1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mac OS X Proxy Switcher FOR FREE

Discussion in 'Black Hat SEO' started by ipopbb, Oct 17, 2011.

Tags:
  1. ipopbb

    ipopbb Power Member

    Joined:
    Feb 24, 2008
    Messages:
    626
    Likes Received:
    844
    Occupation:
    SEO & Innovative Programming
    Location:
    Seattle
    Home Page:
    Mac OS X Proxy Testing & Switching

    I recently did some work with some PVAs from XGC Media. The list of 200 accounts they sent me only had 16 working accounts in it. Within a day they had a new list of 200 for me that was perfect. I'm impressed. But the real reason for this post is that to work with these accounts it requires a large number of proxy servers and an efficient way to test them, configure them , and then reset safari so you don't get narc'ed by cookies. Below is the source code I used to automate all this by command line on OS X Lion. No need to buy proxy switching software on a mac.


    First you need a web page that tells you your IP address and nothing else.


    Code:
    <?php 
     // myip.php
     header('Content-type: text/plain');
     $ip = getenv("REMOTE_ADDR"); 
     Echo $ip; 
    ?>
    
    Next we need a shell script called "randomproxy" to execute from the terminal window.


    Code:
    #!/bin/tcsh
    set gateway = `curl -s "http://www.mywebsite.com/myip.php"`
    set num = `jot -r 1 1 25`
    set port = 60001
    set login = "username"
    set password = "password"
    if ($num == 1) set pick = 100.200.300.1
    else if ($num == 2) set pick = 100.200.300.2
    else if ($num == 3) set pick = 100.200.300.3
    else if ($num == 4) set pick = 100.200.300.4
    else if ($num == 5) set pick = 100.200.300.5
    endif
    set proxy = "http://"$login":"$password"@"$pick":$port"
    set unused = `curl -s -x "$proxy" "http://www.mywebsite.com/myip.php" -o "test.txt"`
    set test = `more test.txt`
    if ($test == $gateway) then
    	echo "FAILED: chose $pick and got $test and gateway $gateway"
    else if ($pick == $test) then
    	echo "PASSED: chose $pick and got $test and gateway $gateway"
    	networksetup -setwebproxystate "Wi-Fi" On
    	networksetup -setsecurewebproxystate "Wi-Fi" On
    	networksetup -setwebproxy "Wi-Fi" $pick $port On $login $password
    	networksetup -setsecurewebproxy "Wi-Fi" $pick $port On $login $password
    	./resetsafari
    else
    	echo "FAILED: chose $pick and got $test and gateway $gateway"
    endif
    
    Remember to "chmod 755 randomproxy" this script!

    Then we need an applescript file called "resetsafari" to automate resetting Safari


    Code:
    #!/usr/bin/osascript
    tell application "System Events"
    	tell process "Safari"
    		set frontmost to true
    		click menu item "Reset Safari?" of menu 1 of menu bar item "Safari" of menu bar 1
    		--delay 1 --may be uncommented if needed
    		click button "Reset" of window 1
    	end tell
    end tell
    

    Remember to "chmod 755 resetsafari" this script too!


    Then optionally we need a script called "disableproxies" to turn the proxy config off when we are done

    Code:
    networksetup -setwebproxystate "Wi-Fi" Off
    networksetup -setsecurewebproxystate "Wi-Fi" Off
    Remember to "chmod 755 disableproxies" this script too!

