|
| |
|
|
| |
| |
|
| |
| |
|
| 16 Jun 2005 |
| Socks Basics |
|
|
Note that FreeCap program is similair to Sockscap (with almost identically outlook and features) and even better because it is free and can socksify some program that Sockscap couldn't as example Opera and have some extra feature.
Check our Non profit (Free) Proxy section to download FreeCap and more info about program and his author.
Information about the socks protocol
1. Introduction
2. Versions
3. SOCKS Support
4. SOCKS Connections
5. Scanning
6. SocksCap Setup
7. Anonymity Checks
8. SOCKS Chaining
--------------------------------------------------------------------------------
1. Introduction:-
SOCKS is the most powerful, flexible proxy standard protocol available. SOCKS is a shortened version of "SOCK-et-S" or "sockets," the term used for the data structures which describe a TCP connection. It was one of those "development names" that stuck. Very clever folks say its really to distingish these from the human variety that are worn on the feet ;-)
SOCKS is a networking proxy mechanism that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring any host pc to reveal their ip address to the remote host, diagramatically shown:
Host PC<------>|
Host PC<------>|Socks Proxy Server <---> Remote Host Web Site
Host PC<------>|
It works by redirecting connection requests from hosts on one side to hosts on the other side via a SOCKS server, which authenticates and authorizes the requests, establishes a proxy connection and passes data back and forth. Its usually described as a circuit level proxy for this reason i.e. it does'nt care about the data its transferring or its protocol.
Its typical use on an individual pc basis is to "sockisfy", which refers to the process of intercepting the networking calls and redirecting them, this enables the host pc behind a SOCKS server to gain full access to the Internet whilst preserving its anonymity, since the remote host will only see the ip address of the socks server in all connection requests. The SOCKS default port No. is 1080.
--------------------------------------------------------------------------------
2. Versions:-
There are two major versions of SOCKS, Socks4 and Socks5. The main differences between Socks5 and Socks4 are:
Socks4 doesn't support authentication while Socks5 has a built-in mechanism to support a variety of authentication methods.
Socks4 doesn't support UDP proxy while Socks5 does.
Socks4 servers will not support the Socks5 protocol. Socks5 implementation from NEC does support the Socks4 protocol. The server supports both V5 and V4 clients and can communicate with other V5 and V4 servers.
Socks4 and Socks4.2 and earlier clients are required to be able to resolve IP address's of remote hosts. Socks5 now includes PROXY NAME support to move the name resolution process from the Socks clients to the Socks5 Server, or remote dns-request. Resolving is the process whereby addresses such as http://www.my_isp.com become 210.123.456.789.
--------------------------------------------------------------------------------
3. Support for SOCKS:-
SOCKS is almost as widely supported as HTTP proxies. All major Windows NT–based proxy servers, including Microsoft Proxy Server, Netscape Proxy Server, and WinGate, support SOCKS. SOCKS is also supported by proxy servers for alternative operating systems, including all variations of UNIX.
SOCKS clients must be specially coded to work with the proxy protocol. Fortunately, it is common for application developers to allow their application-layer protocols to work with SOCKS. Microsoft Internet Explorer and Netscape Navigator both support SOCKS proxying for HTTP and all other protocols they support. Other applications that may need to pass through a proxy server, such as FTP and RealAudio, support the SOCKS proxy. If you are unsure whether a certain application supports SOCKS, check the documentation for that application.
--------------------------------------------------------------------------------
4. SOCKS Connections:
Example Use:
IRCii / BitchX / etc:
irc: /server (SOCKS) 1080
irc: /server (irc server) (port [666{6-9} usually])
mIRC:
Go to the Setup folder
Click on the "Firewall" tab
Check the box reading "Use SOCKS Firewall"
Go down to "Hostname:" and enter the SOCKS IP / hostname
Click on the "IRC servers" tab, and click on "Connect"
Open Proxy/SOCKS:
Many irc nets and isp's will use a security check whenever you connect to their network here they will look for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checking for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be k-lined (banned from the network). When using a wingate socks connection, occasionally if the wingate uses its own identd daemon then it will return its info to the requesting host, so your connection request might be accepted.
--------------------------------------------------------------------------------
5. Scanning:-
Indirect method:
A simple but effective method for finding socks proxies is to employ a search engine. Enter in the search engine something like: "free proxies", "proxy list", "amonymous http proxy", "public proxy servers list" etc. You should find hundreds of references to proxy web pages.
Direct method:
If these seem sparse then you should look for your own. Using a scanner of your choice you should scan a specific IP range looking for the addresses that accept a connection on port 1080. There are plenty scanners available, choose one you like. Normally there are a couple of SOCKS servers (port 1080) or Wingate users (port 23) within 255 dialup addresses of a big ISP.
