Proxomitron, is it any good?

Using it, does it make me more secured over the internet?

http://www.proxomitron.info/

 

Yes to a point. As long as you have the right filter set it should be pretty secure. Some claim the Proxo even masks your IP but you would have to use a HTTP proxy. I have been toying with my proxo every since I downloaded and I got to know how to use it to a point. But Proxo can hide browser referrer and stuff like that. There's a lso web bug filter sets that block web bug. Proxo has a little learning curve though but there is a forum for proxo (2 I think). I find proxo works really good with IE.

 

works real good with Opera too.

if you use it for Opera get a good Ad blocker (since adshield will be no good for u) & an Iframe killer (not really needed if you disable inline frames) but will defeat the malware exploit if you have both frames & inline frames enabled in Opera preferences.

ck here:

http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=33


and here:

http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=1012

 

Proxomitron is as good a web-filter as you will find on the net simply because of the basic fuctions/architecture. Ther is a learning curve involed. However it is not as great of one as others would have you believe. Do do to the form (posted earlier on this thread) and read some of the threads there. In my opinion the best configuration for a "newbie" would be JD5000's "basic" configuration. Also, it is possible to filter out or block your IP address from being trasmitted without using an anonymous proxy. The easies way to do this, once you have proxomitron, would be to merge your current filter with the filter from Jakx. Also, you will want to filter out Java IP retrieval applets. Use this filter to do this:

[Patterns]
Name = "Applet change class w/Indicator"
Active = TRUE
URL = "($TYPE(htm)&(^$LST(AllowApplet)(^$LST(AllowJS))))"
Bounds = "$NEST(<applet,</applet>)"
Limit = 1012
Match = "*"
Replace = "<img src="\dhtml/devs.gif" height="25" width="18">"

If you nedd specific help on how to do this PM me. I'll be happy to help you.

P.S. I know this is not a proxomitron forum but since the questions were askied I thought I'd help.

 

n8,

If you are referring to Jakx ip spoofer, it does not make your IP annonymous as discussed here:

http://www.wilderssecurity.com/showthread.php?t=6800

try your proxo IP mask here:

https://testzone.secunia.com/browser_checker/

If you are referring to another filter please fill us in.

Also good point about Java IP retrieval applet.

I use something similar which kills any Java Applet which I have not OKd.

 

I am refering to Jakx's IP spoofer. However the use of it requires some tweaking. You will need to ïnsert your IP address into the filter; which depending on if you have a synamic or static IP address can be difficult to do. That needs to be done so the filter will know what to block. This is the particular filter I was talking about, which I believe is part of Jaxk's config:

In = FALSE
Out = TRUE
Key = "Cookie: 0 Replace IP Address (out)"
Match = "\0INSERT.YOUR.IP.HERE\2"
Replace = "\0$LST(ClientIP)\1\2"

This used in conjunction with the Java applet grabber I listed previously should block you IP, or more correctly spoof your IP

 

N8, hate to say it, but, the more I look at your suggested altered filter the more skeptical I become.

My reasons are:

1) when I looked at Jakx IP spoofer initially, I looked at the source JakBENymble and understood how his filter worked. I just revisited the source and nothing new added. One would think that the source would have this addendum if it were viable.

2) I'm no techy but doubt very seriously that IP address & ID of same is dependent in anyway on a cookie which is the implication of the suggested header filter.

Additional Questions for N8:

+ Will your altered Jakx filter work with any version of Proxo?

+ Did you invent the alteration to Jakx filter or did you get it somewhere? If you found it please provide source.

+ You never answered this question. Please answer how this Altered Jakx filter does against this:

https://testzone.secunia.com/browser_checker/

if you get a chance how does it do here:

http://www.a861.com/cgi-bin/test-env.pl

here:

http://www.lagado.com/proxy-test

and here:

http://privacy.net/analyze/

*********************************************

Ok I tried it, maybe I'm doing something wrong, or maybe it just doesn't work. It did not work 4me.

Using a config which included Jakx IP spoofer, I added to web filters:

[Patterns]
Name = "Applet change class w/Indicator"
Active = TRUE
URL = "($TYPE(htm)&(^$LST(AllowApplet)(^$LST(AllowJS))))"
Bounds = "$NEST(<applet,</applet>)"
Limit = 1012
Match = "*"
Replace = "<img src="\dhtml/devs.gif" height="25" width="18">"

looks like in my lists folder I need to add the 2 referenced lists above AllowApplet & AllowJS, I can't find anything else.

and

under header filters I added:

In = FALSE
Out = TRUE
Key = "Cookie: 0 Replace IP Address (out)"
Match = "\0andINSERTed.My.dynamicIP.HERE\2"
Replace = "\0$LST(ClientIP)\1\2"

 

I stand on my belief that you need to use a proxy to get the IP spoffers to work with Proxo. I downloaded unzipped the Jakx ip spoof filter and used it without a Proxy ( I don't use a proxy) and it still showed my IP addy and other stuff. I tried it the way N8 stated to do and it still showed my IP addy. I think hiding you IP addy with proxo without a proxy is not possible.

