|
|
|
|
|
|
  |
  |
|
04 Jul 2005 |
How To Leech And Test HTTP Proxies Using AD (Wickerman)! |
|
|
Submitted by Wickerman
I tried to make this as easy to understand as I could. I apologize if I failed.
First Question: Do you have a copy of AccessDiver? You can go to proxy dump forums and manually leech proxies or you could do it by leeching them with a proxy leech list using a program like AD. Deny.de and some other sites have leech lists available. Once you've copied a leech list or two ( Save them to a txt. file ) go to accessdiver.com and download AD. Now you are ready to put AD through its paces.
First thing you need to do after you start AD up is click on the "My Skills" tab in the upper left corner of the screen. Then click on "Expert". This will open up more options for you. Then underneath the green url bar click Proxy. And then under that click WEB Proxy Leecher. OK, you remember where you saved your proxy leech list.txt, right? To the left of the blue box in the WEB Proxy Leecher section of AD will be several icons. Click on the folder icon. This will prompt you to load up your Proxy leech list.txt. Just go to the place that you put it in and load it up. After you load it the blue box will fill up with the proxy links contained within. Underneath that blue box is an icon which says "Start leeching". Click that. Now be prepared to wait quite awhile. It could be several hours or more depending on the size of the leech list you submitted. After it has finished click on "Add these proxies in..." to the right of the blue box ( Underneath the black menu displaying your proxies found. ). After you click that a drop down menu will appear presenting you with two options. Click the one which says, "Add these proxies into the proxy ANAYLIZER". You will then be automatically redirected to the Proxy Analyzer.
All of the proxies found will be displayed in a white menu. Note that AD occasionally runs into problems with large lists. There is a possibility that some of the leeched proxies will not be there. If this possibility is not acceptable to you than you will have to use a different program. Click on the paintbrush icon under this menu. Then click "Remove duplicated proxies" in the popup window. Click yes to any "Are you sure" pop-ups if they appear. Now scroll to the top of your list and click on the proxy on top to highlight it in blue. Then hold down shift on your keyboard and scroll down to the last proxy in the menu and click it. All of the proxies should now be highlighted in blue. Once you've done that click on the "Speed/Accuracy Tester" icon to the upper left of that menu. Be prepared to wait awhile. AD is testing the speed and accuracy of your proxies. Once it has finished click the paintbrush icon under the proxy analyzer window. This will present you with several cleaning options. Click on the one which says, "Delete bad results and timed-out" ( If you'd like you can test the timed-out proxies again before deleting them. But I wouldn't recommend doing this more than once. ). Now scroll through the list and highlight and then delete ( With the black X icon on the bottom-left of the screen. ) any proxies with a black X to the left of them ( Perhaps a quicker way is to click "delay" above and to the right of the proxy window. This will sort your proxies by their delay speed. The ones with the black X will be on top. Select and delete them. ). Now you are ready to test the anonymity of the remaining proxies.
Before this you may wish to filter out slow proxies. Most will advise that you filter out anything over 3500 milliseconds. But it is my personal opinion that the speed of your ISP should have some bearing on your decision making. If you have a fast connection ( Cable, DSL, etc. ) you have the luxury of being picky. Proxies will not timeout on you as often as they do to dial-up users. If you've got one of these fast connections I advise that you delete all of the proxies in the list over 3500 milliseconds ( The default setting for AD ). You do this by clicking the "Delete Proxies with a delay above" icon under and to the right of the proxy window. It should already be set to 3500. If it is not simply type that number into the field before clicking. My advice to dial-up users is to keep all proxies with a delay under 5000 milliseconds ( Possibly even 7500 if your list is so small that you won't have much of anything left if you choose to be picky. ). If you have a robust list than by all means delete everything over 3500 milliseconds instead. This part is really a judgment call. Just type in any number you feel comfortable with and then click the aforementioned icon to get rid of all proxies with a delay higher than that.
OK, now we will security test the remaining proxies. Click the "Confidentially tester" button above and to the right of the proxy window. There will be a delay as it tests the functionality of your proxyjudges first ( It is probably better to use one good proxyjudge as opposed to an entire list. Using several simultaneously could make your results inconsistent. ). Once again, be patient as it does its work. Testing proxies is a long process. Once it has finished click the paintbrush icon again and then "Delete everything non-operational and not anonymous" in the popup window ( Once again, feel free to retest the bad results if you like. Perhaps you can try a different proxyjudge this time around. ). Then click the paintbrush again. Now click "Extract Proxy gateway base server(s)" in the popup window. Click the paintbrush icon again. Now click "Remove Proxy Gateways" in the popup window. If any gateway base servers were extracted there will be some new proxies in the list underneath the ones you just tested. Click the paintbrush and then "Remove duplicated proxies" in the popup window in case any of these might be the same as the ones you already tested. These new proxies now need to be tested. Just repeat all the steps: Highlight them in blue, speed test them, do some cleaning, confidentiality test them, do some cleaning. I wouldn't bother clicking "Extract Proxy gateway base server(s)" this time around. If the true host hasn't been revealed yet than repeated attempts to find it will probably lead to an eventual #403 or #404 reply anyway.
OK, you are almost finished. There is just a few more things to do. Now you need to decide what level of anonymity is acceptable to you. It is believed by some that level 3 and better ( The lower the rating the better according to some users. There is some controversy about this subject. It is widely accepted as of late that levels mean nothing, and that the only thing which is important is whether or not the proxy is spilling your IP. But since AD has a meter for levels I feel that it is important to discuss them here. ) is what you want to keep. The way you remove proxies with level ratings which for whatever reason are unacceptable to you is by first clicking ( If it isn't already highlighted. ) the "proxyjudge" menu in the bottom right corner of the screen ( It will be labeled vertically. ). Once you are in that menu to the extreme bottom right there will be a little meter with the numbers 1-5 written vertically. Check off in the little white boxes to the left of these numbers the levels you want to get rid of. Then click the "DEL" button above the numbers. Click yes on the popup "Are you sure?" menu which appears. Then OK to another popup ( It will only appear if you elected to remove level 4 or 5 proxies. ) containing advice from Accessdiver's author ( Advice I agree with since the proxyjudge has already told you that the proxy is not spilling your IP. ). If you will be using these proxies in your browser to achieve web anonymity make certain that you also disable ActiveX and Scripts because these things can spill your IP even if the proxy does not.
OK, now scroll slowly through your list of tested proxies looking for any where a small ? can be found next to their anonymity rating. The ? means that the proxy may be spilling your IP but AD isn't entirely sure what the proxyjudge is telling it. I advise that you delete all of the proxies you find with this ? next to them. Just right click on the proxies with the ? and then click "Delete selection" in the popup window ( Or you could click "Anonymous" above and to the right of the proxy window. This will sort your proxies by their anonymity rating. Proxies with the ? will be grouped together following their corresponding rated proxies without the ?, meaning Level 3? proxies will follow genuine Level 3 proxies, etc. Select and delete all proxies with the ?. ). Once you've finished doing this all you need to do is save your list. Highlight the entire list in blue and then click the disk icon above and to the left of the proxy window. Click "Save proxies to a file ( save IP addresses )" in the popup window. Then choose your save location and hit save in the "save as" popup box.
Now close the list from the proxy window. Do this by highlighting them all in blue and then clicking the X to the bottom-left of the proxy window. Click yes on the pop-up window. Now reload the list by using the folder icon above and to the left of the proxy window. Highlight the reloaded list in blue and then click the paintbrush icon. Click "Remove Duplicated Proxies" in the drop-down menu. If no proxies are eliminated this time around than you are finished. If some duplicates are removed than resave your list by overwriting what you saved before.
I hope this helps some of you.
