Proxy servers have many uses. One of them is to stay anonymous on the Internet.
Instead of communicating directly with a server, a client uses a proxy server as an intermediate.
Proxy servers are classified into different categories depending on how they modify the information they get from the client and send it to the server.
To demonstrate this, we could use a little PHP script to see what information a server gets when it receives an HTTP request from a client.
you can solve this by adding this definition to the beginning of the script after the <?php.
Highly anonymous (aka. Elite) proxies:
These proxies are the best to stay anonymous on the internet.
The server sees the request as if it came from the proxy server as a client.
Example:
Using Hidemyass web-based proxy
Anonymous proxies:
These reveal that they are proxy servers. Either by adding a recognizable user-agent or by using X-PROXY-ID and Via headers.
Like highly anonymous, they don't reveal the client's identity to the server.
Example: Anonymouse.org web based interface proxy.
Transparent proxies:
These are practicaly as good as nothing from a privacy point of view, as they not only reveal themselves to servers as being proxies but also reveal the client's identity by adding headers like X-FORWARDED-FOR with the client's IP as the value.
Example:
Some proxies are called distorting and are considered anonymous as they add a random IP as value of the X-FORWARDED-FOR header.
For even more anonymity, you should remove the user-agent field, a good add-on for Firefox that helps you doing that is User Agent Switcher.
Next time, know which proxies to use, but always remember that they still know who you're. Even highly anonymous proxies aren't as much private as they seem.
Instead of communicating directly with a server, a client uses a proxy server as an intermediate.
Proxy servers are classified into different categories depending on how they modify the information they get from the client and send it to the server.
To demonstrate this, we could use a little PHP script to see what information a server gets when it receives an HTTP request from a client.
<?phpif you get this error when requesting the script from your browser
echo "*** IP: " . $_SERVER['REMOTE_ADDR'] ." ***<br/><br/>";
$headers = apache_request_headers();
echo $_SERVER['REQUEST_METHOD'] . " " .
$_SERVER['REQUEST_URI'] . " " .
$_SERVER['SERVER_PROTOCOL'] . "<br/><br/>";
foreach ($headers as $header => $value) {
echo "$header: $value <br/>\n";
}
?>
Fatal error: Call to undefined function apache_request_headers() in ...It means that (according to the PHP gurus out there) PHP is not installed as an Apache module.
you can solve this by adding this definition to the beginning of the script after the <?php.
if( !function_exists('apache_request_headers') ) {When requesting the script with no proxy used we get an answer like this:
function apache_request_headers() {
$arh = array();
$rx_http = '/\AHTTP_/';
foreach($_SERVER as $key => $val) {
if( preg_match($rx_http, $key) ) {
$arh_key = preg_replace($rx_http, '', $key);
$rx_matches = array();
$rx_matches = explode('_', $arh_key);
if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
foreach($rx_matches as $ak_key => $ak_val) $rx_matches[$ak_key] = ucfirst($ak_val);
$arh_key = implode('-', $rx_matches);
}
$arh[$arh_key] = $val;
}
}
return( $arh );
}
}
*** IP: 41.104.X.Y ***(Host value is stripped)
GET /headers.php HTTP/1.1
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
CONNECTION: keep-alive
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
CACHE-CONTROL: max-age=0
ACCEPT-ENCODING: gzip, deflate
Highly anonymous (aka. Elite) proxies:
These proxies are the best to stay anonymous on the internet.
The server sees the request as if it came from the proxy server as a client.
Example:
*** IP: 123.30.183.119 ***
GET /headers.php HTTP/1.1
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-ENCODING: gzip, deflate
Using Hidemyass web-based proxy
*** IP: 67.159.5.242 ***
GET /headers.php HTTP/1.1
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
ACCEPT-LANGUAGE: en-us,en;q=0.5
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Anonymous proxies:
These reveal that they are proxy servers. Either by adding a recognizable user-agent or by using X-PROXY-ID and Via headers.
Like highly anonymous, they don't reveal the client's identity to the server.
Example: Anonymouse.org web based interface proxy.
*** IP: 193.200.150.82 ***
GET /headers.php HTTP/1.0
USER-AGENT: http://Anonymouse.org/ (Unix)
HOST: ***
CONNECTION: keep-alive
Transparent proxies:
These are practicaly as good as nothing from a privacy point of view, as they not only reveal themselves to servers as being proxies but also reveal the client's identity by adding headers like X-FORWARDED-FOR with the client's IP as the value.
Example:
*** IP: 80.78.136.83 ***
GET /headers.php HTTP/1.1
X-PROXY-ID: 566548825
X-FORWARDED-FOR: 41.104.X.Y
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
VIA: 1.1 20.20.20.1 (Mikrotik HttpProxy)
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-ENCODING: gzip, deflate
Some proxies are called distorting and are considered anonymous as they add a random IP as value of the X-FORWARDED-FOR header.
For even more anonymity, you should remove the user-agent field, a good add-on for Firefox that helps you doing that is User Agent Switcher.
Next time, know which proxies to use, but always remember that they still know who you're. Even highly anonymous proxies aren't as much private as they seem.
