5 <p>Proxies are servers that act as intermediaries between clients and other servers. Requests made to the proxy server are made to the content or service provider by the proxy server on behalf of the client.
</p>
7 <p>Before permitting a request on behalf of a client, a proxy server can apply arbitrary rules to filter or authorize traffic. Validated requests can also be altered, as well as content returned to the client.
</p>
9 <p>Proxies can be used for anonymity, bypassing geographical filters, logging, authorization, filtering and caching.
</p>
11 <p>Reverse proxies work on behalf on content or service providers to cache dynamically generated content and load balance applications. Reverse proxies can also change content served, but generally do not except sometimes compression.
</p>
13 <p>The Tor (The Onion Router) is a layered proxy system intended for anonymity and bypassing harmful filtering. One example of its use is to bypass the Great Firewall of China, a politically purposed firewall administrated by the People's Republic of China, censoring politically sensitive material. The Tor proxy randomly bounces traffic through a network of global volunteer relays. Tor traffic is routed through two nodes before reaching the destination server. The first Tor relay knows the clients IP, but is not privy to the encrypted data. The intermediary servers are unaware of the origin or data. Exit relays know transmitted data, but not the origin.
</p>
15 <p>This presentation requires a preconfigured Squid server.
</p>
17 <p>(ports are arbitrary everywhere, but standardized by the
18 Internet Assigned Numbers Authority (IANA), see /etc/services)
</p>
20 <pre class=
"brush: bash">
21 # Session/Application layer SOCKet Secure (SOCKS)
5 proxy
24 # Establish a TCP stream to dylansserver.com on port
22
25 # Start a SOCKS5 proxy server on port
8080
28 # -f # background command
29 # -N # don't execute a remote command
31 ssh -fND
8080 dylan@dylansserver.com
33 # Make an HTTP GET request using local port
8080
35 curl --socks5 localhost:
8080 whatismyip.org
37 # Use root privileges to watch TCP packets
39 # sudo # execute as root user
40 # iptables # dump traffic on a network
41 # -vvv # very very verbose
42 # -A # print each packet in ASCII
43 # -i lo # only print packets using the local network interface
44 # -s
0 # don't truncate packets
45 # port
8080 # only print packets using port
8080
47 sudo tcpdump -vvvA -ilo -s0 port
8080
49 # Watch HTTP GET requests sent over proxy
51 sudo tcpdump -vvvA -ilo -s0 port
8080 | grep -A
10 GET
53 # Make an HTTP request over proxy
55 curl --socks5 localhost:
8080 whatismyip.org
56 curl --socks5
127.0.0.1:
8080 whatismyip.org
57 curl --socks5-hostname localhost:
8080 whatismyip.org # DNS on proxy
59 # Use proxy with browser
61 v ~/.config/luakit/globals.lua
64 # Network layer tranparent Squid proxy
66 # (connections are whitelisted in /etc/squid/squid.conf,
67 # `acl client
<IP
>
68 # http_access allow client`)
71 # Set kernel ip_forward parameter
72 sudo sysctl net/ipv4/ip_forward=
1
74 # Route traffic through remote proxy on local machine
76 # iptables # administration tool for IPv4 packet filtering and NAT
77 # -t nat # refer to
"nat" packet matching table
78 # -A OUTPUT # add to
"OUTPUT" table
79 # -p tcp # match only TCP packets
80 # --dport
80 # match only packets destined for port
80
81 # -jDNAT # jump to
"DNAT" target
82 # --to
50.16.219.8:
3128 # destination network address
84 sudo iptables -tnat -AOUTPUT -ptcp --dport
80 -jDNAT --to
50.16.219.8:
3128
86 # -jDNAT # jump to
"REDIRECT" target
87 # --to-port
3128 # new destination port
89 sudo iptables -tnat -AOUTPUT -ptcp --dport
80 -jREDIRECT --to-port
3128
91 # Make an HTTP request over proxy
95 # What's an error message look like now?
97 curl 'thisisnotawebsite!@#$%^&*()_'
99 # Use proxy with browser
104 ssh dl -t
"sudo tail -f /var/log/squid/access.log"
disinclined.org / git / disinclined.org.git / blob