Proxy server and its anonymity

By | July 9, 2017

I decided to test how proxy server anonymity looks like and how to control it. The purpose was to get HTTP request header which server receives from proxy when proxy settings are anonymous, semi-anonymous or what ever. I installed squid proxy server on one Linux machine and started to play with its settings located in /etc/squid/squid.conf file. After every modification of squid.conf squid was restarted. The wget utility was used as HTTP client and on destination HTTP server I uploaded the following php script which presented all HTTP request header fields:


echo "<pre>\n";
foreach (getallheaders() as $name => $value) {
echo "$name: $value\n";
}
echo "</pre>\n";
?>

wget command I used was:


wget -d -e use_proxy=yes -e http_proxy=192.168.13.110:8080 http://russianmafia.ru/headers.php

where 192.168.13.110 is IP address of machine where the squid proxy was installed, 8080 listening port and http://russianmafia.ru/headers.php is destination point.
The request header sent by wget client looked like:


GET http://russianmafia.ru/headers.php HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru

Test 1
forwarded_for and via are “off”, “follow_x_forwarded_for deny all” and “request_header_access X-Forwarded-For deny all” are uncommented:


via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all

Request header on the destination HTTP server (header does not contain IP address of client machine):


User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru
Cache-Control: max-age=259200
Connection: keep-alive

Test 2
forwarded_for and via are “off”, follow_x_forwarded_for is uncommented, but request_header_access is commented out:


via off
forwarded_for off
follow_x_forwarded_for deny all
# request_header_access X-Forwarded-For deny all

Request header on the destination HTTP server (header does not contain IP address of client machine, but shows that request has been forwarded fron unknown client):


User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru
X-Forwarded-For: unknown
Cache-Control: max-age=259200
Connection: keep-alive

Test 3
forwarded_for and via are “off”, follow_x_forwarded_for and request_header_access are commented out:


via off
forwarded_for off
# follow_x_forwarded_for deny all
# request_header_access X-Forwarded-For deny all

Request header on the destination HTTP server (the same as previous, header does not contain IP address of client machine, but shows that request has been forwarded fron unkwon client):


User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru
X-Forwarded-For: unknown
Cache-Control: max-age=259200
Connection: keep-alive

Test 4
forwarded_for is “on” via is “off”, follow_x_forwarded_for and request_header_access are commented out:


/etc/squid/squid.conf
via off
forwarded_for on
# follow_x_forwarded_for deny all
# request_header_access X-Forwarded-For deny all

Request header on the destination HTTP server (header contains IP address of client machine):


User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru
X-Forwarded-For: 10.19.69.11
Cache-Control: max-age=259200
Connection: keep-alive

Test 5
forwarded_for is and via are “on”, follow_x_forwarded_for and request_header_access are commented out:


/etc/squid/squid.conf
via on
forwarded_for on
# follow_x_forwarded_for deny all
# request_header_access X-Forwarded-For deny all

Request header on the destination HTTP server (header contains IP address of client machine plus presented information about proxy server):


User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: russianmafia.ru
Via: 1.0 localhost.localdomain (squid/3.1.23)
X-Forwarded-For: 10.19.69.11
Cache-Control: max-age=259200
Connection: keep-alive

By the way when via is “on” response header received by client also contain data about proxy:


HTTP/1.0 200 OK
Date: Tue, 04 Jul 2017 16:36:44 GMT
Server: Apache/2.4.12 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 197
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:8080
Via: 1.0 localhost.localdomain (squid/3.1.23)
Connection: close


Testing proxy from premproxy.com

1.
# wget -d -e use_proxy=yes -e http_proxy=210.35.171.5:8080 http://russianmafia.ru/headers.php

HTTP requesrt header on russianmafia.ru

Accept: */*
Connection: close
Host: russianmafia.ru
User-Agent: Wget/1.13.4 (linux-gnu)
Via: http/1.1 localhost.localdomain[FE8000000000000092E2BAFFFE841C50] (Ap$
X-Http-Proto: HTTP/1.1
X-Log-6662: 210.35.171.70
X-Real-Ip: 210.35.171.70
2.

# wget -d -e use_proxy=yes -e http_proxy=206.127.88.18:80 http://russianmafia.ru/headers.php
HTTP requesrt header on russianmafia.ru

Accept: */*
Connection: close
Host: russianmafia.ru
User-Agent: Wget/1.13.4 (linux-gnu)
Via: 1.1 blogs.lccountymt.gov
X-Http-Proto: HTTP/1.1
X-Log-6662: 206.127.88.18
X-Real-Ip: 206.127.88.18
3.
# wget -d -e use_proxy=yes -e http_proxy=193.111.177.51:80 http://russianmafia.ru/headers.php
HTTP requesrt header on russianmafia.ru

Accept: */*
Connection: close
Host: russianmafia.ru
User-Agent: Wget/1.13.4 (linux-gnu)
X-Http-Proto: HTTP/1.1
X-Log-6662: 193.111.177.51
X-Real-Ip: 193.111.177.51
4.

wget -d –header “Connection: keep-alive” -e use_proxy=yes -e http_proxy=103.234.254.164:80 http://russianmafia.ru/headers.php
HTTP requesrt header on russianmafia.ru. (Proxy replaces its IP)

Accept: */*
Connection: close
Host: russianmafia.ru
User-Agent: Wget/1.13.4 (linux-gnu)
Via: 1.1 10.10.10.2 (Mikrotik HttpProxy)
X-Http-Proto: HTTP/1.1
X-Log-6662: 43.247.15.216
X-Proxy-Id: 953367358
X-Real-Ip: 43.247.15.216

Leave a Reply

Your email address will not be published. Required fields are marked *