Darksat IT Security Forums
June 26, 2019, 09:49:30 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Backtracking through proxies


Pages: [1]
  Print  
Author Topic: Backtracking through proxies  (Read 7198 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: April 20, 2007, 06:16:56 pm »



As you might have guessed having a properly configured proxy is very important in order to keep you secure online.
A poorly configured proxy can be backtracked through very easily.
A classic example of a badly set up proxy is this.
http://emgpxy.suicidecabbage.com/cgi-pxy/nph-proxy.pl
essentially its not working, I picked up the referred tracking in my logs so that function is a pile of shit.
I was able to backtrack from the proxy ip 209.200.229.10 (lunarpages to the user ip 68.217.239.* / adsl-217-239-***.ags.bellsouth.net (Augusta Georgia)
User agent also gave me MSIE 7  Windows XP / Screen Resolution    1280x1024 & Screen Colour  32 Bit (16.7M)
From there I was able to do a quick bit of research and pull up the history of that proxy and essentially get all the information I would ever need.
 Wink Grin
Report Spam   Logged

Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #1 on: April 21, 2007, 05:19:57 am »

Backtracking through anon proxies is easy, you need to ensure that your proxy is not vulnerable to giving out details thought the
X-Forwarded-For (or related) statements
on top of that its still fairly easy to pull someones data from a browser using flash embedded into a page (and even anon proxies wont stop that)
You can also do it with java or any type of activeX plugin.
So if your using a proxy, even a good one, its probably a good idea to have flash and java disabled.
You can also penetrate someones system using flash based webpage elements as well.  Wink
Keep your plugins to a minimum, use a secure proxy, and stay safe.
(its also probably a good idea to not piss off the wrong sort of people online as well)  Grin
« Last Edit: April 21, 2007, 05:26:22 am by Darksat » Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #2 on: September 13, 2007, 09:01:44 am »

How do you pull up the history?
do you mean looking at things like their log files, which consists of hacking their server?
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #3 on: September 13, 2007, 09:03:30 am »

If you can route a connection through a system, you can hack it.
AKA, proxies are easy to hack.
Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #4 on: September 13, 2007, 11:36:55 am »

So sites that list public proxy's do something like this?
as it says anonymous or high anon...
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #5 on: September 14, 2007, 07:25:31 am »

Anon and High anon basicly mean it cant be backtracked through in the standard sense.
(eg using the x-forward for function) ->>http://darksat.x47.net/topic/58.0.html
However if your on a page with a Java applet or a specialy crafted flash file, those files can still pull information like your IP number from your PC without going through the proxy.


Edit, Sorry I forgot to say that a lot of basic proxy systems can be hacked due to a lack of security fairly easily.
And its easy to buffer overflow a Proxy if you can rout data through it.
It might stop the proxy working for everyone else, but it will get you in.
« Last Edit: September 14, 2007, 07:30:30 am by Darksat » Report Spam   Logged
SuicideCabbage
new
*
Posts: 1


View Profile
« Reply #6 on: September 01, 2008, 11:18:52 pm »

Howdy, SuicideCabbage here,

Well I see you found my proxy, fun simple little freeware package isn't it?  Yes you could backtrack through it like it was nothing, because it was nothing.  I installed it as a way to quickly get around the annoying filters at the place I worked.  I personally couldn't care less about the anon of it as long as it worked for what I wanted, and if the user was worried I suggest they find another server to bog down.

kkthx  Smiley
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum

Buy traffic for your forum/website
Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.062 seconds with 13 queries.