org
in October and November 2002
Updated & somehow corrected by fjrp2 one year later!!
~ Proxy Paradise Revisited ~
by fjrp2
(slightly edited by fravia+)
October 2002 ~ November 2003
First part ~ Second part
How to take advantage of badly configured proxies
(or how to let them take advantage of you, depending how you look at it ;-)
Fjrp2's "macho" cut my not suit eveyones' tastes, but the content is king,
as we all know, and the advices he gives should not be underestimated...
The proxy is maybe the most useful gizmo out there in the web. It's
of course a 'conditio sine qua non' if you are taking part in actions
frowned upon by authorities, but it is also of tantamount importance if you want to preserve
your anonymity anywhere you go.
The proxy is like the relay, the interface; it is always used, but
the 'quality' inside it, what makes it work more smoothly, or quicker,
or prettier, maybe it depends on the programmer that put it together,
or on the engineer that mixed the pieces, or maybe it is just a
coincidence.
Some guys are very jealous of their proxies, other are very proud of
them... still to explain how they work I will use some more luxurios
metaphore: consider a proxy like a girl-friend.
At least, they behave usually like my girl-friends: they get bored
soon of me, go away and tell other folk how disappointing I am ... maybe
they never understood the c00l stories
I invented for them.
Anyway, luckily proxies are easier to handle than girls.
So if you have a good proxy, you have a sort of 'cloak of invisibility'.
Then what's the Paradise?
-------------------------------
This metaphoric paradise is like a sculptural blonde, with blue-dyed
contact lenses, a big pair of silicone tits, that always says yes.
And whatīs that translated to proxys?
Of course, a badly configured one. Because, if the proxy
is strongly configured, it'll keep a log of entries, being thus
traceable. But if the proxy is not configured... oh, man, what a
night!
Maybe we are going too quickly.
A proxy is simply a gateway between computers. So, as the internet
is an INTERconnection of NETworks, and every network usually means
another network of networks, with multiple computers interrelated in
a spiderweblike patchwork, proxies are as abundant as coaxial cables.
For example, in LAN (Local Area Networks) or intranets, they are
used to connect to the global internet. This accounts for the
millions of proxies floating everywhere, not to mention those that
serve as 'translators' from different systems inside the same
intranet.
So there are enough proxies for all of us to have an 'harem', at
least as good as Saladino's.
But let's not become greedy too soon.
Most proxies serve a determined purpose, and are not easily
accessible. But there are still many poorly configured ones:
unpatched Micro$oft's Wingates -for instance- allow by default anyone to access and
exploit the gateway.(Thanx again, Billy)
For anonymous surfing, the blonde dwells in the HTTP daemon.
Strongly configured proxies won't allow an external connection. So if
we mange to get inside one, we can have some confidence that this is our dream
girl.
And what do you do, once in Paradise?
----------------------------------------
I think the story now consists of exploring the forest; eating an
apple inside the server would mean doing something harmful: misbehaving; that
would probably imply that the dad of the proxy-girl would come into
action, and ban us from paradise proxiness forever.
For myself, I prefer to bear the risk of somebody misbehaving than
the repression of a police organization ā la NSA. But it seems that
world nowadays works the other way round, so just be prudent.
I have heard of some people that chain proxies: send the output of
one proxy to another, then to another, then to another... too many
walkiries, seems to me.
Take into account that when connecting to say port 80, the machine
will commit any available number of port to send the data from; then
the information received from there will be the one to chain into the
next proxy.
This operation makes information retrieval a little slower for all
the bounces that takes it to go through, and with one of
those 'applets' that show where the traffic is coming from in a world-
map, it's real fun to see it running up and down around the world,
from Pacific to Atlantic and back again...
Remember also that ftp-proxies connet to port 21 for control of the
transfer, and to port 20 for the default data.
Talking about file transfer protocols, what about port 69? Well, I
dunno, call me retrograd, but exploring each
other's anatomy inside a proxy is never a 'trivial' idea anyway.
And for exploring each other's mind, it's chat-time, use a socks-
proxy, like that in port 1080, as easy as configuring the irc client
to open through there in the socks option.
