Proxomitron, is it any good?

Discussion in 'privacy technology' started by minacross, Sep 10, 2003.

Thread Status:
Not open for further replies.
  1. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    Using it, does it make me more secured over the internet? o_O o_O

    http://www.proxomitron.info/
     
  2. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Yes to a point. As long as you have the right filter set it should be pretty secure. Some claim the Proxo even masks your IP but you would have to use a HTTP proxy. I have been toying with my proxo every since I downloaded and I got to know how to use it to a point. ;) But Proxo can hide browser referrer and stuff like that. There's a lso web bug filter sets that block web bug. Proxo has a little learning curve though but there is a forum for proxo (2 I think). I find proxo works really good with IE.
     
  3. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    works real good with Opera too.

    if you use it for Opera get a good Ad blocker (since adshield will be no good for u) & an Iframe killer (not really needed if you disable inline frames) but will defeat the malware exploit if you have both frames & inline frames enabled in Opera preferences.

    ck here:

    http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=33


    and here:

    http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=1012
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Proxomitron is as good a web-filter as you will find on the net simply because of the basic fuctions/architecture. Ther is a learning curve involed. However it is not as great of one as others would have you believe. Do do to the form (posted earlier on this thread) and read some of the threads there. In my opinion the best configuration for a "newbie" would be JD5000's "basic" configuration. Also, it is possible to filter out or block your IP address from being trasmitted without using an anonymous proxy. The easies way to do this, once you have proxomitron, would be to merge your current filter with the filter from Jakx. Also, you will want to filter out Java IP retrieval applets. Use this filter to do this:

    [Patterns]
    Name = "Applet change class w/Indicator"
    Active = TRUE
    URL = "($TYPE(htm)&(^$LST(AllowApplet)(^$LST(AllowJS))))"
    Bounds = "$NEST(<applet,</applet>)"
    Limit = 1012
    Match = "*"
    Replace = "<img src="\dhtml/devs.gif" height="25" width="18">"

    If you nedd specific help on how to do this PM me. I'll be happy to help you.

    P.S. I know this is not a proxomitron forum but since the questions were askied I thought I'd help.
     
  5. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    n8,

    If you are referring to Jakx ip spoofer, it does not make your IP annonymous as discussed here:

    http://www.wilderssecurity.com/showthread.php?t=6800

    try your proxo IP mask here:

    https://testzone.secunia.com/browser_checker/

    If you are referring to another filter please fill us in.


    Also good point about Java IP retrieval applet.

    I use something similar which kills any Java Applet which I have not OKd.
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I am refering to Jakx's IP spoofer. However the use of it requires some tweaking. You will need to ïnsert your IP address into the filter; which depending on if you have a synamic or static IP address can be difficult to do. That needs to be done so the filter will know what to block. This is the particular filter I was talking about, which I believe is part of Jaxk's config:

    In = FALSE
    Out = TRUE
    Key = "Cookie: 0 Replace IP Address (out)"
    Match = "\0INSERT.YOUR.IP.HERE\2"
    Replace = "\0$LST(ClientIP)\1\2"

    This used in conjunction with the Java applet grabber I listed previously should block you IP, or more correctly spoof your IP
     
  7. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    N8, hate to say it, but, the more I look at your suggested altered filter the more skeptical I become.

    My reasons are:

    1) when I looked at Jakx IP spoofer initially, I looked at the source JakBENymble and understood how his filter worked. I just revisited the source and nothing new added. One would think that the source would have this addendum if it were viable.

    2) I'm no techy but doubt very seriously that IP address & ID of same is dependent in anyway on a cookie which is the implication of the suggested header filter.

    Additional Questions for N8:

    + Will your altered Jakx filter work with any version of Proxo?

    + Did you invent the alteration to Jakx filter or did you get it somewhere? If you found it please provide source.

    + You never answered this question. Please answer how this Altered Jakx filter does against this:

    https://testzone.secunia.com/browser_checker/

    if you get a chance how does it do here:

    http://www.a861.com/cgi-bin/test-env.pl

    here:

    http://www.lagado.com/proxy-test

    and here:

    http://privacy.net/analyze/


    *********************************************

    Ok I tried it, maybe I'm doing something wrong, or maybe it just doesn't work. It did not work 4me.

    Using a config which included Jakx IP spoofer, I added to web filters:

    [Patterns]
    Name = "Applet change class w/Indicator"
    Active = TRUE
    URL = "($TYPE(htm)&(^$LST(AllowApplet)(^$LST(AllowJS))))"
    Bounds = "$NEST(<applet,</applet>)"
    Limit = 1012
    Match = "*"
    Replace = "<img src="\dhtml/devs.gif" height="25" width="18">"

    looks like in my lists folder I need to add the 2 referenced lists above AllowApplet & AllowJS, I can't find anything else.

    and

    under header filters I added:

    In = FALSE
    Out = TRUE
    Key = "Cookie: 0 Replace IP Address (out)"
    Match = "\0andINSERTed.My.dynamicIP.HERE\2"
    Replace = "\0$LST(ClientIP)\1\2"
     
  8. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I stand on my belief that you need to use a proxy to get the IP spoffers to work with Proxo. I downloaded unzipped the Jakx ip spoof filter and used it without a Proxy ( I don't use a proxy) and it still showed my IP addy and other stuff. I tried it the way N8 stated to do and it still showed my IP addy. I think hiding you IP addy with proxo without a proxy is not possible.
     
  9. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    back to original question.

    I think the answer is yes Proxo can make you more secure as part of a layered defense as notageek pointed out initially (quoted below).


    example go here:

    http://www.wilderssecurity.com/showthread.php?t=11975

    and try exploit #4 without proper defense. read all warnings first :)

    also agree with notageek here:

    agree, till proven otherwise

    n8 I would love to see you prove us wrong here :)

    *****************************

    also remember more secure is not necessarily synonymous with a cloaked or anonymous IP addy

    also take very seriously the concept of man in the middle exploit with regards to using anonymous proxies
     
  10. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    thanx guys :)
     
  11. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    If you can't beat them, confuse them!
     
  12. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I can see I really inginted a discussion. Hopefully after today I will have solved my internet issues (switching from DSL to cable). Then I will be able to answer all your queswtions. Right now I'm at the library so I don't have proxo running. I will answer questions, and in some cases critics :), when I am able to.
     
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Also, you most certainly can use anon proxies if you want to; which can also be used in proxomtron (to eliminated complations of chaining) That most certainly can be done. I was just rying to say there are other ways of doing the same thing.

    If you do chose to use anon proxies check to see if there are truly anonymous, can be done via the log in proxo, or if their anonimity is just a "front"so to speak. Some änonymous"proxies reveal the user. Here is a list of anon proxies: (check before use). Again I will answer more specific questions when I can.
     

    Attached Files:

  14. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Confusion is the essence of the Jakx fake IP spoofer.

    Bottom line, my view is: Jakx IP spoofer filter was not designed to mask or cloak, just confuse. It does exactly what it purports it will do. I still think this is a good add to your arsenal, you just need to understand it will not hide your IP

    Just found this from JackBeNymble and I will enable header filter close connection in & out for my Jakx config since if I recall many proxy testing sites would catch as not a real proxy:

    *************************

    http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=173

    If You use "Spoofers", to make Your "FAKE PROXY" look more "real" to the sites, You need to enable the "Connection: Close all connections (In+Out)" Filter. This will make it look more like You are behind a Remote Proxy to the sites. Here is the Connection Filter just in case it doesn't come with the Original Default.config's.:

    In = TRUE
    Out = TRUE
    Key = "Connection: Close all connections (In+Out)"
    Replace = "close"

    And remember to tick both the "IN" & "OUT" box for the Filter.
     
  15. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Don't take our comments to set the record straight, as we see it, as criticism. It is not intended as such.

    I hope within a weeks time you can prove my comments wrong. If you do, I'll be among the first to give ya props.

    On the other hand if no response, in a reasonable amount of time, I think one can conclude the obvious.

    BTW don't forget to take these Q's on:

    Additional Questions for N8:

    + Will your altered Jakx filter work with any version of Proxo 4.x and above?

    + Did you invent the alteration to Jakx filter or did you get it somewhere? If you found it please provide source.

    + You never answered this question. Please answer how this Altered Jakx filter does against this:

    https://testzone.secunia.com/browser_checker/

    if you get a chance how does it do here:

    http://www.a861.com/cgi-bin/test-env.pl

    here:

    http://www.lagado.com/proxy-test

    and here:

    http://privacy.net/analyze/




    OT - whoa nellie!!!! I just hit PF11 by mistake in Opera (very nice feature full screen toggle, right click mouse to stop & go back, middle mouse to move up & down (and side to side & diag. coming in vs 7.2 (they are on 7.2b11 now and looking like they are getting real close to a final release) :)
     
  16. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I ran across this recently, thought you might be interested:

    http://www.computercops.biz/postt5542.html

    excerpt:

    query kpfuser posted:

    Onlooker responded:

    note from Peakaboo: since I'm not a techy I don't feel I am in a position to validate any of what Onlooker posted, but sure made me sit up and take notice. Made a lot of sense to me. I will be adding some new loopback rules to my firewall as a result.

    Proxomitron is one of the best utilities I have. I can't imagine surfing the net without it.
    :)

    Thanks Scott
     
  17. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I used sygate free firewall and there was a loopback problem with sygate and proxo. Sygate would let programs piggyback on proxo to get out. I dropped sygate. I'm not sure if the pro version is like that. I was scared it was so I just didn't buy the pro version. I think ZA is safe when it comes to the loopback thing. Kerio is also safe from what heard.
     
  18. jer03

    jer03 Registered Member

    Joined:
    Sep 11, 2003
    Posts:
    24
    I use free Kerio firewall.
    How do I do this?
    Quote
    "If you use a rule-based firewall, you can get around this by allowing use of the loopback address only on an application-by-application basis. I have a rule in Kerio firewall following these permission rules which blocks anything else from using the loopback, and it is set to alert me about anything trying to do that."

    Thanks,
    Jerry
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hi Jerry,

    Take a look at the very bottom of the post linked below. It's just a short paragraph on securing a local proxy in Kerio, but, you can ask more questions on details over in that forum section.

    https://www.wilderssecurity.com/showthread.php?t=12679;start=msg81590#msg81590

    I hope that helps,
    LowWaterMark
     
  20. manythanks

    manythanks Guest

    So as I remember the question "is it any good"?.

    Thanks
     
  21. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    It looks like there was answers to the question. I think that a few people answered the question.
     
  22. manythanks

    manythanks Guest

    You dont understand, I dont want people saying yes but you must do this and that, I want people to say a definate yes.

    Thanks
     
  23. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Yes it's good.
     
  24. manythanks

    manythanks Guest

    Thanks You, I'll still use any way.

    Thanks
     
  25. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    OK but I gave you an answer.
     
Loading...
Thread Status:
Not open for further replies.