The URL under the heading in this message shows a list of
raw IP addresses.
One of those addresses is 127.0.0.1:3128.
What is he proposing we do? Blindly use these addresses as
proxies??
I haven't checked any of the others, but they don't feel
like safe surfing
to me.
> -----Original Message-----
> From: listbounce securityfocus.com [mailto:listbouncesecurityfocus.com]
> On Behalf Of dungdm001
> Sent: Tuesday, October 16, 2007 9:16 AM
> To: webappsecsecurityfocus.com
> Subject: Proxy List For You!
>
>
> NEW PROXY UPDATE EVERYDAY
> http://www.boy.u
s.com/proxylist.php.
>
> Fake IP Address
> When you connect to a web site, it can see your IP
address as the "Remote
> IP" or "Remote Address". When you surf
through a proxy server, these
> fields
> contain the IP address of the proxy server instead of
your own IP address.
> So the web site will see the address of the proxy
instead of your actual
> address.But all non-anonymous proxies usually put the
IP addresses of
> their
> clients (i.e. of the computers using those proxies) in
either of the two
> following request headers (variables):
"HTTP_CLIENT_IP" or
> "HTTP_X_FORWARDED_FOR_IP" There are no strict
standards, so one proxy may
> be
> sending the IP with "Client_IP" variable and
another with
> "X_Forwarded_For_IP".
>
> There is not much difference between them but they are
never used together
> -
> either one or the other.So, if the proxy you are using
is not anonymous,
> the
> web site will be able to see you true IP address in one
of these
> fields.Requests that are generated by anonymous servers
do not have these
> fields (that's what makes them anonymous).The thing is
that you can set
> A4Proxy to create these fields, and put there
"fake" IP addresses (they
> are
> generated as random numbers, so they are different for
each request).
>
> As the result, the web site which you are visiting will
"think" that you
> are
> visiting it through a non-anonymous proxy server (while
in fact it is a
> truly anonymous server with an additional fake field
generated by
> A4Proxy).
> Not all web sites will look for these fields (Client_IP
or
> X_Forwarded_For_IP). However, those which do look for
them will definitely
> be confused as the fake IP address will be different
for each request.It
> may
> be a good idea to switch on one of these options (and
it is not important
> which one).Finally, if you want a particular address to
be sent to the web
> site in one of that field, you will need to create a
modification for that
> field on the Browser Options tab, in addition to
enabling the appropriate
> Simulate... option.
>
> --
> View this message in context: http://w
ww.nabble.com/Proxy-List-For-You%21-
> tf4635211.html#a13236985
> Sent from the Web App Security mailing list archive at
Nabble.com.
>
>
>
------------------------------------------------------------
-------------
> Sponsored by: Watchfire
>
> Cross-Site Scripting (XSS) is one of the most common
application-level
> attacks that hackers use to sneak into web applications
today. This
> whitepaper will discuss how traditional XSS attacks are
performed, how to
> secure your site against these attacks and check if
your site is
> protected.
> Cross-Site Scripting Explained - Download this
whitepaper today!
>
> https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701700000009405
>
------------------------------------------------------------
-------------
>
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common
application-level
attacks that hackers use to sneak into web applications
today. This
whitepaper will discuss how traditional XSS attacks are
performed, how to
secure your site against these attacks and check if your
site is protected.
Cross-Site Scripting Explained - Download this whitepaper
today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701700000009405
------------------------------------------------------------
-------------
|