~ Proxy Paradise ~
         Petit image    fjrp2
Published @ searchlores.org in October and November 2002
Updated & somehow corrected by fjrp2 one year later!!

~ Proxy Paradise Revisited ~
by fjrp2
(slightly edited by fravia+)
October 2002 ~ November 2003
First part ~ Second part
How to take advantage of badly configured proxies
(or how to let them take advantage of you, depending how you look at it ;-)
Fjrp2's "macho" cut my not suit eveyones' tastes, but the content is king, as we all know, and the advices he gives should not be underestimated...
The proxy is maybe the most useful gizmo out there in the web. It's of course a 'conditio sine qua non' if you are taking part in actions frowned upon by authorities, but it is also of tantamount importance if you want to preserve your anonymity anywhere you go.
The proxy is like the relay, the interface; it is always used, but the 'quality' inside it, what makes it work more smoothly, or quicker, or prettier, maybe it depends on the programmer that put it together, or on the engineer that mixed the pieces, or maybe it is just a coincidence.
Some guys are very jealous of their proxies, other are very proud of them... still to explain how they work I will use some more luxurios metaphore: consider a proxy like a girl-friend.
At least, they behave usually like my girl-friends: they get bored soon of me, go away and tell other folk how disappointing I am ... maybe they never understood the c00l stories I invented for them.
Anyway, luckily proxies are easier to handle than girls.
So if you have a good proxy, you have a sort of 'cloak of invisibility'.

Then what's the Paradise?
-------------------------------
This metaphoric paradise is like a sculptural blonde, with blue-dyed contact lenses, a big pair of silicone tits, that always says yes. And whatīs that translated to proxys?
Of course, a badly configured one. Because, if the proxy is strongly configured, it'll keep a log of entries, being thus traceable. But if the proxy is not configured... oh, man, what a night!

Maybe we are going too quickly.
A proxy is simply a gateway between computers
. So, as the internet is an INTERconnection of NETworks, and every network usually means another network of networks, with multiple computers interrelated in a spiderweblike patchwork, proxies are as abundant as coaxial cables. For example, in LAN (Local Area Networks) or intranets, they are used to connect to the global internet. This accounts for the millions of proxies floating everywhere, not to mention those that serve as 'translators' from different systems inside the same intranet.
So there are enough proxies for all of us to have an 'harem', at least as good as Saladino's.
But let's not become greedy too soon.
Most proxies serve a determined purpose, and are not easily accessible. But there are still many poorly configured ones: unpatched Micro$oft's Wingates -for instance- allow by default anyone to access and exploit the gateway.(Thanx again, Billy)
For anonymous surfing, the blonde dwells in the HTTP daemon. Strongly configured proxies won't allow an external connection. So if we mange to get inside one, we can have some confidence that this is our dream girl.

And what do you do, once in Paradise?
----------------------------------------
I think the story now consists of exploring the forest; eating an apple inside the server would mean doing something harmful: misbehaving; that would probably imply that the dad of the proxy-girl would come into action, and ban us from paradise proxiness forever.
For myself, I prefer to bear the risk of somebody misbehaving than the repression of a police organization ā la NSA. But it seems that world nowadays works the other way round, so just be prudent.
I have heard of some people that chain proxies: send the output of one proxy to another, then to another, then to another... too many walkiries, seems to me.
Take into account that when connecting to say port 80, the machine will commit any available number of port to send the data from; then the information received from there will be the one to chain into the next proxy.
This operation makes information retrieval a little slower for all the bounces that takes it to go through, and with one of those 'applets' that show where the traffic is coming from in a world- map, it's real fun to see it running up and down around the world, from Pacific to Atlantic and back again...
Remember also that ftp-proxies connet to port 21 for control of the transfer, and to port 20 for the default data.
Talking about file transfer protocols, what about port 69? Well, I dunno, call me retrograd, but exploring each other's anatomy inside a proxy is never a 'trivial' idea anyway.
And for exploring each other's mind, it's chat-time, use a socks- proxy, like that in port 1080, as easy as configuring the irc client to open through there in the socks option.
The problem is that IRC usually proves conections and will ban proxies. So momonari showed us at es.comp.hackers some time ago a co0l trick: look at the g-lines; some of them are of people saying bad words, or spammers, or punk administrators misusing their priviledges, but others are from people using proxies, a fast way to make lists of good proxies: "/raw stats glines". Yet if you create a serrail, don't forget to share with the rest of humanity.