 

back to original question.

I think the answer is yes Proxo can make you more secure as part of a layered defense as notageek pointed out initially (quoted below).

example go here:

http://www.wilderssecurity.com/showthread.php?t=11975

and try exploit #4 without proper defense. read all warnings first

also agree with notageek here:

agree, till proven otherwise

n8 I would love to see you prove us wrong here

*****************************

also remember more secure is not necessarily synonymous with a cloaked or anonymous IP addy

also take very seriously the concept of man in the middle exploit with regards to using anonymous proxies

 

thanx guys

 

If you can't beat them, confuse them!

 

I can see I really inginted a discussion. Hopefully after today I will have solved my internet issues (switching from DSL to cable). Then I will be able to answer all your queswtions. Right now I'm at the library so I don't have proxo running. I will answer questions, and in some cases critics , when I am able to.

 

Also, you most certainly can use anon proxies if you want to; which can also be used in proxomtron (to eliminated complations of chaining) That most certainly can be done. I was just rying to say there are other ways of doing the same thing.

If you do chose to use anon proxies check to see if there are truly anonymous, can be done via the log in proxo, or if their anonimity is just a "front"so to speak. Some änonymous"proxies reveal the user. Here is a list of anon proxies: (check before use). Again I will answer more specific questions when I can.

 

Confusion is the essence of the Jakx fake IP spoofer.

Bottom line, my view is: Jakx IP spoofer filter was not designed to mask or cloak, just confuse. It does exactly what it purports it will do. I still think this is a good add to your arsenal, you just need to understand it will not hide your IP

Just found this from JackBeNymble and I will enable header filter close connection in & out for my Jakx config since if I recall many proxy testing sites would catch as not a real proxy:

*************************

http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=173

If You use "Spoofers", to make Your "FAKE PROXY" look more "real" to the sites, You need to enable the "Connection: Close all connections (In+Out)" Filter. This will make it look more like You are behind a Remote Proxy to the sites. Here is the Connection Filter just in case it doesn't come with the Original Default.config's.:

In = TRUE
Out = TRUE
Key = "Connection: Close all connections (In+Out)"
Replace = "close"

And remember to tick both the "IN" & "OUT" box for the Filter.

 

Don't take our comments to set the record straight, as we see it, as criticism. It is not intended as such.

I hope within a weeks time you can prove my comments wrong. If you do, I'll be among the first to give ya props.

On the other hand if no response, in a reasonable amount of time, I think one can conclude the obvious.

BTW don't forget to take these Q's on:

Additional Questions for N8:

+ Will your altered Jakx filter work with any version of Proxo 4.x and above?

+ Did you invent the alteration to Jakx filter or did you get it somewhere? If you found it please provide source.

+ You never answered this question. Please answer how this Altered Jakx filter does against this:

https://testzone.secunia.com/browser_checker/

if you get a chance how does it do here:

http://www.a861.com/cgi-bin/test-env.pl

here:

http://www.lagado.com/proxy-test

and here:

http://privacy.net/analyze/




OT - whoa nellie!!!! I just hit PF11 by mistake in Opera (very nice feature full screen toggle, right click mouse to stop & go back, middle mouse to move up & down (and side to side & diag. coming in vs 7.2 (they are on 7.2b11 now and looking like they are getting real close to a final release)

 

I ran across this recently, thought you might be interested:

http://www.computercops.biz/postt5542.html

excerpt:

query kpfuser posted:

Onlooker responded:

note from Peakaboo: since I'm not a techy I don't feel I am in a position to validate any of what Onlooker posted, but sure made me sit up and take notice. Made a lot of sense to me. I will be adding some new loopback rules to my firewall as a result.

Proxomitron is one of the best utilities I have. I can't imagine surfing the net without it.

Thanks Scott

 

I used sygate free firewall and there was a loopback problem with sygate and proxo. Sygate would let programs piggyback on proxo to get out. I dropped sygate. I'm not sure if the pro version is like that. I was scared it was so I just didn't buy the pro version. I think ZA is safe when it comes to the loopback thing. Kerio is also safe from what heard.

 

I use free Kerio firewall.
How do I do this?
Quote
"If you use a rule-based firewall, you can get around this by allowing use of the loopback address only on an application-by-application basis. I have a rule in Kerio firewall following these permission rules which blocks anything else from using the loopback, and it is set to alert me about anything trying to do that."

Thanks,
Jerry

 

So as I remember the question "is it any good"?.

Thanks

 

It looks like there was answers to the question. I think that a few people answered the question.

 

You dont understand, I dont want people saying yes but you must do this and that, I want people to say a definate yes.

Thanks

 

Yes it's good.

 

Thanks You, I'll still use any way.

Thanks

 

OK but I gave you an answer.