    In a Terminal Window:

    To pick a random proxy, test it, and configure it in your network settings if it passes and reset Safari just type:

    Code:
    ./randomproxy
    To disable proxy settings when you are done just type:

    Code:
    ./disableproxies
     
    • Thanks Thanks x 2
  2. ipopbb

    ipopbb Power Member

    Joined:
    Feb 24, 2008
    Messages:
    626
    Likes Received:
    844
    Occupation:
    SEO & Innovative Programming
    Location:
    Seattle
    Home Page:
    A few more considerations:

    "Via" HTTP Headers

    A proxy should fail anonymity testing if a "Via" HTTP header is passed to the remote web server. Via discloses that an intermediate proxy server is in use. One way to handle this check is to modify the "myip.php" as follows:

    Code:
    <?php 
     // myip.php
     header('Content-type: text/plain');
    $headers = apache_request_headers();
    
    if(! is_null($_SERVER['HTTP_X_FORWARDED_FOR']){$ip="FAILED";}
    else if(! is_null($headers) && ! is_null($headers['Via'])){$ip="FAILED";}
    else if($_SERVER['HTTP_VIA']){$ip="FAILED";}
    else{$ip = getenv("REMOTE_ADDR");}
     
    Echo $ip; 
    ?>
    
    Unfortunately, PHP is full of very lame hacks regarding access to arbitrary request headers so it is ugly code that is unavoidable. Fortunately this case is pretty rare.

    Then add

    Code:
    if ($test == "FAILED") then
    	echo "FAILED: proxy tells remote website it is a proxy and potentially for your gateway"
    

    Safari Reset Option: Remove saved Names and Passwords


    Be sure this option is checked by manually reseting Safari once. I know it is a pain in the ass to lose all of that but if you don't you will potentially allow the remote website to track your activity from beyond the grave of the cookies. For example: imagine the following pseudo-code residing on G o o gl e's login page:

    Code:
    <script type="pseudocode">
    	document.inputElementLoginName.onChange = "sendAjaxRequestToServer(document.inputElementLoginName.value);";
    </script>
    This code would represent the following threat scenario:

    1. You clear your cache & cookies.
    2. You switch your proxy.
    3. You visit the login page.
    4. Your saved Name and Password autofill triggering the OnChange event for the login name field
    5. Your saved Name is sent to website via ajax and old IPs and cookies are mapped to the new IPs and cookies
    6. Your continue activity assuming anonymity which clearly would be a bad mistake
    7. Bad things happen to your accounts

    Unfortunately... remembering Names and Password, while very convenient, is potentially a complete surrendering of privacy by deleting caches & cookies. Just reset everything to be safe.

    Web Proxy Settings and Secure Web Proxy Settings


    This is the classic mistake. You configure your Web Proxy Settings and switch them. If you don't proxy SSL connections as well then you will be anonymous up to the point of submitting your login credentials and then your actual gateway will be used for the HTTPS connection to login and continue. Switching a proxy nearly always means changing 2 proxy settings. First for HTTP and second for HTTPS.

    If you use out of the box proxy switching software be sure to test your IP and gateway are cloaked for both HTTP and HTTPS connections. Cheap proxy switchers commonly make this mistake.
     
  3. dixonge

    dixonge Newbie

    Joined:
    Jan 29, 2012
    Messages:
    5
    Likes Received:
    0
    Dude - I needed this for completely different reasons (think Netflix outside the USA) but changing the network settings manually was a PITA. Now I have two shell scripts on the desktop - four lines of code in one, two in the other. All set - thanks!
     
  4. ben10023

    ben10023 Regular Member

    Joined:
    Oct 23, 2011
    Messages:
    294
    Likes Received:
    62
    Location:
    UK
    Home Page:
    Such a useful thread, exactly what I was searching for for something.

    Thanks for bumping it!
     
  5. ben10023

    ben10023 Regular Member

    Joined:
    Oct 23, 2011
    Messages:
    294
    Likes Received:
    62
    Location:
    UK
    Home Page:
    Also, are you doing this for personal reasons or are you selling a service for access outside the country?
     
  6. jonvital

    jonvital Junior Member

    Joined:
    Nov 13, 2011
    Messages:
    148
    Likes Received:
    48
    Location:
    Brooklyn, NY
    Can this process be posted in a video or something. you are explaining exactly what I'm very new to setting up scripts to run. like for instance where do you even put the first part of the script you give us , in the terminal? not to sure can you elaborate a little more for beginners