Good Luck! |
|
| |
Category : ProxyBlind Privacy News / Diary
| Posted By : proxyblind | Time : 06:20:49 pm |
|
|
16 Jun 2005 |
Socks Basics |
|
|
Note that FreeCap program is similair to Sockscap (with almost identically outlook and features) and even better because it is free and can socksify some program that Sockscap couldn't as example Opera and have some extra feature.
Check our Non profit (Free) Proxy section to download FreeCap and more info about program and his author.
Information about the socks protocol
1. Introduction
2. Versions
3. SOCKS Support
4. SOCKS Connections
5. Scanning
6. SocksCap Setup
7. Anonymity Checks
8. SOCKS Chaining
--------------------------------------------------------------------------------
1. Introduction:-
SOCKS is the most powerful, flexible proxy standard protocol available. SOCKS is a shortened version of "SOCK-et-S" or "sockets," the term used for the data structures which describe a TCP connection. It was one of those "development names" that stuck. Very clever folks say its really to distingish these from the human variety that are worn on the feet ;-)
SOCKS is a networking proxy mechanism that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring any host pc to reveal their ip address to the remote host, diagramatically shown:
Host PC<------>|
Host PC<------>|Socks Proxy Server <---> Remote Host Web Site
Host PC<------>|
It works by redirecting connection requests from hosts on one side to hosts on the other side via a SOCKS server, which authenticates and authorizes the requests, establishes a proxy connection and passes data back and forth. Its usually described as a circuit level proxy for this reason i.e. it does'nt care about the data its transferring or its protocol.
Its typical use on an individual pc basis is to "sockisfy", which refers to the process of intercepting the networking calls and redirecting them, this enables the host pc behind a SOCKS server to gain full access to the Internet whilst preserving its anonymity, since the remote host will only see the ip address of the socks server in all connection requests. The SOCKS default port No. is 1080.
--------------------------------------------------------------------------------
2. Versions:-
There are two major versions of SOCKS, Socks4 and Socks5. The main differences between Socks5 and Socks4 are:
Socks4 doesn't support authentication while Socks5 has a built-in mechanism to support a variety of authentication methods.
Socks4 doesn't support UDP proxy while Socks5 does.
Socks4 servers will not support the Socks5 protocol. Socks5 implementation from NEC does support the Socks4 protocol. The server supports both V5 and V4 clients and can communicate with other V5 and V4 servers.
Socks4 and Socks4.2 and earlier clients are required to be able to resolve IP address's of remote hosts. Socks5 now includes PROXY NAME support to move the name resolution process from the Socks clients to the Socks5 Server, or remote dns-request. Resolving is the process whereby addresses such as http://www.my_isp.com become 210.123.456.789.
--------------------------------------------------------------------------------
3. Support for SOCKS:-
SOCKS is almost as widely supported as HTTP proxies. All major Windows NT–based proxy servers, including Microsoft Proxy Server, Netscape Proxy Server, and WinGate, support SOCKS. SOCKS is also supported by proxy servers for alternative operating systems, including all variations of UNIX.
SOCKS clients must be specially coded to work with the proxy protocol. Fortunately, it is common for application developers to allow their application-layer protocols to work with SOCKS. Microsoft Internet Explorer and Netscape Navigator both support SOCKS proxying for HTTP and all other protocols they support. Other applications that may need to pass through a proxy server, such as FTP and RealAudio, support the SOCKS proxy. If you are unsure whether a certain application supports SOCKS, check the documentation for that application.
--------------------------------------------------------------------------------
4. SOCKS Connections:
Example Use:
IRCii / BitchX / etc:
irc: /server (SOCKS) 1080
irc: /server (irc server) (port [666{6-9} usually])
mIRC:
Go to the Setup folder
Click on the "Firewall" tab
Check the box reading "Use SOCKS Firewall"
Go down to "Hostname:" and enter the SOCKS IP / hostname
Click on the "IRC servers" tab, and click on "Connect"
Open Proxy/SOCKS:
Many irc nets and isp's will use a security check whenever you connect to their network here they will look for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checking for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be k-lined (banned from the network). When using a wingate socks connection, occasionally if the wingate uses its own identd daemon then it will return its info to the requesting host, so your connection request might be accepted.
