How can I chain proxies on FF or IE?

Discussion in 'privacy general' started by rOadToIS, Aug 5, 2009.

Thread Status:
Not open for further replies.
  1. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    I tried to chain several proxies, but it didn't work. Does anyone know how to chain HTTP (anonymous) proxies?
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    1. http proxy = not anonymous
    2. You can't chain them via the browser.
     
  3. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    Steve, I thought some HTTP proxies were anonymous?!
    How are they not anonymous?
    Also, how can I chain them then?
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    Is this not chaining ?
     

    Attached Files:

    • ch-p.png
      ch-p.png
      File size:
      40.7 KB
      Views:
      4,356
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That isn't chaining through a browser, that is a chained URL, which is independent of the browser. Kind of funny though! HTTP relays are not anonymous as they don't really use any anonymity techniques such as crowding/mix/multiplex/cascade etc.
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  7. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    SteveTx

    Funny to you maybe !

    The question was " How can I chain proxies on FF or IE? "

    As far as i knew, that's what i did. I now see that there are different methods of chaining, which i wasn't aware before, so Thanx for that.
     
  8. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    You can chain proxies by using some freeware like ProxyRama (did not tested on Vista but on WindowsXP works fine) or using Sockschain from ufasoft.com

    I have found some time in past to make some tutorial about chaining using Sockschain:
    http://www.proxyblind.org/pictorial_proxy_socks_tutorial.shtml

    Socks proxy servers are always good for chaining and HTTP proxy that support connect mode (SSL or HTTPS proxy servers). You can use in chaining mode also transparent proxies because HTTP_Client_IP and HTTP_Forwarded_For_IP variable do not exist in the Connect mode.

    ps

    In my opinion chaining proxies is great way to make almost impossible for other side to track you. If you use 3-4 proxies in chain from third world countries tracking from destination site to you is close to impossible.
     
  9. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    MakePB

    Thanx for the info.
     
  10. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    Stve will tell you how bad chaining proxies are but I have tested proxy chains against his "DeAnonymizer" and passed with flying colors. In fact, I used it with Tor and passed, VPN and passed, a residential proxy I use and passed. Not one instance of his thing "blew my real IP identity wide open."
     
  11. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    There are always advantages and disadvantages but..

    You do not gonna to use proxy chains for page which require logins (if you use open proxy servers available for anyone) but for usually surfing through the Net proxy chains is great.
    If you use for example 3 proxies in chain. And if chain looks as:

    You -> Proxy USA -> Proxy Iran -> Proxy China -> Final Destination

    then if "Final Destination" would like to trace you back they will need first to knock on the door by administrator in China because they can only see that the last IP address (proxy) in chain is from China. Only if log is not deleted in mean times he will look inside and tell you about connection from Iran. So "Final Destination" tracer should ask then admin in Iran etc...

    Only disadvantage is that if one proxy in chain is broken you connection will be lost and that connection can be slow but it depend on speed of proxies in chain. But regarding tracing and pinpoint to you based on your IP address you are very safe. Of course that depend on your chain but one proxy in chain from third world country (China, Iran, Venezuela etc...) will be probably enough to make tracing to you almost impossible.
     
    Last edited: Aug 10, 2009
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yup! chaining proxies is pseudo-anonymity and trivial to defeat. However, defeating it with some automated tool that operates by exploiting differences in browsers/OSes is a little different and difficult as it doesn't work on all OSes and browser combinations :)

    If you're just wanting proof that chaining proxies is a bad idea, we could just video an audit where we bust through them with custom crafted attacks. How does that sound, Genady? PM me and I'll work out details to satisfy even you (no time to follow the threads, sorry).
     
  13. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    I'm sorry Steve but your comment about chaining proxies is absurd.
    I do not understand what you would like to proof. To defeat someone (in which way? To retrieve his real IP address, to find all proxy servers in chain or..? ) who use 3-4 or more servers (proxy or socks servers no matter) in chain where servers are located in different countries?
    Ridiculous.