Many providers can have a large number of active and reserved addresses, these will exceed 255. Therefore you can try to scan neighboring ranges changing the 2nd last digit from the right hand side in the ip-address. More detailed information on addresses belonging to the net or isp you scan can be can be found with the help of a Whois-server or a program like SmartWhois
--------------------------------------------------------------------------------
6. SocksCap32 Setup:-
Check pictorial tutorial:
http://www.proxyblind.org/proxyblind-forum/viewtopic.php?t=80
Postscript
Can I use SocksCap with Internet Explorer 4.0 in desktop mode or on a system running Windows 98? What about Internet Explorer 5.0?
Although SocksCap will not socksify your entire desktop, it is possible to browse with Internet Explorer 4.0 in desktop mode or on a system running Windows 98 with SocksCap.
Select Internet Options in Internet Explorer's View menu. Under the Advanced tab, check Browse in a new process. Then start Internet Explorer from SocksCap.
For Internet Explorer 5.0, select Internet Options in Internet Explorer's Tools menu. Under the Advanced tab, check Launch browser windows in a separate process. In the Connections tab, click LAN Settings. Clear the Automatically detect settings box.
--------------------------------------------------------------------------------
7. Anonymity Checks:-
Method 1.
Disable the proxy option in your browser and then run your browser through sockscap32. To do this highlight your browser in the "Application Profile" listbox and "Click" the "Run Sockisfied!" button, in SocksCap32 this will launch your browser and is a valid alternative to simple 8080 proxies for browsing the net. Now visit a proxy checking site and if you are anonymous, you should see either the domain name/url or the ip address of the socks server here. If so then the socks has nym status, else try again.
Method 2.
When connected to News server open a MS-DOS window and type: netstat -a . If you can see the name of your News reader followed of the IP/Name or your Socks proxy:1080 instead of the IP/Name of your News server:119 (or nntp) the connection is properly being made through Sockscap.
Method 3.
Use a test post. Find an open/free news server that allows posting and do a post in some neutral group for testing, like alt.test , alt.binaries.test or similar. download your message and display it, then check the Headers/Properties and look if it shows your real IP or that of socks proxy. Its usually the last in the list.
--------------------------------------------------------------------------------
8. SOCKS Chaining:-
This idea here is an attempt to help you re-route all Internet Winsock applications in Windows through a socks chain, so making your connections much more anonymous. The following text and methods can be read and implemented in a linear fashion and instead of wingates you can use Proxy Hunter to search for socks proxies (1080) only. The idea is The more paths you make your posts take across the net, the more difficult it will be to trace it back.
Take this route for example: client ---> socks1 ---> sock2 ---> sock3 ---> socks-n ---> target url.
This should work for ftp, nntp, http, telnet, smnp, and icq style clients. Just about any app can be anonymized via socks, except irc due to ident logging by the irc servers where they ban or k-line (kill online) recognized 1080 proxies. So other methods are needed here. Now it helps to find some computers running wingate. We look for wingates since the default installation of wingate includes a non-logging socks server on port 1080.
Find some wingates
Read the scanning section on this page. To do this, I would suggest you use 'Proxy Hunter'. Be sure to look for wingates (port 23) and not for socks, as we only want wingate socks. You could also use Wingate Scan and run it through SocksCap32. Also using Proxy hunter without a proxy may bring you to the attention of isp's who might think you are a hacker scanning for shares etc!
Check the proxy speed
Speed is important since we will be using multiple socks, and we don't want our programs to time out. With the Klever Dipstick tool, you can find out which are the fastest ones. Just run Dipstick. Rightclick in the small green rectangular and choose Show main window. To import a list of wingates, just click on Advanced, choose Import List and select your file. You can also manually ping a simple host by clicking on Manual Ping. Use those wingates who have the smallest average time.
Check if the wingates are running
A good program to use is Server 2000, choose a timeout (7) and port i.e. (23) import your wingate list and read of the results.
SocksCap32 Setup for Chaining:
Server Details:
SOCKS Server: enter ip address 127.0.0.1
Port: 1080
SOCKS user ID: Just leave this as it is.
Protocol Details:
Socks4: "Resolve all names locally"
Socks5: "Resolve all names remotely" option
Username/Password: Uncheck this box
In the main window, choose New and then browse to create a shortcut for the Internet client you want to give socks support. Repeat this for each internet client app you want anonymized on the net.
Install SocksChain:
In the service menu, click on New.
Add Listener:
Name: enter "Chain"
Accept connection on port: 1080 is standard, but any number (0-65535) will do, The idea is to register the same port as in your SocksCap configuration.
Chain... Auto-creating chain Uncheck this.
Click on New to add your own socks servers or wingates.
