A Couple Proxy Switching Hazzards To Be Aware Of

ipopbb

Power Member
Feb 24, 2008
626
855
A Couple Proxy Switching Hazzards To Be Aware Of

This information is from my posts on proxy switching for Macs, but these hazards apply to ALL platforms including Linux and PCs.

Web Browser's auto-filling saved Logins and Passwords


Be sure to disable/reset this everytime. I know it is a pain in the ass to lose all of that but if you don't you will potentially allow the remote website to track your activity from "beyond the grave" of the cookies. For example: imagine the following pseudo-code residing on G o o gl e's login page:

Code:
<script type="pseudocode">
	document.inputElementLoginName.onChange = "sendAjaxRequestToServer(document.inputElementLoginName.value);";
</script>

This code would represent the following threat scenario:

  1. You clear your cache & cookies.
  2. You switch your proxy.
  3. You visit the login page.
  4. Your saved Name and Password autofill triggering the OnChange event for the login name field
  5. Your saved Name is sent to website via ajax and old IPs and cookies are mapped to the new IPs and cookies
  6. You continue activity assuming anonymity which clearly would be a bad mistake
  7. Bad things happen to your accounts

Unfortunately... remembering Names and Password, while very convenient, is potentially a complete surrendering of the privacy created by deleting caches & cookies. Just reset everything to be safe and disable this feature.

Web Proxy Settings and Secure Web Proxy Settings


This is the classic mistake. You configure your Web Proxy Settings and switch them. If you don't proxy SSL connections as well then you will be anonymous up to the point of submitting your login credentials and then your actual gateway will be used for the HTTPS connection to login and continue. Switching a proxy nearly always means changing 2 proxy settings. First for HTTP and second for HTTPS.

If you use out of the box proxy switching software be sure to test your IP and gateway are cloaked for both HTTP and HTTPS connections. Cheap proxy switchers commonly make this mistake.
 
Last edited:
didn't know they could track that. i always thought that a site didn't get that info unless you hit submit or login. thanks and +rep.
 
didn't know they could track that. i always thought that a site didn't get that info unless you hit submit or login. thanks and +rep.

You are correct that something has to happen on the client side for them to get the info. What isn't "top of mind" for most people is that Javascript can easily do that these days without you being aware that it even happened.

Odds are that G o o gl e isn't doing this, or at least isn't doing this very often, but I could imagine a case where something triggers their bot detection and they inject a test to see if it builds a larger picture of activity to work with.

But, I have no evidence they do this. I am just pointing out that it is easily done and potentially removes your anonymity (which in theory is the goal).

Thanks,

Ted
 
Can you recommend some proxy connection software (possibly called proxy firewall?) that can manage the connections for us, instead of changing browser settings each time?

Something that also takes into account HTTPS connections?

I currently use KeePass for tracking all of my logins, so I never use the browser autocomplete.

I need to be able to plug in a list of proxy IP's into the software, tell it to use one IP, and then I go to the site, login, do my thing, logout, switch to another IP, go to the next site, repeat-- ad nauseum....
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock