_____________________________________________________________________________


                    advanced proxy studies - by anonimous_admin


subjects discussed here:


1. types of proxies: web proxy, WinSock proxy and Socks proxy
2. very detailed explanation on how http requests are handled through proxies:
3. types of proxy chaining




1. Types of Proxies:
1.1 Web proxy - the well known proxy for the HTTP protocol, used when clients request web docs from WWW servers with their browsers- IE, Netscape or Opera. Windoze, Apple and linux can all use that proxy service
1.2 WinSock proxy - used by Windoze applications like IRC, NetShow, Real Audio, ets. Both TCP and UDP are involved.
1.3 Socks proxy - yet other apps using the SOCKS version 4.3.a. those can include news readers(the NNTP protocol), email apps the SMTP protocol, FTP, Telnet, ets.Pleanty of info about Socks at: www.Socks.Nec.com You can d/l the SocksCap apps from there, too. Use it to start any program that you use online and it will route everything throught the socks server giving the socks ip as yours To set-up SocksCap:
goto irc4all and get a list of socks 5 servers


set SocksCap for socks 5 then exit Settings and click the New button and then click Browse and look for the program you are going to use, click on it and click open then click ok when the main windows comes back up just click run and you are ready to go.









2. How exactly are http requests handled through proxies:
2.1 A socket is opened to a port (8080) on some proxy (proxy.meschede.UNI-PADERBORN.de).
2.2 The following lines are sent trough this proxy, changing \r with ascii code 13, and \n with ascii code 10 ;-)


GET http://www.someplace.org/030300.htm HTTP/1.1\r\n
Host: www.someplace.org\r\n
User-Agent: Nozilla 0.99a\r\n
Accept: */*\r\n
\r\n


c) I get back the expected html page trough the proxy.


If I try to chain another proxy after this one, then point b) would look like:


GET http://another.proxy.com:8080/www.someplace.org/030300.htm HTTP/1.1\r\n
Host: another.proxy.com\r\n
User-Agent: Nozilla 0.99a\r\n
Accept: */*\r\n
\r\n


but that doesn't seem to work. Why? What's wrong?
My guess is that there's no "port" information on the "Host:" line, so, the first proxy tries to connect to the default port 80.
Another guess is that the second proxy needs to interpret correctly the whole "GET" line, to reformat and split the path info into yet another valid "GET" and "Host:" combo.
extensive info on how proxies work can be found in RFC2068 ftp://ftp.ripe.net/rfc/rfc2068.txt



3.Proxy chaining is primarily supported by DeleGate servers, WinGates, and CGI proxies.



DeleGate is a free proxying software that can be found out http://wall.etl.go.jp/delegate/. Common proxy portals that use the DeleGate server software include Magusnet and Spaceproxy. There are many other manual proxies that are DeleGate servers. A DeleGate server would chain to Altavista like this: http://128.11.219.251:8084/-_-http://www.altavista.com/


Notice the colon, identified port number, and chain sign -_-



WinGate is also a third-party server software and can be found at http://wingate.deerfield.com/. The 2.0 versions had default settings that allowed anyone to "bounce off" of the server and had logging turned off. It allowed not just the http protocol to be proxied through but more usefully telnet and ftp could be used as well. WinGate is now at version 4.0 and has tightened up security considerably so these "open servers" are exceedingly rare now.


Many CGI proxies are derived from the original script written James Marshall. It can be found at http://www.jmarshall.com/tools/cgiproxy/. The people at Cyberarmy have a simplified version of the J. Marshall script called the CyberAnonymizer that has been widely distributed. The Australian Whois.com.au/ uses the CyberAnonymizer.


Other CGI proxies include Anonymizer and other common web-interface proxies many people are more familiar with.


Each class of proxy has its own chain syntax convention.


Some web-interface proxies chain like this: http://invis.free.anonymizer.com/http://www.altavista.com/


Some CGI proxies chain by adding cgi paths to the URL like this: http://isecure.dreamhost.com/nph-a2.cgi/http/www.altavista.com





some experiments that you may find helpfull.