Edit Socks:
Name: Uncheck
IP Check and enter the socks server ip address
Protocol Check Socks4 or Socks5
After pressing the "Ok" button - data about the server is added to the end of the list. Using the '<' and '>', you can add and remove socks. Make sure you test all the socks one by one, before adding them all to the list, because if one of them is bad, your chain will not work and you will not be able to locate the bad socks in the chain! If all of them seem to work, you use the '<' key to add them. 3 seems to be an average chain size. I think 10 or 13 is the limit put by TCP/IP).
If you dont want to constantly start SocksChain and to see it when operating, it is possible make the service invisible. For this purpose in the Tools menu->Options turn on the option "Run as service". After that it is not necessary to start the program even after reboot.
Testing Your Anonymity
To check what socks your computer is connecting to, you can use TotoStat. Look for connections to port 1080, the remote IP found there should be the first IP found in your chain in SocksChain. Use the shortcut in SocksCap that points to your browser, and connect to any Proxy Header Checking Site run your eye over your headers you should have the socks ip here.
--------------------------------------------------------------------------------
Socks2HTTP Setup
Socks2HTTP is a program designed to replace SocksCap proxies with SSL-CONNECT proxies, which might be easier to find.
Socks2HTTP does two things:
it makes a socks server on your computer
it makes a connection via HTTP to a remote server which is able to convert socks2http protocol to Socks protocol.
You use it by configuring socks-capable programs to use the local socks server. If you need to run something which is not socks-capable, you can often 'socksify' them with sockscap from NEC. The price for anonymity tends to be a slower connection.
Open Socks2HTTP Configuration and set your SSL proxy ort into the "Use a Proxy Server" fields. Remember that you have to use CONNECT method and that, if the proxy fails, your connections will be redirected using the POST method through a gateway owned by the program's authors (at totalrc.net), if you don't want this then erase the URL on the Gateway field to avoid it.
On the SocksCap settings, set localhost:1080 as proxy and Socks5 as desired protocol, that's it.
This program is released "adware" i.e. it installs spyware and it will put a banner window over your desktop until you buy it!
By darkfaq |
|
| |
Category : ProxyBlind Privacy News / Diary
| Posted By : proxyblind | Time : 06:08:39 pm |
|
|
| 16 Jun 2005 |
| Surf Safe Basics! |
|
|
This is second article from darkfaq edition that has been wroten about 6-7 years but still actuall.
----------------------------------
How to navigate the Internet safely
1. Introduction
2. Browser Security
3. Browser Check
4. Steps for Finding an Anonymous Proxy
5. NetBios
6. Cookies
7. WebBugs
8. Good Housekeeping
9. Firewalls
1. Introduction
Safe Surfing consists in minimizing your profile and identity trail as you surf on the Internet. Every site you visit will record your machines unique Internet protocol number or ip address. Cookies can act as remote identifiers, and the values can be returned from within html web pages using e-mail or post commands. Any of the web pages that you download may contain either Active-x or Java applets both of which can be programmed to access the Windows System or your registry. Embedded Gifs or Web-Bugs can record your presence and 'phone home' style components can talk to some database.
As well as providing servers with another way to get Referer and other information. Disabling Java also stops many pop-up ads and interstitials. All the scripting languages like Javascript, Visual Basic Script (VBS) etc can execute system calls from inside the web page, query your registry and post back to the server sensitive data. In the case of a hacker, invisible frames can be loaded containing scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*" i.e. wipe your hard disk away!
Other means of gaining referer information are for the server to ask you to connect either on shttp or https which is SSL, both are secure protocols that can override ordinary proxies and nullify them. Thus allowing the server to read your true ip address and in some cases this is their purpose not secure messaging!
Coming up in the rear is SOAP (Simple Object Access Protocol). This is a lightweight, XML-based protocol for exchanging information in a decentralized, and distributed environment. This is a messaging protocol, unlike Active-x, which uses remote procedure calls (RPC). It does not require synchronous execution or request/response interaction, and SOAP messages can have multiple parts addressed to different parties. Furthermore SOAP is programmatically extensible. In lay mans speak this protocol allows web page to speak to web page, remotely and on a queued basis i.e. allowing for time lapses. SOAP boasts A Proxy and Wire Transfer Service. This protocol has been submitted to W3C for consideration, and is along with XML the basis for Microsofts latest web gambit .NET. SOAP is extremely unsafe since it has access to the dns and the underlying windows system. It can totally bypass any firewall since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP.
Last but not least is NetBios and File and Print Sharing which is auto enabled on installation on some old operating systems, leaving your hard disk open for the world. So disabling all these options within your browser and in conjunction with using a proxy, preferably one from country out with your own, you can leverage some form of control over information leakage whilst you surf. Being aware of how and where ip leakage can occur allows you to Surf Safe!
