Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Proxy list downloader / verify

  1. #11
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by anubis2k7 View Post
    If I can ask, what is to keep a gov agency from purchasing a commercial IP from an ISP?

    Sorry for being a stickler about this, but people I have met at hacker cons have always railed against public proxies, and I am trying to understand both sides of the argument.

    Thanks.
    Security purposes I would guess. Keeping that sensitive data confined from public ISP's.

    **EDIT**

    I just wanted to say that I am not really taking a stand on either side here. There are times when its safe and perfectly fine to use them and there are times where you shouldn't. For web surfing I suggest TOR although TOR has its downfalls also under the right circumstances. Maybe an anonymizing website could be just as effective.

  2. #12
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    Ya all I could find was lame windows apps .. so this one owns them all :P

  3. #13
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    Quote Originally Posted by hhmatt81 View Post
    Security purposes I would guess. Keeping that sensitive data confined from public ISP's.
    I'm not sure which type of proxies you are talking about. Perhaps I should clarify; the type of proxies I am discussing are "free public" proxies that are accessible to anyone.

    Many people believe that quite a few of these are run by unscrupulous individuals who sniff or otherwise use the data for their own purposes.

    IMO, if I understand how they work correctly, I have a hard time even trusting "high anonymous" proxies; think about it, even though software tests may show that it is anonymous, all one needs to do is to hook up a network tap like streaker's in between the internet and the proxy box, which will send all traffic to a seperate machine to log IPs.

    With that said, something is better than nothing, so if xploitz's program can filter out less trustworthy proxies, I am curious to know how.

    Thanks.
    "Sure is for people with nothing on the line.....you and me? We just get on with it."

    -Garabaldi

  4. #14
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    If I can ask, what is to keep a gov agency from purchasing a commercial IP from an ISP?
    This was my best attempt at an answer.

    Security purposes I would guess. Keeping that sensitive data confined from public ISP's.
    High anonymous proxies don't protect you from the people running the proxy server to see everything you do. I'll try to explain exactly what those programs do. The real cool stuff actually happens at the proxy judge. Hopefully when your done reading this you'll understand why.

    1: Your pc establishes a connection to the proxy server.
    2: Your pc sends a http GET request to the proxy server.
    3: The proxy server forwards the http GET request to the proper webserver.
    4: The webserver analyzes the GET request and tries to establish where the actual request comes from.
    5: The webserver then sends the http results back to the proxy server.
    6: The proxy server forwards the http results back to your pc.
    7: The proxy analyzer then analyzes the results from the http server.

    There are now a few different methods that a webserver can use to analyze the GET request that you sent it in order to determine who sent the actual request.

    Anonymous results will return the proxy server address as the source.

    Some programs ping the proxy server first in order to find out if its alive before trying to make a connection. This can be unreliable.

    Nothing stops the owner of the proxy server to watch all of your traffic.

    These "free public proxies" that you are referring to are actually found by using a scanner to find proxies. Much like an nmap scan. Rarely are they posted by the actual owner of the proxy server.

    Just as nothing stops someone else from reading your data moving across a proxy server, nothing is stopping you from doing the same thing. You can also host your own proxy judge using apache and proxy judge scripts (this would also require a FQDN and maybe something like dynDNS if you have dsl).

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •