| View previous topic :: View next topic |
| Author |
Message |
Korr.ban
Tux's lil' helper
Joined: 05 Jul 2004
Posts: 98
Location: Ex Inferis
|
 Posted: Thu Jul 22, 2004 1:57 am Post subject: [SOLVED] Transparent Proxy... not stealth though...how |
 |
|
My config is:
Intel P1-mmx 233mhz
hda = Linux
hdb = PUB
eth0 = Outside world
eth1 = LAN
My server is running:
dnsmasq - DHCP server and DNS cache server
iptables - incluedes a proper redirect to proxy
samba - file sharing accessible from LAN only
squid - Config below
sshd - accessible from LAN only
SQUID CONFIG
| Code: | #### SQUID.CONF ####
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host on
visible_hostname HOMER.SIMPSONS.SPRINGFIELD
### END ###
|
IPTABLES PROXY CODE:
| Code: | iptables -t nat -A PREROUTING -i $INT_INTERFACE -p tcp --dport 80 -j REDIRECT --to-port 3128
|
When I go to test my proxy to http://stealthtests.lockdowncorp.com/cgi-bin/proxy
I get the following output:
| Quote: | REMOTE_ADDR: *MY REAL IP ADDRESS*
If this field shows your REAL IP address, you are either not stealthed or connected to an anonymous proxy. For total stealth sign up with a proxy service. If you are using a proxy, check your proxy configuration and run the test again.
REMOTE_HOST: *MY ISP PROVIDED HOSTNAME*
If this field shows your REAL host name, you are either not stealthed or connected to an anonymous proxy. For total stealth sign up with a proxy service. If you are using a proxy, check your proxy configuration and run the test again.
HTTP_VIA: 1.0 SOL.HIGARA:3128 (squid/2.5.STABLE5-CVS)
If you are using a proxy and this line shows what proxy software is being used, including it's version number, you may want to ask your proxy service if they can stealth this information. What type of proxy software and the version number you are using, is no one`s business but your own. Example: In the test on my proxy server the proxy domain and port are displayed, but where the proxy software and version information should be it simply shows (STEALTHED).
HTTP_X_FORWARDED_FOR: 192.168.0.10
If this shows your REAL IP address or domain name, you are not using an ANONYMOUS proxy server. In the test, on my proxy server "unknown" is displayed in this field which is REALLY good!
HTTP_FORWARDED:
If this field has any of your real information, you are either not stealthed, or your proxy is not anonymous! Some proxies give you the IP address of the end-user, which would show up either in this field or the one above.
HTTP_FROM:
If this field has any of your real information you are either not stealthed, or your proxy is not anonymous!
|
This doesnt look like its very stealth. Can anyone suggest anything... Mabe you know what im missing.
Note: Internet explorer is set to use proxy=192.168.0.1 Port=3128
Does anyone get a TRUE STEALTH result when they do a test on http://stealthtests.lockdowncorp.com/cgi-bin/proxy ?
Also, it looks like my real hostname shows up. How do I make HOMER.SIMPSONS.SPRINGFIELD showup as my hostname?
Thanks.
_________________
Registered Linux User #375052
DevShell - Viva La Revolusion!
Last edited by Korr.ban on Thu Jul 22, 2004 6:22 pm; edited 2 times in total |
|
| Back to top |
|
 |
Jeremy_Z
l33t
Joined: 05 Apr 2004
Posts: 671
Location: Shanghai
|
| Posted: Thu Jul 22, 2004 1:24 pm Post subject: |
|
|
I am using almost the same config as you, and got the same result.
Just explore the squid.conf and you will see some options that can be used, for example :
| Code: |
# TAG: forwarded_for on|off
# If set, Squid will include your system's IP address or name
# in the HTTP requests it forwards. By default it looks like
# this:
#
# X-Forwarded-For: 192.1.2.3
#
# If you disable this, it will appear as
#
# X-Forwarded-For: unknown
#
#Default:
# forwarded_for on
forwarded_for off
|
will solve :
HTTP_X_FORWARDED_FOR: 192.168.0.10
If this shows your REAL IP address or domain name, you are not using an ANONYMOUS proxy server. In the test, on my proxy server "unknown" is displayed in this field which is REALLY good!
Or use :
| Code: |
Or, to reproduce the old 'http_anonymizer paranoid' feature
you should use:
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all
|
And only REMOTE_ADDR and REMOTE_HOST will remain.
(currently i am looking for the way to hide them)
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals |
|
| Back to top |
|
|
Korr.ban
Tux's lil' helper
Joined: 05 Jul 2004
Posts: 98
Location: Ex Inferis
|
| Posted: Thu Jul 22, 2004 5:45 pm Post subject: |
|
|
Thanks for that great info. Keep working on making it completely hidden. I am also working on that except that I am looking into DNS info. If you come up with anything make sure to PM me... I will do the same for you if I find anything.
Thanks.
_________________
Registered Linux User #375052
DevShell - Viva La Revolusion! |
|
| Back to top |
|
|
Jeremy_Z
l33t
Joined: 05 Apr 2004
Posts: 671
Location: Shanghai
|
| Posted: Thu Jul 22, 2004 5:59 pm Post subject: |
|
|
You'd better post it here, could be useful for anyone.
Also the header_access i gave will disable cookies, you will have to add
| Code: |
header_access Cookie allow all
header_access Set-Cookie allow all
|
I don't think you can hide REMOTE_ADDR or REMOTE_HOST, at least you will have the addr and hostname of your proxy, not those of your browsing machine.
Also, you don't need to set-up any proxy settings since you have the iptables rule.
You can take a look at this page : https://www.grc.com/x/ne.dll?bh0bkyd2 for security tests (and a link that print http header).
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals |
|
| Back to top |
|
|
Korr.ban
Tux's lil' helper
Joined: 05 Jul 2004
Posts: 98
Location: Ex Inferis
|
| Posted: Thu Jul 22, 2004 6:09 pm Post subject: |
|
|
| Jeremy_Z wrote: | You'd better post it here, could be useful for anyone.
|
I will do that and PM you too so you know there is some new info.
You may be able to change hostname to something like YOU.THERE.ME.HERE
I have seen people using such hostnames. I think it is with DNS. I am reading the howto today so I should have some answors by the end of the day.
Here is the answor:
https://forums.gentoo.org/viewtopic.php?p=1369147#1369147
_________________
Registered Linux User #375052
DevShell - Viva La Revolusion! |
|
| Back to top |
|
|
Jeremy_Z
l33t
Joined: 05 Apr 2004
Posts: 671
Location: Shanghai
|
| Posted: Thu Jul 22, 2004 6:52 pm Post subject: |
|
|
It is reverse DNS indeed, and i think it is provided by your ISP, so don't think you can change it.
But again it the reverse DNS of your proxy IP, thus you can use an external proxy (those anonymizer proxy available on the net) to hide your real IP/hostname.
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals |
|
| Back to top |
|
|
Korr.ban
Tux's lil' helper
Joined: 05 Jul 2004
Posts: 98
Location: Ex Inferis
|
| Posted: Thu Jul 22, 2004 6:55 pm Post subject: |
|
|
| Jeremy_Z wrote: |
But again it the reverse DNS of your proxy IP, thus you can use an external proxy (those anonymizer proxy available on the net) to hide your real IP/hostname. |
Im not that crazy about security to pay $24 / month for those. Unless you find a REALLY good free one. Post it here if you do. I will check some of them out too.
_________________
Registered Linux User #375052
DevShell - Viva La Revolusion! |
|
| Back to top |
|
|
RedDawn
Guru
Joined: 22 Sep 2003
Posts: 368
Location: Los Angeles, California
|
| Posted: Thu Jul 22, 2004 6:57 pm Post subject: |
|
|
| Korr.ban wrote: | | Jeremy_Z wrote: |
But again it the reverse DNS of your proxy IP, thus you can use an external proxy (those anonymizer proxy available on the net) to hide your real IP/hostname. |
Im not that crazy about security to pay $24 / month for those. Unless you find a REALLY good free one. Post it here if you do. I will check some of them out too. |
Yes the isp take care of Reverse DNS you cant change that unless you in to pay some mula... $100 and up! to be exact! |
|
| Back to top |
|
|
Jeremy_Z
l33t
Joined: 05 Apr 2004
Posts: 671
Location: Shanghai
|
| Posted: Thu Jul 22, 2004 6:59 pm Post subject: |
|
|
I don't know any and i am not interested in using such a proxy anyway. But then hiding your IP is impossible : it is part of the tcp, and the server would not be able to answer you if it was not provided.
Changing your hostname is also impossible unless your ISP permits you to do so.
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals |
|
| Back to top |
|
|
sammy2ooo
Apprentice
Joined: 26 May 2004
Posts: 225
|
| Posted: Tue Jun 14, 2005 2:00 pm Post subject: |
|
|
great thread 
one more question, is it possible to disable the via tag? couldnt find anything within the docu
| Quote: |
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Connection: keep-alive
Host: www.exchange-antivirus.de
Cookie: ASPSESSIONIDASDDQDBR=IJOLEHBDJLLNELBIAIOIPJCK; PHPSESSID=xyz
Via: 1.1 you.wouldliketo.know:3128 (squid/2.5.STABLE10-RC3)
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
X-Forwarded-For: unknown
Cache-Control: max-age=259200 |
thx
_________________
- Linux is sexy -
guru@linux:~> who | egrep -i 'blonde|black|brown' | talk && cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep; |
|
| Back to top |
|
|
sammy2ooo
Apprentice
Joined: 26 May 2004
Posts: 225
|
| Posted: Tue Jun 14, 2005 2:04 pm Post subject: |
|
|
hm the following did it, but which one exactly??!?!
| Quote: |
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all
|
_________________
- Linux is sexy -
guru@linux:~> who | egrep -i 'blonde|black|brown' | talk && cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep; |
|
| Back to top |
|
|
|
Networking & Security