--------------------------------------------------------------------------------
2. Browser Security:-
To cover your tracks and prevent others from finding out your ip address you have to use a proxy and disable certain browser functions, proxies are covered in more detail in Proxy Basics. These functions are as follows:
To change the security settings in Internet Explorer: Tools Menu ... Select Internet Options... Security tab... Custom Level
Recommended Settings:
Active-X controls and plug-ins
Download signed Active-X controls Disable
Download unsigned Active-X controls Disable
Initialized script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script Active-X controls marked safe for scripting Disable
Cookies Allow cookies that are stored on your computer Disable
Allow per-session cookies (not-stored) Disable
Downloads Downloads Enable
Font Download Enable
Java Java Permissions Disable Java
Miscellaneous Access data sources across domains Disable
Drag and drop or copy and paste files Disable
Installation of desktop items Disable
Launching programs and files in an IFrame Disable
Navigate sub-frames across different domains Disable
Software channel permissions High Safety
Submit non encrypted form data Disable
Userdata persistance Disable
Scripting Active scripting Disable
Allow paste operations via script Disable
Scripting of java applets Disable
After checking these settings, click on 'ok', then the 'advanced' tab.
Scroll down until you find the heading 'Java VM'.
Java VM Java console enabled Disable
Java logging enabled Disable
JIT compiler for virtual machine Disable
For netscape users, to turn off java and also ... Edit... Preferences... Advanced... uncheck "enable java" and "enable javascript" and check "disable cookies"
To enable a proxy server in IE:-
Go to Tools... Internet Options... Connections. If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname and port number in the fields.
To enable a proxy server in Netscape
Go to Edit... Preferences... Advanced... Proxies. Choose "Manual Proxy Configuration," then click the View button and enter the proxy's hostname and port number in the WWW field.
To confirm that the proxy is functioning correctly, go to the IP-address page. You should see the proxy's IP address instead of your own. Alternatively select one of the url's from the Proxy Checking Sites list in the Resources section below and check that the ip-address you see on the page is the same as your proxy!
Some browsers have an auto e-mail facility find and disable this.
What does a browser record? There are three things a browser records when you visit a web page. Each one is stored in a different manner, in different places. It depends on which browser and which version you use, and even on what Operating System platform you are running it.
The three things a browser records are: I The page itself in your cache
II The URL of the page in your history
III The URL's you typed in at the URL box (drop down list)
So the following tasks have to be undertaken. Clearing the Cache:
Clearing the History:
Clearing the URL history:
Its optional on all the main browsers i.e. Netscape, Internet Explorer, Opera etc whether you choose to do this by hand and the precise syntax and commands vary by Browser version and Operating System version, but the principal is constant i.e. find where they are logged and delete the references! Under Windows this is normally inside the Registry. So in Netscape under windows 95: The URL history is stored in the windows registry.
Example: Clearing the URL history - Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE. Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\ (doing a search for "URL History" will get you there immediately.) Delete the entries URL_1 through URL_10, but NOT the Default entry. Close the registry editor.
This is repeated for the other tasks. A simpler method is to use a program such as Window Washer or Evidence Eliminator both will automatically clean the required areas.
Now these items i.e. cache, url, and url history have been deleted but Microsoft in their wisdom chose to record the url and occasionally the url history elsewhere in areas such as the swap file, user.dat and system.dat and if you use Microsoft office or similar softwares the document history list may record your url history as well. Windows Washer should be able to deal with this. To deal with the swap file read the Swap File Basics. Remember under some versions of Windows such as Windows NT and Windows 2000 each user has a unique profile and history so if you use different accounts. Check them all.
--------------------------------------------------------------------------------
3. Browser Check:-
Every time you DialUp or connect to surf you should firstly connect with a proxy checking site that will tell you what your current browser ip is and other relevant environment variables, such as javascript etc. It is a good idea to paste the url of the proxy checker into the "Address" edit box situated under the General tab of the Internet Options Properties box. This will alert you to surfing on an unsafe ip.
--------------------------------------------------------------------------------
4. Steps for Finding an Anonymous Proxy:-
Step 1.
Find a List of Proxies
Step 2.
Check the Proxies for Anonymity
Step 3.
Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party!
--------------------------------------------------------------------------------
5. NetBios:-
NetBIOS (or Network Basic Input Output System) is a program, that is used by Microsoft Networking. One use of NetBIOS is to allow the sharing of files and printers between computers on a Local Area Network (LAN). However, if you are connected to the Internet and using file and print sharing through NetBIOS, you may be exposed to unnecessary security risks. Most systems do not need NetBIOS to connect to the Internet. However, some older cable modem systems might need some components of NetBIOS. Out of the box NetBios is configured to enable about 9 separate components of your PC. These are :
Client for Microsoft Networks, the networking application
File and Printer Sharing for Microsoft Networks
Microsoft Family Logon
TCP/IP
NetBEUI (NetBIOS Enhanced User Interface)
IPX/SPX
Dial-up adapter
Cable modem/DSL interface
Local area network (LAN) interface (if applicable)
The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, kinds of security threats.