fjrp2



SECOND PART, re-edited by fjrp2, november 2003
This is the second part of Proxy Paradise:

Proxy Babes
---------------

There are many types of proxies, each differently configured, with inherent peculiarities, with different approaches to them. If you read the text above, now you know that the temptation "lives upstairs".
She maybe a red-haired irish proxy, or a blonde estonian, maybe a dark haired taiwanese proxy, that depends on your own likings. But these "she-s", these proxies, are everywhere.
Why? Well, because that's how it works. It's required for the very web-nature's economy.
It's one of those questions that are an answer in themselves. The comparision with girls may annoy some readers, but works great in the web of ours: proxies are everywhere, they are necessary, they are very pretty... and of course, they are cyclic :-)
By cyclic I mean that they keep changing, moving, developing.
That's why your personal "search-for-proxies flag" has to be always on.
So, even though in real life we might be very shy, when seeking companions, when seeking inside the internet, we must become real "proxy donjuanes".

I would truly recommend reading on-line one of the multiple adventures of this semi-mythical lover-character.
There's an advantage for us: internet is in itself a semi-mythical space (or time-dimension?), so things acquire here a "smoothlier" character than in everyday's life.
In this situation, becoming a "proxy womanizer" implies all the nice features of the profession, without the many external complicatons that real-life would provide.
So if you ever wondered why those chat channels and ircs and icqs proliferate so much, now you have a good explanation.
Let's assume then, that from now on we will be proxy-womanizers.
What kind of proxy-girls we are going to find 'in the wild'?

The common proxy (the common female)
------------------
The common proxy works as some kind of relay. As information travels from and to distant corners of the world, several proxies are used to connect the loose ends quickly. If the information requested has alredy gone through a proxy, it's very likely that it will be held in its cache.
This makes so that internet travelling functions sharp and quick.
This and only this allows google to answer your searches in a second.
This also allows those crap-ads images to be pushed around by akamai's minion proxies.
These proxies are private or public servers, often open for access, and there are a-plenty of them.
But the majority of them are not anonymous. If the client's IP address can be gathered anyhow from the proxy, even if it doesnīt show up in regular header signatures, then she's just a plain common female proxy: may be pretty from the outside, but almost useless for our purposes... letting us wonder if there's anything pretty inside at all.

The nynfomaniac
----------------------------
This is a server with a lot of capacity. She is much worthier than the regular proxy babe, because if she keeps logs, she mangles them among millions of others, making it much more difficult to trace someone specific, unless the request comes from a big heavy crap agency ā la CIA.
Moreover the list of logins will remain for a shorter time inside her databases, which is always an advantage.

Note however that nowadays all your loggings, emails and internet activities are regularly burned onto DVDs -for the eternity- by your provider, your corporation and maybe your local police station as well (just to name three little spies). This means among other unpleasant things that even your own grandsons will be able to know -provided thy have learned how to search- how often and how long you have visited that www.smack-my-bitch-up.com site that sits in your favourites - fravia+.

Let's face it, the internet can be sometimes intimidating. But the factor of intimidation slowly disappears once whe begin to understand how it works.
I wonder sometimes if governments are really so much interested in having us intimidated, and why.(1)
Indeed many hackers do work for all sort of agencies (and they are not even forced to).(2)
Yet those that spread knowledge will win, I am confident.:-)
Luckily, having this kind of proxy-girls around, we can 'make love and not war' with them, learning all kind of techniques that will come quite handy while pursuing anonymity and fighting againstthe dark side.
That's why this kind of proxy is recommended to get started in the uncanny and unforgiving world of proxying. Note that this kind of proxy will probably take the initiative anyway... as soon as you find her.

