Thursday, July 14, 2011

Not all proxies are the same

Proxy servers have many uses. One of them is to stay anonymous on the Internet.
Instead of communicating directly with a server, a client uses a proxy server as an intermediate.
Proxy servers are classified into different categories depending on how they modify the information they get from the client and send it to the server.

To demonstrate this, we could use a little PHP script to see what information a server gets when it receives an HTTP request from a client.
<?php
echo "*** IP: " . $_SERVER['REMOTE_ADDR'] ." ***<br/><br/>";

$headers = apache_request_headers();
echo $_SERVER['REQUEST_METHOD'] . " " .
$_SERVER['REQUEST_URI'] . " " .
$_SERVER['SERVER_PROTOCOL'] . "<br/><br/>";
foreach ($headers as $header => $value) {
echo "$header: $value <br/>\n";
}
?>
if you get this error when requesting the script from your browser
Fatal error: Call to undefined function apache_request_headers() in ...
It means that (according to the PHP gurus out there) PHP is not installed as an Apache module.
you can solve this by adding this definition to the beginning of the script after the <?php.
if( !function_exists('apache_request_headers') ) {
function apache_request_headers() {
  $arh = array();
  $rx_http = '/\AHTTP_/';
  foreach($_SERVER as $key => $val) {
    if( preg_match($rx_http, $key) ) {
      $arh_key = preg_replace($rx_http, '', $key);
      $rx_matches = array();
      $rx_matches = explode('_', $arh_key);
      if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
        foreach($rx_matches as $ak_key => $ak_val) $rx_matches[$ak_key] = ucfirst($ak_val);
        $arh_key = implode('-', $rx_matches);
      }
      $arh[$arh_key] = $val;
    }
  }
  return( $arh );
}
}
When requesting the script with no proxy used we get an answer like this:
*** IP: 41.104.X.Y ***

GET /headers.php HTTP/1.1

USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
CONNECTION: keep-alive
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
CACHE-CONTROL: max-age=0
ACCEPT-ENCODING: gzip, deflate
(Host value is stripped)

Highly anonymous (aka. Elite) proxies:
These proxies are the best to stay anonymous on the internet.
The server sees the request as if it came from the proxy server as a client.

Example:
*** IP: 123.30.183.119 ***

GET /headers.php HTTP/1.1

USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-ENCODING: gzip, deflate

Using Hidemyass web-based proxy
*** IP: 67.159.5.242 ***

GET /headers.php HTTP/1.1

USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
ACCEPT-LANGUAGE: en-us,en;q=0.5
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Anonymous proxies:
These reveal that they are proxy servers. Either by adding a recognizable user-agent or by using X-PROXY-ID and Via headers.
Like highly anonymous, they don't reveal the client's identity to the server.

Example: Anonymouse.org web based interface proxy.
*** IP: 193.200.150.82 ***

GET /headers.php HTTP/1.0

USER-AGENT: http://Anonymouse.org/ (Unix)
HOST: ***
CONNECTION: keep-alive

Transparent proxies:
These are practicaly as good as nothing from a privacy point of view, as they not only reveal themselves to servers as being proxies but also reveal the client's identity by adding headers like X-FORWARDED-FOR with the client's IP as the value.
Example:
*** IP: 80.78.136.83 ***

GET /headers.php HTTP/1.1

X-PROXY-ID: 566548825
X-FORWARDED-FOR: 41.104.X.Y
USER-AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
HOST: ***
ACCEPT-CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7
VIA: 1.1 20.20.20.1 (Mikrotik HttpProxy)
ACCEPT-LANGUAGE: en-us,en;q=0.5
DNT: 1
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-ENCODING: gzip, deflate

Some proxies are called distorting and are considered anonymous as they add a random IP as value of the X-FORWARDED-FOR header.

For even more anonymity, you should remove the user-agent field, a good add-on for Firefox that helps you doing that is User Agent Switcher.
Next time, know which proxies to use, but always remember that they still know who you're. Even highly anonymous proxies aren't as much private as they seem.

No comments:

Post a Comment