The URL under the heading in this message shows a list of raw IP addresses.
One of those addresses is 127.0.0.1:3128.
What is he proposing we do? Blindly use these addresses as proxies??
I haven't checked any of the others, but they don't feel like safe surfing
to me.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of dungdm001
Sent: Tuesday, October 16, 2007 9:16 AM
To: webappsec@securityfocus.com
Subject: Proxy List For You!
NEW PROXY UPDATE EVERYDAY
http://www.boy.us.com/proxylist.php.
Fake IP Address
When you connect to a web site, it can see your IP address as the "Remote
IP" or "Remote Address". When you surf through a proxy server, these
fields
contain the IP address of the proxy server instead of your own IP address.
So the web site will see the address of the proxy instead of your actual
address.But all non-anonymous proxies usually put the IP addresses of
their
clients (i.e. of the computers using those proxies) in either of the two
following request headers (variables): "HTTP_CLIENT_IP" or
"HTTP_X_FORWARDED_FOR_IP" There are no strict standards, so one proxy may
be
sending the IP with "Client_IP" variable and another with
"X_Forwarded_For_IP".
There is not much difference between them but they are never used together
-
either one or the other.So, if the proxy you are using is not anonymous,
the
web site will be able to see you true IP address in one of these
fields.Requests that are generated by anonymous servers do not have these
fields (that's what makes them anonymous).The thing is that you can set
A4Proxy to create these fields, and put there "fake" IP addresses (they
are
generated as random numbers, so they are different for each request).
As the result, the web site which you are visiting will "think" that you
are
visiting it through a non-anonymous proxy server (while in fact it is a
truly anonymous server with an additional fake field generated by
A4Proxy).
Not all web sites will look for these fields (Client_IP or
X_Forwarded_For_IP). However, those which do look for them will definitely
be confused as the fake IP address will be different for each request.It
may
be a good idea to switch on one of these options (and it is not important
which one).Finally, if you want a particular address to be sent to the web
site in one of that field, you will need to create a modification for that
field on the Browser Options tab, in addition to enabling the appropriate
Simulate... option.
--
View this message in context: http://www.nabble.com/Proxy-List-For-You%21-
tf4635211.html#a13236985
Sent from the Web App Security mailing list archive at Nabble.com.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is
protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
