This article is more than 1 year old

Dev probes bad proxies, writes white hat checker, black hat DIY guide

We munch your cookies and inject ads but look HERE'S YOUR NETFLIX!

Developer Christian Haschek is building an online tool to allow users to check whethre their free proxy is potentially harvesting their details, or is one of the few to be relatively secure.

The ProxyChecker service allows users to enter the IP address and port of their favourite free proxy service, to see if it is messing with traffic, or is genuine about trying to be secure.

In tests of 199 free proxy services, Haschek found 33 are modifying HTML and probably stealing cookies, 17 tinkering with JavaScript, and 157 sent user traffic in vulnerable cleartext.

"Free proxy servers on the web tend to be offline, no surprise there but I didn't expect so many proxies to ban HTTPS traffic," Haschek says.

"It could be because they want you to use HTTP so they can analyse your traffic and steal your logins.

"Only 17 of 199 of the proxies modified JS and most of them were to inject ads to the client."

Haschek says he found examples of overt and subtle adware injection the latter pointing to local malicious JavaScript to avoid cross-domain detection.

Those found to have not attempted to modify user content are not safe. He says free proxy services should be avoided and only considered if it uses HTTPS and the user sticks to HTTPS-enforced websites.

Those in favour of hosing freeloaders can follow Haschek's guide to setting up a simple JavaScript infecting proxy using Linux and open source tools.

"Free" is a word that raises universal skepticism across the security and privacy realms, since it often entails a trade-off for personal information.

Proxy services made popular due to region-locked entities like Netflix have the opportunity to sniff unencrypted user traffic, or as in the case of the Hola service turn their users into cogs for a corporate botnet. ®

More about


Send us news

Other stories you might like