I entered '127.0.0.1:8080' into the 'manual proxy' field and tried to reach as url 'http://mysite.com/index.htm'


here is what my netscape actually send :


GET http://mysite.com/index.htm HTTP/1.0Proxy-Connection: Keep-AliveUser-Agent: Mozilla/4.51 [en] (Win98; I)Host: mysite.comAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Encoding: gzipAccept-Language: enAccept-Charset: iso-8859-1,*,utf-8



Now if I enter as url the following :
http://myproxy.com:8080/mysite.com/index.htm


I get :


GET http://www.myproxy.com:8080/mysite.com/index.htm HTTP/1.0Proxy-Connection: Keep-AliveUser-Agent: Mozilla/4.51 [en] (Win98; I)Host: www.myproxy.com:8080Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*Accept-Encoding: gzipAccept-Language: enAccept-Charset: iso-8859-1,*,utf-8



As you can see, The Host header do well include the :8080


So, to summarize, I think the problem origin may be your second guess which is confirmed by NME : It depend on how proxies must be chained together.


It should maybe be usefull to find out some 'syntax' on how web proxies should be used ...
2) "Direct sock connection" Problem.- Really I don't know how this is done but indeed it works, the procedure seems to override any usual protocol used to access the web page (HTTP, FTP,HTTPS) so proxies set for covering those protocols become useless.
Solution.- SOCKS field into proxy section on browser configuration never should be blank. Best option is having a true working Socks proxy (port 1080), then it will be the Socks proxy's IP what a malicious page would be able to get. Unluckily, socks proxies are hard to find but still there is a solution: write an impossible "dummy" IP into the SOCKS field such 999.999.999.999 (port 1080) then the malicious code will provoke a connection error.
It's important to understand this: When you set a Socks proxy it will take care of all those protocols not covered by other proxies. For instance, if you have configured just an HTTP proxy and a working SOCKS proxy, if you try to access a ftp:// or https:// page, connection will be done through the socks proxy, so providing a fake one you'll always obtain an error. Then, if dummy socks, you'll have to cover FTP and Secure (HTTPS) fields using a working proxy. Many usual HTTP proxies also cover those two protocols, try to copy the HTTP settings in FTP and Secure fields, access some ftp:// and https:// pages and prove all is working fine. Or, A4proxy (http://www.inetprivacy.com/) allow to check anonimity of proxy and will inform you if it supports both HTTPS and FTP as well (Enable "Check for FTP/HTTPS Support on Reset data" on Proxy Options tab and "Reset Data" on Proxy Check tab before testing a proxy).


Chaining Proxies


This small tutorial will obviously be on Chaining Proxies. I am sure
that most of you are asking, "Chaining... What?". If this is you,
don't feel discouraged; you are not alone out there. Firstly, I will
explain what the chaining of proxies will do for you, and why. Then
I will show you how to set actually set it up on your computer.
What is "Chaining Proxies?" this is not so difficult to understand,
but rather difficult to explain. Think of a real steal, or metal
chain (Do they still make metal chains?). As you know a chain made
of some sort of metal gains strength by adding more rings, or chain
links to it. Like wise, your anonymous presents on the Internet get
stronger with each additional proxy you add. Of course there is
always a downside with having a large Titanic size anchor chain. Its
own weight slows it, and dramatically slows down the ship. Think of
each link on the chain as a Proxy address. On the Internet, each and
every chain ring must be recognized, and opened. As you can see, the
more proxies that you have the more anonymous you become. Although
having to many chain rings will just slow you down. Remember the
proxy is actually contacted and opened; it then becomes part of your
connecting to the Internet.
Now that you know how Chaining works, let's get down to the dirty
work. I am sure that you remember how to get to your "Internet
Options" Dialog. But if you don't: From your desktop, click on
Start-> Settings-> Control Panel and then double click on Internet
Options icon. Once opened, click on the "Connections" tab, and then
the "Settings..." button in the Dial-up Settings box. In the "Proxy
Server" category, you will place all of your addresses. You will
need to put in the server address, a colon " : ", then the port
number. Then place as many proxies as you wish in the server text
box, leaving a space between each one (See Image at Right). Now, the
last address that you have in your server text box will have a port
number. That port number goes in the proper port number box just to
the right.


_____________________________________________________________________________