The problem is that IRC
usually proves conections and will ban proxies. So momonari showed us
at es.comp.hackers some time ago a co0l trick: look at the g-lines;
some of them are of people saying bad words, or spammers, or punk
administrators misusing their priviledges, but others are from people
using proxies, a fast way to make lists of good proxies: "/raw stats glines".
Yet if you create a serrail, don't forget to share with the rest of
humanity.
fjrp2
SECOND PART, re-edited by fjrp2, november 2003
This is the second part of Proxy Paradise:
Proxy Babes
---------------
There are many types of proxies, each differently configured, with
inherent peculiarities, with different approaches to them.
If you read the text above, now you know that the temptation
"lives upstairs".
She maybe a red-haired irish proxy, or a blonde estonian, maybe
a dark haired taiwanese proxy, that depends on your own likings.
But these "she-s", these proxies, are everywhere.
Why? Well, because that's how it works. It's required for the very
web-nature's economy.
It's one of those questions that are an answer in themselves.
The comparision with girls may annoy some readers, but works great
in the web of ours: proxies are everywhere, they are necessary,
they are very pretty... and of course, they are cyclic :-)
By cyclic I mean that they keep changing, moving, developing.
That's why your personal "search-for-proxies flag" has to be always on.
So, even though in real life we might be very shy, when seeking
companions, when seeking inside the internet, we must become real "proxy
donjuanes".
I would truly recommend reading on-line one of the multiple
adventures of this semi-mythical lover-character.
There's an advantage for us: internet is in itself a semi-mythical
space (or time-dimension?), so things acquire here a "smoothlier" character
than in everyday's life.
In this situation, becoming a "proxy womanizer" implies all the nice
features of the profession, without the many external complicatons
that real-life would provide.
So if you ever wondered why those chat channels and ircs and icqs
proliferate so much, now you have a good explanation.
Let's assume then, that from now on we will be proxy-womanizers.
What kind of proxy-girls we are going to find
'in the wild'?
The common proxy (the common female)
------------------
The common proxy works as some kind of relay. As information travels
from and to distant corners of the world, several proxies are used to
connect the loose ends quickly. If the information requested has alredy gone through
a proxy, it's very likely that it will be held in its cache.
This makes so that internet travelling functions sharp and quick.
This and only this allows google to answer your searches in a second.
This also allows those crap-ads images to be pushed around by akamai's
minion proxies.
These proxies are private or public servers, often open for access, and there are
a-plenty of them.
But the majority of them are not anonymous. If the client's
IP address can be gathered anyhow from the proxy, even if it doesnīt
show up in regular header signatures, then she's just a plain common female
proxy: may be pretty from the outside, but almost useless for our purposes... letting us wonder
if there's
anything pretty inside at all.
The nynfomaniac
----------------------------
This is a server with a lot of capacity. She is much worthier
than the regular proxy babe, because if she keeps logs, she mangles them
among millions of others, making it much more difficult to trace
someone specific, unless the request comes from a big heavy crap
agency ā la CIA.
Moreover the list of logins will remain for a shorter time inside
her databases, which is always an advantage.
Note however that nowadays all your loggings, emails and
internet activities are regularly burned onto DVDs -for the eternity- by
your provider, your corporation and maybe your local police station as well
(just to name three little spies). This means among other unpleasant things that even your own grandsons
will be able to know -provided thy have learned how to search- how often and
how long you have visited that www.smack-my-bitch-up.com site that sits
in your
favourites - fravia+.
Let's face it, the internet can be sometimes intimidating.
But the factor of intimidation slowly disappears once whe begin to
understand how it works.
I wonder sometimes if governments are really so much interested in having
us intimidated, and why.(1)
Indeed many hackers do work for all sort of
agencies (and they are not even forced to).(2)
Yet those that spread knowledge will win, I am confident.:-)
Luckily, having this kind of proxy-girls around, we can 'make love and not
war' with them, learning all kind of techniques that will come quite handy
while pursuing anonymity and fighting againstthe dark side.
That's why this kind of proxy is recommended to get started in the uncanny
and unforgiving world of proxying. Note that this kind of proxy will
probably take the initiative anyway... as soon as you find her.