There are some tools that I'd include in this category, because they allow you to locate, test and log onto the various public anonymous proxy servers, scanning them, timing their response, being very careful to check all possible leakeages of anonymity and IP isolation...

Also some of the lists and proxy-databases available in the web are indiscutibly THE stuff that will allow you to individuate a good nynfomaniac proxy-babe.

Have patience in finding working Wingate (Windows-based proxy server) proxies, they are quite rare, and they die quickly. Try IP's from exotic countries (South-Africa, Brasil, Estonia... use LookUp in IP-Tools to find out), some machines there tend to be poorly configured and will allow anonymous access.

Note that hosts with both port 1080 and 23 active usually give users anonymous access to their Wingates and SOCKS proxy.

For starters, find sites that provide proxies. But try also finding more by yourself, by all means. You'll learn a lot doing so. Remember that the difference between reading an essay and putting your hands under the hood is the difference between vague recalling versus really knowing what you have to do, when the time cometh.

Note that most of these proxies will not be SOCKS nor Wingate proxies, but may be you will get a good list of IP's to start with. On searchlores' tools page you will also find programs that will allow you to test proxy anonymity (passwords breakers are among the best ones in this context).

You can also always SCAN for proxies yourself, although this isn't recommended.
You can use wGateScan or ProxyHunter, search for them, they are easily available. You can give ProxyHunter a range of IPs to scan for open ports 1080 and 23, whereas you'll use only port 23 for wGateScan.
But this "scanning" is known as "Network Probing" and is highly prohibited by Internet Service Providers. The same providers that log you all the time, btw.
Do it too much or too obviously, and you might lose your account with your ISP when they find you. You should not scan at all, but if you insist in doing it, you should always scan for proxies with a tested good proxy.


The girl-friend
-----------------
You may be lucky enough to find a stable proxy.
Maybe it's the gateway from a corporation, or some kind of institution, and maybe they don't even check/notice your activities, or they don't care, or the sysadmin is a freak, who knows.
This kind of proxy-girl deserves a much more elaborate treating.
You start by knowing her a little more, asking her things, of course telnet a lot, at least once a day; these proxy just love that.
Invite her to the movies so to say, travel with her around the world. Let your beloved proxy feel comfortable.
Still, don't tell her a word about your hacking abilities, provided you really have some. It's better if she doesn't even know that you can use rather effectively your box.
And if one day, she doesnīt show up for the date, and when you go to her place she has moved and all ports are closed, take it easy bud, such things happen often in the world of proxys.

But let's imagine that you have just met this nice proxy.
Now, the difficult thing is how to spend the night with her without her admin (who sleeps downstairs) noticing your presence.
The sex-appeal of her fascinates us (apart from the exuberant ping-shape and all the other sensual IP-perceptions): she knows how to keep it anonymous, this babe really does, I mean, she won't show any of your IPs during connections.

That's what I call a brave proxy-girl!

But there are still information that can leak through, the usual bunch:

*) Brand of browser software;
*) Operating System used, including version and all details;
*) Language or charset of your computer;
*) Other information stored in HTTP variables, like cookies and referrer.

These HTTP request headers are the real trouble-makers of the communication.
Because, how can we be sure that none of the HTTP_VIA, HTTP_FORWARDED, HTTP_USER_AGENT_VIA, HTTP_CACHE_CONTROL, HTTP_CACHE_INFO, HTTP_PROXY_CONNECTION headers will be sent?
They unmistakebly inform the target server that the connection is via a proxy.

Of course, from a seeker inerested in anonymity point of view, the less information a proxy sends, the best. A quiet proxy is always a cherised treasure (but have you ever met one able to keep mum?)

HTTP request-headers sound like noise during sexual intercourse. An intelligent solution would be to turn up the volume of your favourite music (I have found some of Beethoven's movements to work very well). Either that, or get a deaf and/or blind admin sleeping soundly downstairs.
Indeed, rising the 'level' of background noise, the "smoke', can sometimes be very effective to hide one's identity. The best thing, though, is the second solution.