    You can try to defeat myself. Set your tool, give me url and i will use proxies/socks in chain and you need only to tell me country of each proxies used in chain. Nothing more.
    I would be also kind to tell you number of servers used in chain.;)
     
    Last edited: Aug 10, 2009
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I just tried this little Java unmasker after chaining two of those online proxies. I used one in New Delhi and then connected to hidemyass from there. Then I plugged the link in http://www.frostjedi.com/terra/scripts/ip_unmasker.php and it revealed my Xerobank IP.

    So even I was able to show that chained proxies can be defeated. And I'm the retard of the group.
     
  15. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    With JAVA applet anything can be defeated. The first thing when you use and surf behind proxy servers is to disable JAVA in your browser.
    It is basic.

    Then when i said something about chaining i did not thought about using web proxies for chaining but about socks servers or proxy servers (only proxy that support connect method here will works) chained through special servers chaining applications like Sockschain or Proxyrama.

    For example:

    You -> Proxy USA -> Proxy Iran -> Proxy China -> Final Destination

    Final Destinations looks to logs and start to trace back --> Proxy China --> Proxy Iran --> Proxy USA --> You

    The whole point is in difficulties to trace back users behind chains. It is close to impossible.
     
    Last edited: Aug 10, 2009
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    MakePB,

    You're thinking is outdated by about 5 years. Java only defeats weak implementations and weak anonymity. Java can't defeat most VPNs, Java can't defeat a XeroBank CryptoRouter / Janus Privacy Adapter, Java can't defeat xB Machine / JanusVM. If you're using a weak implementation, like web proxies, cgi, http proxy, etc. you need to walk away because those can be defeated easily, and requires you to reduce your web experience and turn off rich medias, and will still always be vulnerable to 0-day attacks against the application layer, like one we haven't yet released that bypasses noscript and you having java/js/flash etc turned off.
     
  17. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    You have probably right Steve that i'm a bit old-fashioned but i still can not agree with you.
    From point of tracing someone who have used a couple servers in chain and calling that "weak" or "defeated easily" is absurd.
    And actually quote from Xerobank (i have still did not try XB) give me idea that is easier to trace someone who have used Xerobank than someone who have used a couple servers in chain.


    Quote from xerobank:
    https://xerobank.com/company/leo/

    It is probably another discussion about terms We do not create logs and unless you do this or that which preclude each other.
    If there is not spying or logging of user activities you can not know who violate terms or appear malicious.
    If there is well some kind of monitoring then you will probably know who do not follow terms of service.
    Still do not understand how it works because terms We do not create logs and unless you do this or that cannot coexist?


    But back to the problem about chaining.

    My point was that you will never have any idea who is someone who have used 3-4 proxies in chain. I do not talk here about uneducated people who try to run before learn to walk but about tracking someone from logs.

    By simple increasing your privacy and anonymity in your browser session through proxy chain using proxies from third world country you will give other side little to not any chance to trace you and ever know who are you.

    btw

    I will be glad to see attack that bypass Java and Javascript and show you your truly IP address. I'm 100% sure that it is impossible but waiting on you to show me that i have wrong. Let me know when it is ready.
     
    Last edited: Aug 11, 2009
  18. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Absurd for whom? Absurd for an individual? A website? An ISP? A telecom? A domestic intel organization? A global intel organization?

    All of them can execute exploits and attacks to defeat proxy chains.

    There is more than meets the eye here. But let's just put it like this, after half a decade and hundreds of investigations, we have not ever, not once turned over any user data or identities.

    It is complicated, but fully explained in the XeroBank Abuse Report Process Flow.

    No logs needed. We can cause your system to bypass your proxies and leak directly to the target, exposing your true IP address.

    This is a fallacy, a self-deception that you become more anonymous by chaining proxies. A chain is only as strong as it's weakest link, and breaking web proxy chains is very very easy.

    100% sure huh? Don't be so quick: This was already proven back in 2007 with the Tor Control Port exploit. It defeated every version of tor ever, remotely taking control of all tor clients, bypassing all nodes in a triple proxy chain if ordered to do so. And that was against a complicated system, and used no special languages. Web proxies are even weaker and easier than you can imagine.
     
  19. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    Steve i have already told you. Test me. Set your test, website or whatever and i'm wonder to see your exploits and attacks that can defeat proxy chains.

    It is good that you have never done. If there ever will be first time then it will be probably ruin all business. And can i conclude here that XB still make in some point logs of user activity behind your technology? Just in case if...?