There are some tools that I'd include in this category, because they
allow you to locate, test and log onto the various public anonymous proxy
servers, scanning them, timing their response, being very careful to
check all possible leakeages of anonymity and IP isolation...
Also some of the lists and proxy-databases available in the web are
indiscutibly THE stuff that will allow you to individuate a good nynfomaniac proxy-babe.
Have patience in finding working Wingate (Windows-based proxy server)
proxies, they are quite rare,
and they die quickly. Try IP's from exotic countries (South-Africa, Brasil,
Estonia...
use LookUp in IP-Tools to find out), some machines there tend to be poorly
configured and will allow anonymous access.
Note that hosts with both port 1080 and 23 active usually give
users anonymous access to their Wingates and SOCKS proxy.
For starters,
find sites that provide proxies. But try also finding more by yourself, by all means. You'll learn a lot doing so.
Remember that the difference between reading an essay and putting your hands under the hood is the
difference between vague recalling versus really knowing what you have to do, when the time cometh.
Note that most of these proxies will not be SOCKS nor Wingate proxies, but may be you will
get a good list of IP's to start with. On searchlores' tools
page you will also find programs that will allow you to test
proxy anonymity (passwords breakers are among the best ones in this context).
You can also always SCAN for proxies yourself, although this isn't recommended.
You can use wGateScan or ProxyHunter, search for them, they are
easily available. You can give ProxyHunter a range of IPs to scan
for open ports 1080 and 23, whereas you'll use only port 23 for wGateScan.
But this "scanning" is known as "Network Probing" and is
highly prohibited by Internet Service Providers. The same providers that log you all the time, btw.
Do it too much or too obviously, and you might lose your account with your ISP when they
find you. You should not scan at all, but
if you insist in doing it, you should always scan for proxies with a tested good proxy.
The girl-friend
-----------------
You may be lucky enough to find a stable proxy.
Maybe it's the gateway from a corporation, or some kind of
institution, and maybe they don't even check/notice your activities, or they don't care, or the sysadmin is a freak,
who knows.
This kind of proxy-girl deserves a much more elaborate treating.
You start by knowing her a little more, asking her things, of course
telnet a lot, at least once a day; these proxy just love that.
Invite her to the movies so to say, travel with her around the world. Let your beloved proxy feel comfortable.
Still, don't tell her a word about your hacking abilities, provided you really have some. It's better if she
doesn't even know that you can use rather effectively your box.
And if one day, she doesnīt show up for the date, and when you go to her
place she has moved and all ports are closed, take it easy bud, such things happen
often in the world of proxys.
But let's imagine that you have just met this nice proxy.
Now, the difficult thing is how to spend the night with her without
her admin (who sleeps downstairs) noticing your presence.
The sex-appeal of her fascinates us (apart from the
exuberant ping-shape and all the other sensual IP-perceptions):
she knows how to keep it anonymous, this babe really does, I mean, she won't show any of your IPs during
connections.
That's what I call a brave proxy-girl!
But there are still information that can leak through, the usual bunch:
*) Brand of browser software;
*) Operating System used, including version and all details;
*) Language or charset of your computer;
*) Other information stored in HTTP variables, like cookies and
referrer.
These HTTP request headers are the real trouble-makers of the
communication.
Because, how can we be sure that none of the HTTP_VIA,
HTTP_FORWARDED, HTTP_USER_AGENT_VIA, HTTP_CACHE_CONTROL,
HTTP_CACHE_INFO, HTTP_PROXY_CONNECTION headers will be sent?
They unmistakebly inform the target server that the connection is via
a proxy.
Of course, from a seeker inerested in anonymity point of view, the less information a proxy sends, the best.
A quiet proxy is always a cherised treasure (but have you ever met one
able to keep mum?)
HTTP request-headers sound like noise during sexual
intercourse. An intelligent solution would be to turn up the volume of
your favourite music (I have found some of Beethoven's movements to
work very well). Either that, or get a deaf and/or blind admin sleeping soundly downstairs.