The solution is to re-configure your NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol should be removed from the networking component list!
Disabling File And Printer Sharing for Your Dial-Up Adapter (Win 9x)
Click Start, point to Settings, click Control Panel, and then double-click Network.
Click TCP/IP->Dial-up Adapter, click Properties, and then click the Bindings tab.
Click to clear the File and Printer Sharing check box, click OK, and then click OK.
Restart your computer.
NOTE:
This disables the File And Printer Sharing component only for the Dial-Up Networking adapter. Local network file sharing or printer sharing is not affected. Windows NT users should disable TCP/IP Binding from NetBIOS.
Turning Off File and Print Sharing Completely
Click on Start then to Control Panels. Double click on the icon Network.
Click on the button File and Print Sharing.
To disable File and Print Sharing, uncheck both boxes. To enable File and Print Sharing, check both boxes.
Click OK and then OK again. File and Print Sharing is now disabled.
6. Cookies:-
Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before. This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as w*w.cookiecentral.com. A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the msn.com home page. What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Tipper instead of Albert, then that's what will be in the cookie that's stored on your computer. So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site. DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you. So how can it do this when cookies are unique to a site? It's simple -the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server. Solution: In your browser disable all cookie access and clean regularly!
--------------------------------------------------------------------------------
7. WebBugs:-
WebBugs: There are about five different types of Web bugs, The simplest bug is a small, clear GIF with no content and its set to be transparent so the web page background shines through. Its included on the web page you surf to but is downloaded from another site. Usually some Advert based site the download call along with the referrer information is enough to identify your machine as visiting some site. It normally works with cookies to send information to third parties about a your online travels. Other more malicious forms of Web bugs are "executable bugs," which can install a file onto people's hard drives to collect information whenever they are online. For example, one such bug can scan a person's machine to send information on every document that contains the word "sex" . The sneakiest bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, there are programs that can track live, private recordings through Webcams or voice recorders hooked up to computers. Other script-based bugs also execute files, but they're not installed on a person's PC. They can simply try to control the person's computer from its server, as well as track the consumer's travels on the Web from behind the scenes. An example of this can be found on a popular entertainment site, PassThisOn.com, which launches multiple browser windows when a person tries to exit the site. These methods can bypass your firewall since your browser will have permission to fetch stuff from web-sites. This principle can be employed in Word documents or em ails such that when you open them, some site somewhere is notified that some PC is opening and reading this document. Nice thought?
--------------------------------------------------------------------------------
8. Good Housekeeping:-
One consequence of surfing on the Internet is not only do other people want to know your surfing habits and real ip. So does your own PC! Each installed program will invariably come with some form of a history list. This list will be stored in the registry or less commonly in a text file with a .ini extension, usually found in the installation folder. In the registry search for LastVisitedMRU. These are used to enumerate your last five actions or so. i.e. Windows MediaPlayer has a hidden history list that contains a description of items last activated by it, be it some mp3 or visually enticing mpg movie. Likewise RealPlayer has a similar facility furthermore if you use it to search online music databases like DDB it will phone home to the RealPlayer web site sending your list of preferences along with a unique number that was written into the registry when the program was first installed, and its usually a mixture of your real ip and some pc generated number, i.e. a GUID. Thereby identifying you regardless of whether you employ a proxy or not!
Do Url's Go To Heaven?
Url's that you have surfed through may be stored covertly within the Swap File, on a just in case they are needed again basis, furthermore any of the microsoft products might, depending on your preference settings, choose to add one of these url's to its history list or Most Recently Used document list in MS Word's case. These are then stored in proprietary files and within and any of index.dat, system.dat, user.dat and on windows2000, Windows Millenium in pagefile.sys. or the Swap file. Each time you switch on your computer unknown to you these are then loaded into the respective program registry mappings or hidden files. Latest versions of windows use individual profiles called "UserData" stored within the registry. This is how Windows maintains its appearance of being static, looking the same, or attempting to achieve "persistence" across multiple boot ups. So some Url's do go to heaven and kinda live for ever ;-)
Spyware:
Some "free" software will, as it is being installed, copy a 2nd parties programs, usually to the System folder. These type of programs are what is known as AdWare since once online your surfing habits are monitored by the 2rd party and advert streams are sent to the application based on your preferences. The application author gets paid for allowing his program to target you with adverts and this is the price you pay for free software. Other nonspyware software can periodically attempt to update itself; for example, the Windows 98 Update feature checks an address at Microsoft every five minutes once you enable it (and you can't turn it off without uninstalling it). Naturally you don't want any of these things on your pc.
