1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A Couple Proxy Switching Hazzards To Be Aware Of

Discussion in 'Black Hat SEO' started by ipopbb, Oct 17, 2011.

  1. ipopbb

    ipopbb Power Member

    Joined:
    Feb 24, 2008
    Messages:
    626
    Likes Received:
    844
    Occupation:
    SEO & Innovative Programming
    Location:
    Seattle
    Home Page:
    A Couple Proxy Switching Hazzards To Be Aware Of

    This information is from my posts on proxy switching for Macs, but these hazards apply to ALL platforms including Linux and PCs.

    Web Browser's auto-filling saved Logins and Passwords


    Be sure to disable/reset this everytime. I know it is a pain in the ass to lose all of that but if you don't you will potentially allow the remote website to track your activity from "beyond the grave" of the cookies. For example: imagine the following pseudo-code residing on G o o gl e's login page:

    Code:
    <script type="pseudocode">
    	document.inputElementLoginName.onChange = "sendAjaxRequestToServer(document.inputElementLoginName.value);";
    </script>
    This code would represent the following threat scenario:

    1. You clear your cache & cookies.
    2. You switch your proxy.
    3. You visit the login page.
    4. Your saved Name and Password autofill triggering the OnChange event for the login name field
    5. Your saved Name is sent to website via ajax and old IPs and cookies are mapped to the new IPs and cookies
    6. You continue activity assuming anonymity which clearly would be a bad mistake
    7. Bad things happen to your accounts

    Unfortunately... remembering Names and Password, while very convenient, is potentially a complete surrendering of the privacy created by deleting caches & cookies. Just reset everything to be safe and disable this feature.

    Web Proxy Settings and Secure Web Proxy Settings


    This is the classic mistake. You configure your Web Proxy Settings and switch them. If you don't proxy SSL connections as well then you will be anonymous up to the point of submitting your login credentials and then your actual gateway will be used for the HTTPS connection to login and continue. Switching a proxy nearly always means changing 2 proxy settings. First for HTTP and second for HTTPS.

    If you use out of the box proxy switching software be sure to test your IP and gateway are cloaked for both HTTP and HTTPS connections. Cheap proxy switchers commonly make this mistake.
     
    • Thanks Thanks x 4
    Last edited: Oct 17, 2011
  2. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,570
    Likes Received:
    1,016
    Location:
    ohio
    didn't know they could track that. i always thought that a site didn't get that info unless you hit submit or login. thanks and +rep.
     
  3. ipopbb

    ipopbb Power Member

    Joined:
    Feb 24, 2008
    Messages:
    626
    Likes Received:
    844
    Occupation:
    SEO & Innovative Programming
    Location:
    Seattle
    Home Page:
    You are correct that something has to happen on the client side for them to get the info. What isn't "top of mind" for most people is that Javascript can easily do that these days without you being aware that it even happened.

    Odds are that G o o gl e isn't doing this, or at least isn't doing this very often, but I could imagine a case where something triggers their bot detection and they inject a test to see if it builds a larger picture of activity to work with.

    But, I have no evidence they do this. I am just pointing out that it is easily done and potentially removes your anonymity (which in theory is the goal).

    Thanks,

    Ted
     
  4. scarab

    scarab Newbie

    Joined:
    Dec 11, 2010
    Messages:
    38
    Likes Received:
    11
    Can you recommend some proxy connection software (possibly called proxy firewall?) that can manage the connections for us, instead of changing browser settings each time?

    Something that also takes into account HTTPS connections?

    I currently use KeePass for tracking all of my logins, so I never use the browser autocomplete.

    I need to be able to plug in a list of proxy IP's into the software, tell it to use one IP, and then I go to the site, login, do my thing, logout, switch to another IP, go to the next site, repeat-- ad nauseum....