Dev probes bad proxies, writes white hat checker, black hat DIY guide

We munch your cookies and inject ads but look HERE'S YOUR NETFLIX!


Developer Christian Haschek is building an online tool to allow users to check whethre their free proxy is potentially harvesting their details, or is one of the few to be relatively secure.

The ProxyChecker service allows users to enter the IP address and port of their favourite free proxy service, to see if it is messing with traffic, or is genuine about trying to be secure.

In tests of 199 free proxy services, Haschek found 33 are modifying HTML and probably stealing cookies, 17 tinkering with JavaScript, and 157 sent user traffic in vulnerable cleartext.

"Free proxy servers on the web tend to be offline, no surprise there but I didn't expect so many proxies to ban HTTPS traffic," Haschek says.

"It could be because they want you to use HTTP so they can analyse your traffic and steal your logins.

"Only 17 of 199 of the proxies modified JS and most of them were to inject ads to the client."

Haschek says he found examples of overt and subtle adware injection the latter pointing to local malicious JavaScript to avoid cross-domain detection.

Those found to have not attempted to modify user content are not safe. He says free proxy services should be avoided and only considered if it uses HTTPS and the user sticks to HTTPS-enforced websites.

Those in favour of hosing freeloaders can follow Haschek's guide to setting up a simple JavaScript infecting proxy using Linux and open source tools.

"Free" is a word that raises universal skepticism across the security and privacy realms, since it often entails a trade-off for personal information.

Proxy services made popular due to region-locked entities like Netflix have the opportunity to sniff unencrypted user traffic, or as in the case of the Hola service turn their users into cogs for a corporate botnet. ®


Tech Resources

Apps are Essential, so your WAF must be effective

You can’t run a business today without applications—and because apps are critical to strategic business imperatives and commerce, they have become the prime target for attackers.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Anatomy of a Private Cloud

Learn the key elements that combined, build a true Private Cloud

Biting the hand that feeds IT © 1998–2021