COM/SOAP
These are ostensibly microsoft protocols. SOAP leaves you insecure since it has access to the dns (domain name calls) and the underlying windows system. So it can request o/s serial numbers, bad if you paid for Windows by credit card. It can totally bypass any firewall and router filtering, since messaging is web page to web page. COM controls can be written to phone home via SOAP just as in HTTP. COM is the basis for .NET and the new Windows coming you way soon. Windows has been re-written to use COM everywhere including the windows controls such as edit, list and treeview controls etc. This makes Windows a highly insecure communications environment. Coupled with the fact that Microsoft shares some of its source codes with Govt Agencies and favored Corporations under strict terms of secrecy, this should alert the wise!
Cleaning Up:
Since each application that you have installed can store a History List of associated files, i.e. Internet Explorer will have a list of Url's your browser last surfed, for its use in its "IntelliSense" or Smart matching on partial Url's that you type into the browser AddressBar. You need an application to sweep these out and clean up each time that you either boot up or shut down. One such application is Window Washer it is safe and simple to use and it allows customized items both in the registry and any folder to be set for deletion. It comes with a default set of Windows locations to delete i.e. Documents under the Start menu is wiped clean. So for each application you will have to work out what it stores, where it stores it and set WindowsWasher to delete it on a regular basis. For the more trickier case of the Swap File, User.dat and Sytem.dat see The Swap File and Registry Basics faqs.
There are programs available to search for and remove phone home components, where web-bugs are concerned the use of a Firewall, either Norton Personal Firewall or Zonealarm are good 1st choices here, and proxy and cookie cleaning on a regular basis will minimize any problem here. A security site is working on a Web-Bug filter at present.
--------------------------------------------------------------------------------
9. Firewalls:-
A Firewall is a program that filters all ingoing and outgoing connections to the internet. Anyone who is running ADSL or Cable and other fixed ip services are more vulnerable to security breaches. A Firewall will allow you to set filters on which packets can enter or leave your computer. Most Firewalls come with standard settings enabled such as Application privileges, Internet traffic blocking, local network access to the systems services and shared accounts, and the blocking of known advertising companies. Along with the disabling of javascript this will stop all those annoying pop up windows appearing.
A firewall will also allow you to decide what appears in the packets that leave your computer i.e. your type of computer , operating system , timezone etc all which helps to enforce your privacy. If your computer is personal and for home use then find yourself a copy of AtGuard which is an excellent configurable Firewall, and if you cannot find a version, then Norton Personal Firewall is a good substitute since it purchased a license to the AtGuard kernel.
By darkfaq |
|
| |
Category : ProxyBlind Privacy News / Diary
| Posted By : proxyblind | Time : 05:58:30 pm |
|
|
| 16 Jun 2005 |
| Proxy Basics |
|
|
This is one of great article about basic steps of proxy wroten by famous Darkfaq. This article has been wroten a probably 6-7 years a go but is still very actual.
--------------------------------------
Information on the use of proxies
1. Introduction
2. Just a number?
3. What is a proxy server?
4. Why use one?
5. Proxy Types
6. Steps for Finding an Anonymous Proxy
7. Where to find a Proxy List
8. Where To Test Your Proxy for Anonymity
9. Where to Check The Proxy Server's Country
10. How to configure one in your browser
11. Obscuring a Proxy URL
12. Additional Security
13. Resources
1. Introduction:-
This is intended as a summary of proxy basics. A reminder as to why its required. Anonymity is needed because there are people who surf the net looking for other people's ip address or url name so they can then publicly malign them by finding their "true" identity and telling the world this person eats spam or likes to watch the grass grow, or in the case of an Advertising Corporation which will sell your identity to some retailer like WalMart. So some basic precautions that you need to take to avoid this are: using a proxy, disabling all cookie options, java, active-x, and all scripting options in your internet browser, print and file sharing in NetBios, and also installing a firewall. The following text attempts to be a summary of those basic methods by which you can anonymously communicate with other like minded persons.
--------------------------------------------------------------------------------
2. Just a number? :-
Before you can understand how best to protect your privacy, it's helpful to know just what information you're generating when you connect to the net, and how easy this is to trace.
At the very lowest level, when you connect to a website it will receive a record of your IP address - the unique number that indicates which computer you're using. If you use an ISP like Demon, that gives you a fixed address, that's enough to pinpoint your account. With a dynamic address, it'll pinpoint the modem line you connected to. Finding out which customer was using that line means matching up a time with the records from the computers that handle your login. On a busy system, that could mean finding one from tens of thousands of entries, but it can be done. This is how the police were able to track the source of the Love Bug virus to a dialup account used by a group of students in the Philippines. Some systems, such as AOL, might share an IP address between more than one user. The same is true of some corporate gateways to the net; but even so, there will usually be a way to work back to a specific system, even if it involves trawling through pages of log files. One way of hiding these sites is to go via a proxy, making the address that appears in the web server's logs that of the proxy server. Of course, all that's really doing is adding another link to the chain, since the proxy server will have a record of what you're asking it to do. But with the Proxy Server resident in a foreign country this is time consuming, probably not practible and faced with proxy chaining most will just give up. This is also what makes proxy servers a useful tool for those who want to see what you're up to. Even though you may not think your web requests are going through one, many internet service providers (ISPs) use so-called 'forced proxying'. This means that all web requests are routed via a transparent proxy. You don't need to change any settings in your browser, but the effect is the same. For an organization or country that wants to control and monitor what people are seeing on the web, it's ideal.
