Jump to content


Photo
- - - - -

HTTP Proxys


  • Please log in to reply
3 replies to this topic

#1 Fiend

Fiend

    elite

  • Members
  • 103 posts

Posted 26 August 2005 - 10:32 PM

I have been studying how HTTP proxys work, and I thought some of you guys might want this info... so here it is.

HOW A PROXY SERVER WORKS

A proxy is basically a Client / Server program. First, the proxy (in server mode) listens for a connection request. Once someone connects to the proxy server they send a Proxy HTTP Request. Then the proxy server modifies the Proxy HTTP Request and makes it become a somewhat regular HTTP Request. Then the proxy server sends the HTTP Request to the Web-Server. The Web-Server then sends it's HTTP Response back to the Proxy server. The proxy server takes that response and adds "Proxy-Connection: Close" (if no more requested web-page contents exists [such as pictures]) or "Proxy-Connection: keep-alive" (if not all requested web-page contents been sent [such as pictures]. If the Proxy-Connection has been set to "keep-alive" the Proxy server stays connected with you. Otherwise if it has been set to "close" then the Proxy server closes it's connection with you.

EXAMPLE OF A HTTP PROXY SESSION

Here is what a HTTP Proxy session would look like:
KEY:
H = Your home PC.
P = HTTP Proxy Server.
W = Web-Server

[H -> P] - Step 1 - Your PC sends Proxy HTTP Request to proxy server.
GET http://www.gamesites200.com/starcraft/ HTTP/1.0
Host: www.gamesites200.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: wsk=voted; PHPSESSID=41d2c9b92afc459380abb77cc46b72cc


[P -> W] - Step 2 - Proxy sends somewhat regular HTTP Request to web server.
GET /starcraft/ HTTP/1.0
Host: www.gamesites200.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: wsk=voted; PHPSESSID=41d2c9b92afc459380abb77cc46b72cc

[W -> P] - Step 3 - Web server sends HTTP Response to proxy server.
ddd
HTTP/1.1 200 OK
Date: Sat, 27 Aug 2005 02:23:18 GMT
Server: Apache/1.3.33 (Unix) DAV/1.0.3 mod_jk/1.2.8 mod_gzip/1.3.26.1a mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9 mod_ssl/2.8.21 OpenSSL/0.9.7a
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<html>...</html>
[P -> H] - Step 4 - Proxy sends the HTTP Response + "Proxy-Connection: Close" to your PC and then disconnects.
HTTP/1.1 200 OK
Date: Sat, 27 Aug 2005 02:10:55 GMT
Server: Apache/1.3.33 (Unix) DAV/1.0.3 mod_jk/1.2.8 mod_gzip/1.3.26.1a mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9 mod_ssl/2.8.21 OpenSSL/0.9.7a
Vary: Accept-Encoding
Content-Type: text/html
Proxy-Connection: Close

<html>...</html>

BRIEF DIAGRAM A HTTP SESSION
            step1                    step2
(Home PC)----->-----(Proxy Server)----->-----(Web Server)
      \-------<----------/  \----------<----------/
            step4                    step3


ANONYMOUS LEVELS OF HTTP PROXYS

There are four types of proxy anonymity levels. They are the following:

1. Transparent Proxies: A transparent proxy tells the web server you are using a proxy and also tells the server your IP address.
Some Environment Variables
REMOTE_ADDR = Proxy IP address.
HTTP_VIA = Proxy DNS Name.
HTTP_X_FORWARDED_FOR = your IP address.


2. Anonymous Proxies: An anonymous proxy hides your IP address; in some cases it lets the server know you are using a proxy.
Some Environment Variables
REMOTE_ADDR = Proxy IP address.
HTTP_VIA = Proxy DNS Name.
HTTP_X_FORWARDED_FOR = Proxy IP address.


3. High Anonymity Proxies: An anonymous proxy that hides your IP address but doesn't let the server know your using a proxy.
Some Environment Variables
REMOTE_ADDR = Proxy IP address.
HTTP_VIA = NULL
HTTP_X_FORWARDED_FOR = NULL


4. Distorting Proxies: This is the same as a Transparent proxy but instead of sending your IP address, it sends a random or spoofed IP address.
Some Environment Variables
REMOTE_ADDR = Proxy IP address.
HTTP_VIA = Proxy DNS Name.
HTTP_X_FORWARDED_FOR = Random/Spoofed IP address.


Also, if you have Java enabled on your browser, the web server can get your real IP address. The applet can access the web server directly (ignoring proxy settings), which will reveal your IP address.

In other words... If you want to stay extremely anonymous, then use high anonymity proxy servers and disable Java on your browser.


CONCLUSION

Well, I hope you have learned something today about proxies.

If you want to know more about proxies http://www.stayinvisible.com is a great site for you. If you want some proxies to use http://www.proxy4free.com/page1.html has a great list. If you want to view your browser header http://www.searcheng...bin/browser.cgi will do that for you.

I have worked hard to put this article together, please post your comments and tell me how you liked my article.

Edited by Fiend, 26 August 2005 - 10:40 PM.


#2 opilime

opilime

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 14 posts
  • Location:Sweden

Posted 12 September 2008 - 11:41 AM

nice :roll:

#3 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 12 September 2008 - 11:49 AM

Don't forget about ActiveX or Flash, etc tracking your player-id or other personal information and possibly leaking your ip, and of course cookies.

#4 thecowman

thecowman

    SCRiPT KiDDie

  • Members
  • 22 posts

Posted 13 September 2008 - 04:42 PM

and depending on what software your using you may leak dns requests




BinRev is hosted by the great people at Lunarpages!