There are basically two kinds of connections: Close and Keep-Alive.
The first is typical for proxy servers, while the second is used by browsers in regular queries. Some proxies support the Keep-Alive type, therefore making the packet look as if it came from a browser.
But there's still the doubt.
You know how proxies are, the little dears: inclined to gossip while cleaning their ports.
Will she recount tomorrow to her friends everything you did to her during the night?
Will she give away your identity?
Will admin find out that you have been there from some evidence you left, like packets of used IP-sessions all around the bedroom?
Donīt be sloppy; try not to leave hints to the admins.
Tidy the room (and the port-bathrooms) a little, and always try to hide that satisfied silly smile from your face during breakfast, on IRC.
That's what YOU have to do.
But from the proxy's side, well, you can never be truly, truly safe with proxies... it's some kind of female feature I guess :-)

The prostitute
----------------
As the name implies, this is a proxy server whose services you have to pay for.
These are often advertised as 'anonymizing services', they have peculiar policies regarding logfiles (some roll their logs every couple of days, some do it once a month, etc, but they all log)

Some anonymizing services are free, others start free and require a fee to upgrade, others offer a 'premium' service to abonates...

Usually, they are not very expensive, less than 10 euro per month or so. The customer usually gets 24 hours access to an "anonymous" web proxy, SSL mail service (both POP and SMTP), anonymous usenet access, and personal anonymous web space -- for the price.

Proxy prostitutes are good for an emergency, or if you are really desperate and are not able to find any nice proxy.
No prejudice from mine here: Prostitutes perform a very important social work. It's actually the most socially connotated work I know of, for a proxy.

The travestite
----------------

Finally, one of the ugliest creature of internet.
These are -mostly- proxy servers owned by organizations, that use the data stored there to create statistics, to maintain huge databases, to sell the information for commercial purposes, or who knows what for.

The cookies can be turned off, the swap files deleted (unless you are using one of those Winoperating systems from Redmond that leave pieces of crap and information mixed almost everywhere...), and the forms can be filled using fake identities...
But what can be done about the information leaked off by the proxy, like the language, place you come from, place you go to, and other request headers?
Still there are those that say that the internet would be havoc without travestite proxies, also known as 'drag-queens', or 'big brothers'.
But -ā mon avis- you will find your "web-emotional stability" only with a good- behaving, anonymous and correct proxy-woman, proxy-wife or proxy-girl-friend.


fjrp2





(1) I wonder no more, ritz gave me this sommer the answer: "and it works, most crimes that are _not_ committed, are not committed because of fear of getting caught.. imagining the law much more powerful than it actually is... probably a good thing, though"... by sheer coincidence I was listening at that exact moment to a conference by a government-funded organization whose goal is to create paranoias and spread them :-(

(2) I remember that in the first version these lines had been edited by fravia+, I myself, at the time, could not believe that a real 'hacker' would sell himself to an agency. Then I have met some hackers working for governments or financed (directly or indirectly) by various agencies, an so my views have broadened. I would like therefore to redefine the word 'hacker' as somebody who knows computers, would never sell this knowledge, and strives to achieve a better world through it (Mr. Stallman comes to mind), and thus I wish to re-edit my original sentence in the following way: I can only be sure of this: no real hacker would work for an agency unless forced to.

Fjrp2 seems a tag contradictory on this point. I wish to point out that:
  1. ) very few people deserve the appellative "hacker"
  2. ) the few that really do are mostly, as far as I can judge, quite dangerous bastards (which makes them -eo ipso- pretty interesting chaps, btw), so I would EXPECT them to switch over to whomever satisfies better teir ego without any ethical shadow whatsoever
  3. ) specialists have been known to work for Attila, Hitler, Stalin, Bush (and Barnum) for money since the dawn of history, and some seem to have enthusiastically contributed even unpaid, just for the joy of it :-(
fravia+



Petit image

(c) III Millennium: [fravia+], all rights reserved