    Explain me logical how:
    We do not create logs and unless you do this or that can coexist? Becaue Note that XeroBank does not create logs of user activities unless they violate the XeroBank terms of service or appear malicious does not make any logical sense. Your diagram does not explain anything. So do you log or not? Simple yer or not? It is not complicated answer.
    If not what is then with statement NO, unless you do this or that?

    Again same story. Set your system and test me. I understand commercial side from product but blame everything what is not on Xerobank technology based make also not any sense.

    Again empty statement. From point of tracing back someone behind wisely used chain is more safer than with i.e. Xerobank.
    And nobody think here on web proxies based on PHP or Perl technlogy.

    With Xerobank you are anonymous and safe but for example authority can always force you to give them everything what you have (i have already make conclusion that XB logs in some way)
    With proxies in chain where you have for example one proxy in N.Korea and other one in Iran it is almost impossible to trace you ever back. And they logs too. Only force to someone to give you logs from Iran or N.Korea is others than force to give you logs behind XB.

    I'm still 100% sure. Wisely used proxies in chain will make other side more difficulty to trace you back than if you are behind Xerobank.

    Let's take example where you have done something very sensible by some very big company in USA.
    Administrators from company found that something is wrong. They gonna to investigate and found footprint in their logs.
    Target is founded in China and everything logs point as he is from China . We need to trace it back.

    What they do not know is that target has used 3 server in chain:

    Target --> Proxy Iran --> Proxy Bangladesh --> Proxy China --> Final Destination.

    The chance that "Final destination" will ever find who are you is a less than 0,001% chance.
     
    Last edited: Aug 12, 2009
  20. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    We do not log activity of any legitimate user. If you are materially violating our terms of service, you are not a legitimate user. How do we know? First off, we blindly allow all traffic through. If we get a legitimate complaint from our upstream providers, we will turn on type of SNORT which will look to see for matching traffic of the attack (ex: email with 2000 "To" addresses). If we see attacks originating from our network, we analyze the attacks to see what account they are coming from. The account in question is still anonymous to us due to our VAULTS account separation (ex: acct# 39822091282983 is not attached to any identity nor incoming IP address), and we can simply shut off the account doing the bad stuff. If we discover we were wrong about the traffic, it never gets back to the account number, which was already anonymous, and log of questionable traffic is wiped. If a human had to review the temporary log that was created over the questionable legitimate traffic, a flag is added to the account to notify the user that a machine sent a notice to and auditor about potentially evil traffic, the traffic was found not to be evil, and wiped, and not correlated to any identity of the account holder. We don't keep traffic logs of any type unless they look like attacks, which then require human analysis, and if found not to be attacks, are wiped.

    In reality we never have to do this, it is easier just to ignore the complaints from upstream providers as we have no interest or time to log or look through logs, nor a revolving responsibility to keep logs, so we just don't log at all. How can we be so non-chalant? We are not under the governance of a surveillance society.

    It's not "anything but xb", it's "nearly everything except a few, including xb", the others being Janus, KryptoHippie, and some of the JAP designs. For the most part the rest is rubbish network or rubbish implementation or rubbish corporate integrity.

    Again, archaic thinking. There is no need to "trace" someone back. All you do is attack the root implementation as it is usually the weakest link. It doesn't matter if you are using a 1-hop proxy or a 1000-hop proxy: If your implementation is weak (using a browser as your implementation method) then it is easy to beat by causing your implementation (browser) to leak your real IP address. That is what beta deanonymizer does. It doesn't care what technology or network you are using, it tries to make your system leak.

    Who's authority? We are not within the jurisdiction of the US, UK, or EU, our corporate structure is very very sound, and we have gone to great lengths to ensure a proper separation of powers to maintain integrity for our clients.

    Haha, no. Logs are serious trouble and must not be created if it can at all be avoided. Cardinal sin. Too much liability for everyone, and it undermines the purpose of all the trouble we go through to make our traffic anonymous. Making a conclusion based on a lack of evidence in your conclusion's favor vs a strong amount of evidence against your conclusion seems illogical to me. What you don't understand is that we have a very strong interest in providing true anonymity. Again, more than meets the eye.

