2
1
Wanted to check something on a local site and see how the outside world sees it. however, using a web proxy im not sure that when i enter my credentials the proxy wont record this and give the proxy owner access to my site.
is there another way to see my own site as though I was on the other side?
bergin
Posted 2010-05-31T12:24:19.273
Reputation: 151
1
The proxy could indeed be set to record any credentials that go through it. I'd reccomend changing the password, using the proxy, and changing it right back.
Phoshi
Posted 2010-05-31T12:24:19.273
Reputation: 22 001
1
It can be done safely, but only if you're using only a TLS-encrypted HTTP to access the site (encrypting not just the credentials themselves, but the entire page they're on) and only if you're using a valid CA-signed certificate. Just before entering your credentials through the web proxy, make sure the certificate your browser is using matches the one you paid for. If there are any discrepancies at all, get the heck out of there.
TLS (formerly called SSL) is encrypted on the client and decrypted on the server using asymmetric public key cryptography. Assuming the web proxy returns a valid certificate signed by a CA (and assuming you haven't given the proxy your certificate's private key), the connection cannot be forged or changed in any way.
Even still, web proxies can be a little shady, so I'd recommend following Phoshi's advice anyways, changing your password afterwards just in case you make a mistake and leak some information.
Matt Leidholm
Posted 2010-05-31T12:24:19.273
Reputation: 253
1Disable Javascript and Flash plugins (ideally all "browser plugins") temporarily for additional leak protection. – LawrenceC – 2011-06-09T20:32:18.070
0
If you don't want to use some proxy server, and can't use some remote desktop on some friend's computer, then all you can do is not go through the internet.
Without any detail about your setup, I assume you're using some domain name?
A browser will ask your computer which IP address goes with the domain name you enter. Your computer will solve that question using DNS. This will then give the browser the public IP address of your internet connection, which often is the IP address of your modem/router. For inbound connections, your modem then forwards it to whatever computer you've told it to. But when using that same domain name from within your own network, a modem/router will often show some configuration web page instead.
To stay within your own network (which is not truly the same as how others access your site) and avoid seeing such configuration page:
Use the local IP address, which might be something like http://192.168.1.1 or http://10.0.0.1 (On Windows, use IPCONFIG to display the local IP address, on a Mac use ifconfig.)
If the web server is on your own computer, use http://localhost or http://127.0.0.1
Fool your computer into mapping the domain name to some local IP address, using the hosts file, no matter what any official DNS server says. Like for example:
192.168.1.1 example.com www.example.com
or add the names to an existing entry for 127.0.0.1, like:
127.0.0.1 localhost loopback example.com www.example.com
Arjan
Posted 2010-05-31T12:24:19.273
Reputation: 29 084
You suggest a friend.. but assuming he has 2 locations, home, and work/school , and he is at the latter, then he could set up VNC at his home computer, then VNC to it his home computer from his work/school location, and browse from there. Or he could set up his own web proxy at his home computer. – barlop – 2010-10-22T02:42:05.150
BTW, Arjan, what's the difference between localhost and loopback? I see from pinging either of them that both translate to 127.0.0.1 , so why include both in the second example of an entry in the hosts file? And secondly, if localhost and loopback already translate to that, then why include them at all? – barlop – 2010-10-22T02:44:19.603
@barlop, what does your current hosts file look like? And what OS are you using? – Arjan – 2010-10-23T00:22:26.903
@Arjan empty(I commented out every line - just for you). win xp – barlop – 2010-10-23T19:47:10.677
@barlop, and does localhost still work now? Guess not. :-) – Arjan – 2010-10-23T21:47:16.070
@Arjan Oh yes it does(as my comment suggested). Anyhow. What is the difference between localhost and loopback? and if both translate to 127.0.0.1 then why include them both? – barlop – 2010-10-23T22:13:16.747
@barlop, it's a bit surprising to me that localhost still works when it's not in your hosts file -- especially as that entry is in that file by default, on Windows too. (Maybe it's a matter of caching? Maybe you used a browser to test? Browsers surely cache DNS results. Removing that entry on my Mac makes a ping localhost fail right away, without even clearing any DNS cache). On some OS's loopback is there too; I don't know what uses that name. All I was trying to say is to add example.com to also refer to the local host. (Added that to the answer now.) – Arjan – 2010-10-24T12:37:38.557
I understand what you're saying.. and it's odd because he wanted to know how it looks to the outside world, and that doesn't show him. But aside from that, Does your mac have loopback and localhost in the hosts file? why both? – barlop – 2010-10-26T18:13:03.660
thanks Phoshi, good suggestion, though perhaps there's some risk here? – bergin – 2010-05-31T12:38:22.253
@bergin: Oh, I wouldn't say there's a great amount of risk, especially not if you change your username/password before and after (Then they only know you exist, if they're logging, which they probably aren't). What makes you think the site will look different to the outside world, though? – Phoshi – 2010-05-31T12:49:36.780