Proxy tutorial

[jaggy1]

Ok here goes. I started this about 6 months ago and decided to semi-finish it. Any and all suggestions/input would be greatly appreciated. I'd like to go more indepth on the proxy chains I think but i'm at brain freeze with it. it is pretty basic so bare with me as I learn.

http://rapidshare.com/files/228927343/Proxy_Servers.doc

[maboroshi]

I like this tutorial

Perhaps post it in this post so no need for rapidshare

[jaggy1]

ok here it is.

Proxy Servers - How to use them, check them and the dangers associated with them

With more and more people using the internet and the the media hype of " nothing is safe anymore " , people are looking for ways to protect themselves and hide their information . One of the easiest ways is using a proxy as it doesnt take a lot of technical knowledge and there is a wealth of software applications available for those who want to just click and go. While the convenience of such software is tempting and to the average consumer it must be safe is its being sold in a pc store/online ect., the dangers are the same . By educating people on the proper use , the dangers, and how to protect themselves when using them many problems can be avoided.

What is a proxy server? By definition a proxy is the authority to act for another. So simply put a proxy server is an intermediary between your computer and the internet that uses its own IP address to request the page you are attempting to access for you and thus, "hiding" your information. In theory, this will protect you from information from your computer being seen and gathered by others.

Their main puposes include :

1) Security and privacy/HTTP and SOCKS
2) Improve transfer speed ( caching proxies)
3) LAN to WAN connection

HTTP proxies fall into one of 3 types - fully(high/elite) annoymous, annonymous, and transparent. The fully annonymous does not send you IP address to a remote computer and is not seen as a proxy server so the web server thinks it is dealing directly with a client. The annonymous proxy does not show your IP but it changes the request field which also transfers your real IP and can be seen upon log analysis by the server administrator. The transparent proxy allows the web server to see a proxy being used and gives away your IP address. The transparent proxy is commonly used for information caching and/or to support the internet usage of several computers over a single connection. SOCKS proxies transfer data from the web server to you without entering the data content which allows for annonymity and allows you to work with any protocol - SOCKS 4 with TCP and SOCKS 5 with TCP and UDP.

Obtaining proxies can be done in a couple of ways. There are many sites available that offer lists of proxies (some are better then others as in all things) or you can scan for them yourself. To scan for proxies you will need a couple of tools- an ip scanner and a proxy checker. There are many good ones out there , I personally use Superscan IP scanner . There is a nice how-to tutorial on this here:

http://www.anythingtips.com/security/ho ... -tutorial/

Once you have your proxies you will need to set your browser to use them. Below are the steps to do this.

Internet Explorer:
Go to Tools -> Internet Options -> Connections. If you use a dialup connection, select it and click Settings. Otherwise, click LAN Settings. Select the option to use an automatic configuration script. Make sure no other options are selected. Enter <desired proxy >

Firefox 3:
Go to Tools -> Options -> Advanced -> Network -> Settings. Select the option to enter an automatic proxy configuration URL. Enter http://rosinstrument.com/cgi-bin/proxy.pac and click OK twice.

Configuring your browser manually
FireFox
Tools - Options - General - Connection Settings - Manual proxy configuration - View, and for HTTP and FTP type name of your proxy server (example: proxy.net) and port number (example 3128).

Internet Explorer
Service - Internet Options - Connections - Choose your connection and click "Settings" button for dial-up connection or click "LAN Settings" button in the "Local Area Network (LAN) Settings" group box - Enable "use a proxy server - type proxy name and proxy port - If nessesary, enable/disable "bypass proxy server for local addresses" - OK

As with anything there are dangers you must be aware of when you are using proxies. The biggest being that you have no way of knowing if the proxy server was open deliberately or if it is a misconfiguration. While thinking you are more secure, you have actually opened yourself up for attack. Your PC is making a direct connection to another computer and you do not know who is in control of that computer. While your connected your passwords can be sniffed, your firewall tunnelled, and your email/ICQ/IRC/instant messages can be read and any personal information is viewable. You may also be connected to a honey pot. A honey pot is a machine that is placed on the Internet wide open for redirect or attack. Everything that is done on or through the system is logged and traced. While the system is being used, complete information about the person is gathered. Obviously there is the risk of spyware and virus to your PC , and the risk of botnets is ever present. There are some programs out there that can be used to provide you with a secure connection without the risk involved with proxies- one of them being TOR, an open source program and STunnel - which encrypts your TCP inside the SSL. You may also utilize proxy chains and join together HTTP and SOCKS proxies and increase how annonymous you are.

Sounds ominous but with anything there is a risk, so this is a risk each individual must decide for themselves. Take into consideration your purpose for wanting to be annonymous and be vigilant. Also consider that there are other ways to achieve annonymity such as wardriving. And protect yourself - the best offense is a good defense. Use a good firewall and set it up properly for maximum protection , keep your AV ( if you use one) up to date and regularly scan your PC. Know what processes are running and recognize when something new is added - all the basics but its the basics you will build on so keep your foundation sound.