You get a bonus - 1 coin for daily activity. Now you have 1 coin

Security Proxy or should you trust public proxy servers?

Lecture



Proxy security is a question that everyone who tries to find and write to the search engines the request “Fresh proxies” should think about, and in this short article I will explain why. By the way, if someone does not know what a proxy is and how they differ, you are welcome here “What is a proxy”

Initially, I want to divide the audience into two categories:

  1. One needs a proxy for all parsers, checkers, anti-captchus, and so on. For them, this article, or more precisely the video, will not be of particular interest, because they don’t particularly care about the protection of personal data when transferring information through Proxy.
  2. Another for anonymity, pentest, etc. But for those who belong to this category, this information will be very useful.

Proxy Security

I have long talk on all sorts of forums. And quite often I heard all sorts of not very pleasant stories about the use of public proxies. Many probably have heard that some proxies create traps - honeypot sniff the traffic passing through them and intercept the information. I’m probably not going to retell these horror stories, but I’ll suggest that you watch the video report of one of the participants in the hacker conference Defcon Chema Alonso, in which he tells how the botnet was created using a proxy server for them and his team.

Very interesting information that the author presented with humor. Report in English.

Chema Alonso used to think together with his friends about how to do so without hacking computers to get user passwords and logins. How to make it so that they themselves provide them, so to speak voluntarily?

And they came up with a brilliant idea - to create a public proxy server distributing Javascript botnet. The guys quickly cooked up a proxy and installed the necessary software, sniffers and all that.

Now I had to make it so that everyone would know about this proxy. On one of the sites providing fresh proxy lists, the IP address of their proxy server was posted. And so, as all sites providing fresh proxy lists tyryat material from each other, this IP for a couple of days got on a bunch of similar sites and traffic poured on them, sometimes not interesting, and sometimes the sniffer caught quite interesting logs about which the author video with humor tells.

As for paid proxies, I can not say anything. This should be checked separately for each service. People, proxy security is a very serious topic, and I think having watched this video, every time you use a public proxy, you will well think whether to enter your usernames and passwords from social networks and mail services, is it really worthwhile to behave badly.

If you had a negative experience of use, share with us, write in comments.

Comments

To leave a comment
If you have any suggestion, idea, thanks or comment, feel free to write. We really value feedback and are glad to hear your opinion.
To reply

Malicious, and information security

Terms: Malicious, and information security