IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [proxy]

The word "proxy" is mostly used as short for "proxy server", which is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.

The word "proxy" is mostly used as short for "proxy server", which is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.

681 questions
11
votes
3 answers

Difference between X-Forwarded-For IP, X-Real-IP, VPNs and TOR

I have this Google Chrome Privacy Preserving Extension that I am working on. Where I can spoof the header information e.g user agents and else. When I spoof X-Forwarded-For IP and go to http://whatsmyuseragent.com/ I see a different IP and my…
Curtis Hagen
  • 111
  • 1
  • 1
  • 4
11
votes
2 answers

How is tunnelling SSH through Proxytunnel/HTTPS different from doing it through SSL with Stunnel?

In an answer to What is the difference between SSL, TLS, and HTTPS, it's said that HTTPS is HTTP over SSL/TLS. That is, an SSL/TLS connection is established first, and then normal HTTP data is exchanged over the SSL/TLS connection. So, if I use…
emi
  • 111
  • 1
  • 3
11
votes
1 answer

Does an HTTPS proxy encrypt traffic between proxy client and server for HTTP requests?

To bypass censorship in a DIY fashion, I plan to set up private proxies for my personal use. One of the possible methods I would try is to use an HTTPS proxy (not a web proxy, to be explicit) hosted on an overseas server which is not censored by my…
Yann Ren
  • 111
  • 1
  • 1
  • 5
11
votes
7 answers

Does a chain of proxies (e.g. one connecting to another and another and so on) make tracing the original IP harder/impossible?

I see nobody here has asked this question. What if one, instead of just using a single proxy, connected a proxy-to-proxy in a very long chain and downloaded something (illegal) using secure packets (so no one can see what OS, etc.) through the long…
Nomad Cla
  • 111
  • 1
  • 1
  • 3
11
votes
4 answers

Man-in-the-middle Blue Coat proxy SSL or what?

I have just discovered that my workplace has enabled some new features in the Blue Coat network proxy. It seems like all HTTPS certificates in Chrome on Windows are being issued by this internal server. Under connection I only see: "The identity of…
dylf
  • 123
  • 1
  • 1
  • 5
11
votes
6 answers

Getting credentials using proxy server

Is it possible to get the username and password we enter into sites like facebook using proxy server? The scenario is like this : 1.My laptop is connected to a network. 2.It is configured to use a proxy server to connect to Internet. 3.I enter my…
Maximin
  • 221
  • 3
  • 11
11
votes
1 answer

Is Nokia's "institutional MITM" of SSL traffic vulnerable to CRIME attack?

It's recently been in the news that some Nokia phones proxy all traffic, including SSL connections, through a Nokia proxy. This is effectively an "institutional MITM" attack on users those phones. Nokia is apparently doing this to save their users…
D.W.
  • 98,420
  • 30
  • 267
  • 572
11
votes
4 answers

How effective are reverse proxies as a web application security measure?

How effective are reverse proxies as a web application security device? Which types of threats do they mitigate against and which don't they? For example are they more effective in preventing exploits against the proxied application web servers…
Sim
  • 1,227
  • 1
  • 13
  • 21
11
votes
4 answers

Advanced techniques for detecting a proxy/getting original IP

In what manner can a website detect my original IP address, even though I'm using a proxy server? I've noticed this with a few sites. There are four proxy methods I've used: Firefox with a proxy setting. Python with mechanize.set_proxies. Firefox…
Claudiu
  • 211
  • 1
  • 2
  • 5
11
votes
6 answers

Difference between SSH Tunnel / Proxy and VPN in terms of security

What benefits does a VPN have over just using a regular SSH Tunnel? I'm considering setting up OpenVPN on a server, but was wondering what benefits that would have over just using that same server as an SSH Tunnel which is very easy to setup and…
Jan Vladimir Mostert
  • 261
  • 3
  • 10
11
votes
3 answers

How do I check that I have a direct SSL connection to a website?

I always thought that if I had an SSL connection there would be no MITM attacks. Now it appears that isn't true (see comments in this question Is it okay from a security perspective to read foreign (untrusted) cookies in a trusted network?) I'm…
user5575
11
votes
3 answers

Any good free SSL proxy on windows?

I'm looking for SSL proxy capable of dumping requests. I want to test custom browser against SSL-MITM attacks. I'm able to re-route all traffic ongoing from browser to machine with proxy. Basically proxy should: initiate SSL connection with…
pixel
  • 247
  • 1
  • 2
  • 7
11
votes
3 answers

Is it possible to connect to a proxy with an ssl (or otherwise encrypted) connection?

What i want to know is whether it is possible to connect to a proxy with an ssl (or otherwise encrypted) connection? (I'm suspecting this is possible because TOR encrypts user connections to it's network.) If such a thing exists, what is it called,…
user7848
10
votes
6 answers

Should we configure all devices to never request SSL 2.0, and reject it if offered?

In an effort to reduce man in the middle attacks, when will it be (or was it) an industry accepted practice to reject SSL 2.0 connections on the client and server side? Is configuring this on a proxy sufficent to protect a set of hosts behind it?…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
10
votes
3 answers

Why don't despotic countries simply block all encrypted traffic?

This is a question I often think of when I hear about countries considering blocking just one protocol with encryption, such as tor: How would a resourceful government block tor. Clearly France wouldn't consider a total ban on all encrypted…
Art Yerkes
  • 203
  • 1
  • 4
1 2
3
45 46