Thoughts regarding the use of system logs as evidence: Log files make crap evidence, for a start they're easily forged, and you're reliant upon computer generated evidence. What jury will believe a computer over a human? At best log files are supporting evidence, in most cases they only show logins, connections and other impersonal evidence, no log can say BEYOND REASONABLE DOUBT that someone did something, they only say this machine number connected at this time, it don't say anything about the identity of the person. If in doubt deny everything, after all its the job of the prosecution to prove you are guilty of some misdemeanor.
--------------------------------------------------------------------------------
3. What is a proxy server:-
A Proxy Server is a firewall and cache server. It can allow an entire network of computers to access the internet(http or ftp) with a single IP. it can act as a kind of filter for that network. Let's say you have 3 computers in some small network in japan going through a proxy server, schematically it looks like this.
------->|
------->|Proxy Server ----> The Web Site
------->|
If you are at home with internet access through your ISP, this is what your connection looks like :
(PC)------>Your ISP ----> The Web Site
If the proxy server in the network above allows other users to use it we can do this : (PC)------->Your ISP ---->Proxy Server ----> The Web Site
From the above diagram we can go through the proxy server and hide our real ip address or url name! The Web Site will only see the ip address or url name of the proxy server and NOT that of your isp, thereby making you anonymous!
--------------------------------------------------------------------------------
4. Why Use One:-
To act as a security firewall or ip filter.
To reduce the network load by caching commonly requested pages.
To translate the material into another language.
To improve access speed for users, achieved by caching.
Our interest lies in the first option i.e. becoming anonymous and Surfing Safe It isn't guaranteed that simply by using a proxy you will be anonymous. Some proxy servers will forward your real ip at random intervals others do it by default, others do by request from the web site that you visit. This makes it necessary to test your proxy for nym status at an Proxy Checking site. These sites will allow you to test the information or headers that are passed from the proxy server to the web site, careful inspection of these will allow you to decide just how anonymous you really are. An example header is:HTTP_USER_AGENT: IE5 WIN2000
which tells the site your browser and operating system type. So once you enter a website, and click any one of the files on the webserver, the website owners can find out these items of information about you, and much more:
Your IP Address.
Your hostname.
Your continent.
Your country.
Your city.
Your web browser.
Your Operating System.
Your screen resolution.
Your screen colors.
The previous URL you visited.
Your ISP.
--------------------------------------------------------------------------------
5. Proxy Types:-
The two most commonly used proxy types are http and socks each uses the common ports 8080, 1080 respectively. http proxies are for use with your browser. Socks which is a valid proxy alternative allows you sockisfy http, ftp, telnet, nntp, and common chat protocols similar to icq.
--------------------------------------------------------------------------------
6. Steps for Finding an Anonymous Proxy:-
Step 1.
Find a List of Proxies
Step 2.
Check the Proxies for Anonymity
Step 3.
Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party!
--------------------------------------------------------------------------------
7. Where to find a Proxy List:-
Visit the various proxy sites that offer 8080 or 1080 proxies.
Proxy Lists:
http://www.proxyblind.org/list.shtml
Also you can use Proxy Hunter (check section of free proxy tools) to search for proxies in given domain ranges.
--------------------------------------------------------------------------------
8. Where To Test Your Proxy for Anonymity:-
Go to one of these sites, even more than one to double check, read the environment variables, look for the ip address or url name. If you see your ip number then you are not anonymous!
http://www.proxyblind.org/test.shtml
Anonymity 4 Proxy
allows the importing and testing of lists of proxies
--------------------------------------------------------------------------------
9. Where to Check The Proxy Server's Country :-
Avoid US/UK/Canada/Australia/NZ and most western European countries!
http://www.arin.net/whois/
http://www.samspade.org/
--------------------------------------------------------------------------------
10. How to configure one in your browser:-
To enable a proxy server in IE
Go to: Tools... Internet Options... Connections... Settings
If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname into the "Address" Editbox and port number into the "Port" Editbox normally 8080.
Tip: In the "General" tab make your Proxy Checking Url your chosen "Home Page" this allows you to check each time you log on.