--------------------------------------------------------------------------------
5. Scanning:-
Indirect method:
A simple but effective method for finding socks proxies is to employ a search engine. Enter in the search engine something like: "free proxies", "proxy list", "amonymous http proxy", "public proxy servers list" etc. You should find hundreds of references to proxy web pages.
Direct method:
If these seem sparse then you should look for your own. Using a scanner of your choice you should scan a specific IP range looking for the addresses that accept a connection on port 1080. There are plenty scanners available, choose one you like. Normally there are a couple of SOCKS servers (port 1080) or Wingate users (port 23) within 255 dialup addresses of a big ISP.
Many providers can have a large number of active and reserved addresses, these will exceed 255. Therefore you can try to scan neighboring ranges changing the 2nd last digit from the right hand side in the ip-address. More detailed information on addresses belonging to the net or isp you scan can be can be found with the help of a Whois-server or a program like SmartWhois
--------------------------------------------------------------------------------
6. SocksCap32 Setup:-
Check pictorial tutorial:
http://www.proxyblind.org/proxyblind-forum/viewtopic.php?t=80
Postscript
Can I use SocksCap with Internet Explorer 4.0 in desktop mode or on a system running Windows 98? What about Internet Explorer 5.0?
Although SocksCap will not socksify your entire desktop, it is possible to browse with Internet Explorer 4.0 in desktop mode or on a system running Windows 98 with SocksCap.
Select Internet Options in Internet Explorer's View menu. Under the Advanced tab, check Browse in a new process. Then start Internet Explorer from SocksCap.
For Internet Explorer 5.0, select Internet Options in Internet Explorer's Tools menu. Under the Advanced tab, check Launch browser windows in a separate process. In the Connections tab, click LAN Settings. Clear the Automatically detect settings box.
--------------------------------------------------------------------------------
7. Anonymity Checks:-
Method 1.
Disable the proxy option in your browser and then run your browser through sockscap32. To do this highlight your browser in the "Application Profile" listbox and "Click" the "Run Sockisfied!" button, in SocksCap32 this will launch your browser and is a valid alternative to simple 8080 proxies for browsing the net. Now visit a proxy checking site and if you are anonymous, you should see either the domain name/url or the ip address of the socks server here. If so then the socks has nym status, else try again.
Method 2.
When connected to News server open a MS-DOS window and type: netstat -a . If you can see the name of your News reader followed of the IP/Name or your Socks proxy:1080 instead of the IP/Name of your News server:119 (or nntp) the connection is properly being made through Sockscap.
Method 3.
Use a test post. Find an open/free news server that allows posting and do a post in some neutral group for testing, like alt.test , alt.binaries.test or similar. download your message and display it, then check the Headers/Properties and look if it shows your real IP or that of socks proxy. Its usually the last in the list.
--------------------------------------------------------------------------------
8. SOCKS Chaining:-
This idea here is an attempt to help you re-route all Internet Winsock applications in Windows through a socks chain, so making your connections much more anonymous. The following text and methods can be read and implemented in a linear fashion and instead of wingates you can use Proxy Hunter to search for socks proxies (1080) only. The idea is The more paths you make your posts take across the net, the more difficult it will be to trace it back.
Take this route for example: client ---> socks1 ---> sock2 ---> sock3 ---> socks-n ---> target url.
This should work for ftp, nntp, http, telnet, smnp, and icq style clients. Just about any app can be anonymized via socks, except irc due to ident logging by the irc servers where they ban or k-line (kill online) recognized 1080 proxies. So other methods are needed here. Now it helps to find some computers running wingate. We look for wingates since the default installation of wingate includes a non-logging socks server on port 1080.
