NOTE: this FAQ is being written right now

advanced proxy studies


subjects discussed here:
    1. types of proxies: web proxy, WinSock proxy and Socks proxy
    2. very detailed explanation on how http requests are handled through proxies:
    3. types of proxy chaining

1. Types of Proxies:

    1.1 Web proxy - the well known proxy for the HTTP protocol, used when clients request web docs from WWW servers with their browsers- IE, Netscape or Opera. Windoze, Apple and linux can all use that proxy service
    1.2 WinSock proxy - used by Windoze applications like IRC, NetShow, Real Audio, ets. Both TCP and UDP are involved.
    1.3 Socks proxy - yet other apps using the SOCKS version 4.3.a. those can include news readers(the NNTP protocol), email apps the SMTP protocol, FTP, Telnet, ets.Pleanty of info about Socks at: www.Socks.Nec.com You can d/l the SocksCap apps from there, too. Use it to start any program that you use online and it will route everything throught the socks server giving the socks ip as yours To set-up SocksCap:
    • goto irc4all and get a list of socks 5 servers
    • set SocksCap for socks 5 then exit Settings and click the New button and then click Browse and look for the program you are going to use, click on it and click open then click ok when the main windows comes back up just click run and you are ready to go.





2. How exactly are http requests handled through proxies:

    2.1 A socket is opened to a port (8080) on some proxy (proxy.meschede.UNI-PADERBORN.de).
    2.2 The following lines are sent trough this proxy, changing \r with ascii code 13, and \n with ascii code 10 ;-)
      GET http://www.someplace.org/030300.htm HTTP/1.1\r\n
      Host: www.someplace.org\r\n
      User-Agent: Nozilla 0.99a\r\n
      Accept: */*\r\n
      \r\n

    c) I get back the expected html page trough the proxy.

    If I try to chain another proxy after this one, then point b) would look like:
      GET http://another.proxy.com:8080/www.someplace.org/030300.htm HTTP/1.1\r\n
      Host: another.proxy.com\r\n
      User-Agent: Nozilla 0.99a\r\n
      Accept: */*\r\n
      \r\n

    but that doesn't seem to work. Why? What's wrong?
    My guess is that there's no "port" information on the "Host:" line, so, the first proxy tries to connect to the default port 80.
    Another guess is that the second proxy needs to interpret correctly the whole "GET" line, to reformat and split the path info into yet another valid "GET" and "Host:" combo.
    extensive info on how proxies work can be found in RFC2068 ftp://ftp.ripe.net/rfc/rfc2068.txt

3.Proxy chaining is primarily supported by DeleGate servers, WinGates, and CGI proxies.



DeleGate is a free proxying software that can be found out http://wall.etl.go.jp/delegate/. Common proxy portals that use the DeleGate server software include Magusnet and Spaceproxy. There are many other manual proxies that are DeleGate servers. A DeleGate server would chain to Altavista like this: http://128.11.219.251:8084/-_-http://www.altavista.com/

Notice the colon, identified port number, and chain sign -_-


WinGate is also a third-party server software and can be found at http://wingate.deerfield.com/. The 2.0 versions had default settings that allowed anyone to "bounce off" of the server and had logging turned off. It allowed not just the http protocol to be proxied through but more usefully telnet and ftp could be used as well. WinGate is now at version 4.0 and has tightened up security considerably so these "open servers" are exceedingly rare now.

Many CGI proxies are derived from the original script written James Marshall. It can be found at http://www.jmarshall.com/tools/cgiproxy/. The people at Cyberarmy have a simplified version of the J. Marshall script called the CyberAnonymizer that has been widely distributed. The Australian Whois.com.au/ uses the CyberAnonymizer.

Other CGI proxies include Anonymizer and other common web-interface proxies many people are more familiar with.

Each class of proxy has its own chain syntax convention.

Some web-interface proxies chain like this: http://invis.free.anonymizer.com/http://www.altavista.com/

Some CGI proxies chain by adding cgi paths to the URL like this: http://isecure.dreamhost.com/nph-a2.cgi/http/www.altavista.com




some experiments that you may find helpfull.

I entered '127.0.0.1:8080' into the 'manual proxy' field and tried to reach as url 'http://mysite.com/index.htm'

here is what my netscape actually send :

GET http://mysite.com/index.htm HTTP/1.0
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.51 [en] (Win98; I)
Host: mysite.com
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8


Now if I enter as url the following :
http://myproxy.com:8080/mysite.com/index.htm

I get :

GET http://www.myproxy.com:8080/mysite.com/index.htm HTTP/1.0
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.51 [en] (Win98; I)
Host: www.myproxy.com:8080
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8


As you can see, The Host header do well include the :8080

So, to summarize, I think the problem origin may be your second guess which is confirmed by NME : It depend on how proxies must be chained together.

It should maybe be usefull to find out some 'syntax' on how web proxies should be used ...
2) "Direct sock connection" Problem.- Really I don't know how this is done but indeed it works, the procedure seems to override any usual protocol used to access the web page (HTTP, FTP,HTTPS) so proxies set for covering those protocols become useless.
Solution.- SOCKS field into proxy section on browser configuration never should be blank. Best option is having a true working Socks proxy (port 1080), then it will be the Socks proxy's IP what a malicious page would be able to get. Unluckily, socks proxies are hard to find but still there is a solution: write an impossible "dummy" IP into the SOCKS field such 999.999.999.999 (port 1080) then the malicious code will provoke a connection error.
It's important to understand this: When you set a Socks proxy it will take care of all those protocols not covered by other proxies. For instance, if you have configured just an HTTP proxy and a working SOCKS proxy, if you try to access a ftp:// or https:// page, connection will be done through the socks proxy, so providing a fake one you'll always obtain an error. Then, if dummy socks, you'll have to cover FTP and Secure (HTTPS) fields using a working proxy. Many usual HTTP proxies also cover those two protocols, try to copy the HTTP settings in FTP and Secure fields, access some ftp:// and https:// pages and prove all is working fine. Or, A4proxy (http://www.inetprivacy.com/) allow to check anonimity of proxy and will inform you if it supports both HTTPS and FTP as well (Enable "Check for FTP/HTTPS Support on Reset data" on Proxy Options tab and "Reset Data" on Proxy Check tab before testing a proxy).