To enable a proxy server in Netscape:
Go To: Preferences... Network... Proxy tab
Same as Internet Explorer
--------------------------------------------------------------------------------
11. Obscuring a Proxy URL:-
An additional method is to obscure your url using hex codes so it turns out like looking like this
http://3513587746@3466536962/~anyname/homepage.htm
--------------------------------------------------------------------------------
12. Additional Security:-
Your security can be further advanced by chaining proxies whether they be http based or socks proxies. And schematically might look like this: client ---> proxy1 ---> proxy2 ---> Web Site.
Each proxy server type has its own chaining syntax.
HTTP/FTP
The most common syntax is of the form proxy1.jp:8080//proxy2.kr:8080. This is added direct to your address editbox. Other proxy servers like the Japanese DeleGate servers use -_- to prefix the proxy and this can be typed straight into the url address bar i.e. type http://needmore.cs.utexas.edu:10080/-_-http://www.yahoo.com, note the "-_-", similar syntax applies to ftp sites since DeleGate Proxy Servers offer a ftp proxy service. The majority of proxy servers will use the http transport to convey the ftp information, and in doing so may or may not adhere to the connection conventions laid out in the ftp protocol. So to avoid revealing your ip address via an ftp connection its best to use a socks proxy for the purpose of anonymity, probably combined with some ftp client program. Proxy Hunter can be used to find the fastest proxies.
SHTTP/HTTPS
SHTTP aka Secure Hypertext Transport Protocol is a modified version of the Hypertext Transport Protocol (HTTP) that includes security features. implementations include Digital Signitures, MAC aunthentication, Public/Private Key Encryption.
HTTPS aka SSL (S)ecure (S)ocket (L)ayer is similary a secure messaging protocol but it differs from SHHTP in that supports a variety of protocols such as FTP/HTTP etc. SSL is compatible with firewalls and tunneling connections. Other protocols have their own secure versions such as FTPS for ftp and NNTPS for NNTP or Network News where some news servers allow upload via a secure connection.
WARNING: Since both these protocols allow connections on arbitrary or secure ports 443 in the case of SSL. These connection requests, unless blocked by a firewall or handled via a secure proxy specific to the protocol, will reveal your ip address in the connection process!
SOCKS:
Socks Proxies which are the most flexible covering many protocols can be successfully chained using a program called SocksChain which chains 2 or more socks proxies. If you use say 4 socks proxies chained together because you want to post on some Russian news server. Then this will make you anonymous. Similar applies to ftp http mail icq etc.
Proxy Chaining:
The basic idea is this: although not all chainable proxies have web interfaces (a web page with a form where you can enter the URL you want to surf to using the proxy), several do have such interfaces. Three that are well known are MagusNet, the Anonymizer, and the Anonymicer.
Before starting, go to http://www.tamos.com/bin/proxy.cgi and write down the set of four decimal digits that make up your current IP address. Now, here's how to figure out how to learn to chain proxies with web form interfaces: Also try ports 8088 and 8090 for some additional interesting results. MagusNet uses a DeleGate proxy server; many other DeleGate proxy servers also have web interfaces and are chainable; to find several, notice the title of the MagusNet page: 'DeleGate for Non-CERN-Proxy clients'. Searching for that phrase on the standard US and Japanese search engines will turn up several other DeleGate proxy servers you can easily find the prefixes for using the exact same technique outlined above.
Many other DeleGates have no web interfaces, but they are chainable, too. Any time you are testing proxies you have found by scanning with ProxyHunter, searching on Search Engines, or filtered out of lists like the ones at Proxys4All or out of guestbooks or Boards at sites dealing with proxies etc., just test them to see if they can be chained. For example, if the _fictional_ proxy my_url.jp:80 is identified as a DeleGate on the Tamos page (or any of the other ENV testers listed on the Proxys4All Tools page), try http://www.my_url.jp:80 /-_-http://www.tamos.com/bin/proxy.cgi and see if it works. If it does (and many times it will), you've got another chainable proxy to add to your list.
--------------------------------------------------------------------------------
13. Resources
Proxy Hunter: This is a good freeware proxy scanner
Anonymity 4 Proxy
. This program can inform if a proxy allows connection for HTTP, SSL and FTP.
HTTPort
Is freeware and it can use a SSL proxy to tunnel requests to a wide variety of net services.
Socks2HTTP
Socks2HTTP is an agent converting SOCKS v.5 requests into HTTP requests and tunneling them through HTTP proxy.
Newsgroups dealing with Anonymity
alt.anonymous
alt.anonymous.email
alt.anonymous.messages
alt.hackers
alt.security.keydist
alt.security.pgp
comp.security.pgp
comp.security.pgp.announce
comp.security.pgp.discuss
comp.security.pgp.resources
comp.security.pgp.tech
misc.security
sci.crypt
sci.crypt.research
By darkfaq |
|
| |
Category : ProxyBlind Privacy News / Diary
| Posted By : proxyblind | Time : 05:55:37 pm |
|
| |
|
|