Find some wingates
Read the scanning section on this page. To do this, I would suggest you use 'Proxy Hunter'. Be sure to look for wingates (port 23) and not for socks, as we only want wingate socks. You could also use Wingate Scan and run it through SocksCap32. Also using Proxy hunter without a proxy may bring you to the attention of isp's who might think you are a hacker scanning for shares etc!
Check the proxy speed
Speed is important since we will be using multiple socks, and we don't want our programs to time out. With the Klever Dipstick tool, you can find out which are the fastest ones. Just run Dipstick. Rightclick in the small green rectangular and choose Show main window. To import a list of wingates, just click on Advanced, choose Import List and select your file. You can also manually ping a simple host by clicking on Manual Ping. Use those wingates who have the smallest average time.
Check if the wingates are running
A good program to use is Server 2000, choose a timeout (7) and port i.e. (23) import your wingate list and read of the results.
SocksCap32 Setup for Chaining:
Server Details:
SOCKS Server: enter ip address 127.0.0.1
Port: 1080
SOCKS user ID: Just leave this as it is.
Protocol Details:
Socks4: "Resolve all names locally"
Socks5: "Resolve all names remotely" option
Username/Password: Uncheck this box
In the main window, choose New and then browse to create a shortcut for the Internet client you want to give socks support. Repeat this for each internet client app you want anonymized on the net.
Install SocksChain:
In the service menu, click on New.
Add Listener:
Name: enter "Chain"
Accept connection on port: 1080 is standard, but any number (0-65535) will do, The idea is to register the same port as in your SocksCap configuration.
Chain... Auto-creating chain Uncheck this.
Click on New to add your own socks servers or wingates.
Edit Socks:
Name: Uncheck
IP Check and enter the socks server ip address
Protocol Check Socks4 or Socks5
After pressing the "Ok" button - data about the server is added to the end of the list. Using the '<' and '>', you can add and remove socks. Make sure you test all the socks one by one, before adding them all to the list, because if one of them is bad, your chain will not work and you will not be able to locate the bad socks in the chain! If all of them seem to work, you use the '<' key to add them. 3 seems to be an average chain size. I think 10 or 13 is the limit put by TCP/IP).
If you dont want to constantly start SocksChain and to see it when operating, it is possible make the service invisible. For this purpose in the Tools menu->Options turn on the option "Run as service". After that it is not necessary to start the program even after reboot.
Testing Your Anonymity
To check what socks your computer is connecting to, you can use TotoStat. Look for connections to port 1080, the remote IP found there should be the first IP found in your chain in SocksChain. Use the shortcut in SocksCap that points to your browser, and connect to any Proxy Header Checking Site run your eye over your headers you should have the socks ip here.
--------------------------------------------------------------------------------
Socks2HTTP Setup
Socks2HTTP is a program designed to replace SocksCap proxies with SSL-CONNECT proxies, which might be easier to find.
Socks2HTTP does two things:
it makes a socks server on your computer
it makes a connection via HTTP to a remote server which is able to convert socks2http protocol to Socks protocol.
You use it by configuring socks-capable programs to use the local socks server. If you need to run something which is not socks-capable, you can often 'socksify' them with sockscap from NEC. The price for anonymity tends to be a slower connection.
Open Socks2HTTP Configuration and set your SSL proxyort into the "Use a Proxy Server" fields. Remember that you have to use CONNECT method and that, if the proxy fails, your connections will be redirected using the POST method through a gateway owned by the program's authors (at totalrc.net), if you don't want this then erase the URL on the Gateway field to avoid it.
On the SocksCap settings, set localhost:1080 as proxy and Socks5 as desired protocol, that's it.
This program is released "adware" i.e. it installs spyware and it will put a banner window over your desktop until you buy it!
By darkfaq |
|
| |
Category : ProxyBlind Privacy News / Diary
| Posted By : proxyblind | Time : 06:08:39 pm |
|
|
1 2 3 Next |
|