Indeed, rising the 'level' of background noise, the "smoke', can sometimes be very
effective to hide one's identity. The best thing, though, is the
second solution.
There are basically two kinds of connections: Close and Keep-Alive.
The first is typical for proxy servers, while the second is used by
browsers in regular queries. Some proxies support the Keep-Alive
type, therefore making the packet look as if it came from a browser.
But there's still the doubt.
You know how proxies are, the little dears: inclined to gossip while cleaning their ports.
Will she recount tomorrow to her friends everything you did to her during the night?
Will she give away your identity?
Will admin find out that you have been there from some evidence you left, like packets of
used IP-sessions all around the bedroom?
Donīt be sloppy; try not to leave hints to the admins.
Tidy the room (and the port-bathrooms) a little, and always try to hide that satisfied silly smile from your
face during breakfast, on IRC.
That's what YOU have to do.
But from the proxy's side, well, you can never be truly, truly safe
with proxies... it's some kind of female feature I guess :-)
The prostitute
----------------
As the name implies, this is a proxy server whose services you have to pay
for.
These are often advertised as 'anonymizing services', they have
peculiar policies regarding logfiles (some roll their logs every
couple of days, some do it once a month, etc, but they all log)
Some anonymizing services are free, others start free and require a
fee to upgrade, others offer a 'premium' service to abonates...
Usually, they are not very expensive, less than 10 euro per month or so.
The customer usually gets 24 hours access to an "anonymous" web proxy, SSL
mail service (both POP and SMTP), anonymous usenet access, and personal
anonymous web space -- for the price.
Proxy prostitutes are good for an emergency, or if you are really desperate
and are not able to find any nice proxy.
No prejudice from mine here: Prostitutes perform a very important social work.
It's actually the most socially connotated work I know of, for a proxy.
The travestite
----------------
Finally, one of the ugliest creature of internet.
These are -mostly- proxy servers owned by organizations, that use the
data stored there to create statistics, to maintain huge
databases, to sell the information for commercial purposes, or
who knows what for.
The cookies can be turned off, the swap files deleted (unless you are
using one of those Winoperating systems from Redmond that leave pieces
of crap and information mixed almost everywhere...), and the forms
can be filled using fake identities...
But what can be done about the information leaked off by the proxy,
like the language, place you come from, place you go to, and other
request headers?
Still there are those that say that the internet would be havoc
without travestite proxies, also known as 'drag-queens', or 'big
brothers'.
But -ā mon avis- you will find your "web-emotional stability" only with a good-
behaving, anonymous and correct proxy-woman, proxy-wife or proxy-girl-friend.
fjrp2
(1)
I wonder no more, ritz gave me this sommer the answer: "and it works, most crimes
that are _not_ committed, are not committed because of fear of getting caught..
imagining the law much more powerful than it actually is... probably a good thing, though"...
by sheer coincidence I was listening at that exact moment to a conference
by a government-funded organization whose goal is to create paranoias and spread them :-(
(2)
I remember that in the first version these lines had been edited by fravia+,
I myself, at the time, could not believe that a real 'hacker' would sell himself to an agency. Then I have
met some hackers working for governments
or financed (directly or indirectly) by various agencies, an so my views have
broadened. I would
like therefore to redefine the word 'hacker' as somebody who knows computers,
would never sell this knowledge, and strives to
achieve a better world through it (Mr. Stallman comes to mind), and
thus I wish to re-edit my original sentence in the following way: I can only be sure of
this: no real hacker would work for an agency unless forced to.
Fjrp2 seems a tag contradictory on this point. I wish to point out that:- ) very few
people deserve the appellative "hacker"
- ) the few that really do are mostly, as far as I can judge, quite
dangerous bastards (which
makes them -eo ipso- pretty interesting chaps, btw), so I would EXPECT them to switch over to whomever satisfies better teir ego without
any ethical shadow whatsoever
- ) specialists have been known to work for Attila, Hitler, Stalin, Bush (and Barnum)
for money since the dawn of history, and some seem to have
enthusiastically contributed even unpaid, just for the joy of it
:-(fravia+
(c) III Millennium: [fravia+], all rights
reserved