    It's so much easier than that. An ISP outside of North Korea and Iran can use MPLS Routing tricks to steal the netflows, introduce bubbles to watch your data hiccup, or perform live traffic analysis, without ever entering into the korea/iran areas. Remotely, without you ever knowing about it. Your adversaries from which you use proxies are much more advanced than you realize, and the technology is out there to make global surveillance very low-cost and trivial to implement. We wrote a paper on the actual costs involved, and presented it at BlackHat this year, if you would like to read it.

    You are 100% wrong. proxies just forward traffic. They are not anonymous, that is a lie that is widely spread and nearly universally believed. They do not do crowding optimization, lag obfuscation, traffic padding, multiplexing, cascade mixing, etc. Those technologies help make you anonymous. Watching traffic pass through a simple proxy is like watching a leaf flowing in a stream. Trying to follow properly multiplexed and crowded traffic is an absolute pain, and can be done with as little as 2 nodes. Try reading the Top 10 Anonymity Myths, it will propel you forward from darkness.


    Ahh, the old "bounce traffic around the world" scheme. Very "Goldeneye" james bond era, and about as realistic to boot. If you are just doing something rude to a target machine, it isn't worth "tracing" unless they think you are coming back, in which case they will set a trap like the ones i am talking about, causing your computer to ignore your proxy settings and expose you directly.

    Let me explain that a little better. You are using a browser and you have java and javascript and plugins turned off. You are using a proxy chain like the above you mentioned. You hit the website, your browser, which you think is protected, gets an embedded URI that looks like nntp://targetserver/%USERNAME%/%LOCALHOST%/%TIME%/. Guess what just happened? Your browser called out to Outlook Express (which isn't set using your proxy chain) and asked it to subscribe to the target host, and by the way, it tried to subscribe to /MakePB/192.168.1.1/9:25PM/, exposing not only your real IP address to the target, but gave them your system username, your localhost IP address inside your home network to identify your specific machine, and your personal time in your timezone. Bam, proxy chain defeated by your own system.

    Bizzare? impossible? Similar to the above example are up and running right now on the beta deanonymizer, and those aren't crafted to an attacker, they are just generic so they only catch a handful out of a hundred configuration types. Doesn't work on your browser? Rest assured we can craft one that does if we had an attacker in mind. So can they, especially if they are smart.
     
  21. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    Thanks. I think that i do not need to comment anything more here.
    We don't keep traffic logs is just marketing tricks to attract more people. Because We don't keep logs and unless can not coexist!

    There is well needed to "trace" someone back and almost always in situation of activity. You think all time only about attacks and in your opinion it looks that all site's in world are special set to trap someone. Give me a break.

    I guess that from all site;s in world only 0,1% are site's where you talk about it.
    Furthermore deanonymizer site is great idea but it does not works at all.
    So if experts can not set their site that works property what we can except somewhere else.

    You are not within the jurisdiction of the US, UK, or EU? So is yours company registered in US or someone else?

    Logs are serious trouble and i agree but then is hypocritical to say We don't keep logs and unless...?

    Yes. Whole world is set up to trace their people except technology behind XB. I know it. Thank you for explaining a little bit more about it.

    I know SteveTX. Nothing in the whole world is anonymous except XB technlogy and a couple more site's that use XB technology but are in fact set by the people behind XB. Even anonymous proxy server is not anonymous and non anonymous proxy is not proxy at all.
    Maybe we think different about proxy server but generally definition is that a proxy server retrieves Web pages for you, providing only its own identity to the sites it visits. Does anonymous proxy server hide your IP address? Yes it do! So anonymous proxy is still anonymous no matter what you tried to prove here.


    If people are enough educated there is not any trap that can catch you. First learn to walk and then try to run.

    You need always to prove your theory in real world because deanonymizer is on this moment not able to trace visitor behind simple anonymous proxy which i forget does not exist in your opinion but is still enough to escape traps from deanonymizer site.

    ps

    About special DeAnonymizer site set from experts check:
    https://www.wilderssecurity.com/showthread.php?p=1523138#post1523138

    Even non anonymous proxy without firewall and with Java, Javascript etc.. is able to pass tests.
     
    Last edited: Aug 12, 2009
Loading...
Thread Status:
Not open for further replies.