Hiding IP via Other Servers
There are a lot of proxy (waiters) out there in this digital world
Some are free while some may charge u for their service. We will
concentrate on free waiters/proxies. How to 'call' a waiter depends
on what kind or server u are dealing with. In each case u will get
yr drink tru a waiter if u know how to call the waiters to get the
drink from which restaurants.
Free Servers Outside
The common server/restaurants
serving the drinks are:
- HTTP/HTTPS server which serve at port 80, 8080 etc
- Proxy Server which serve at port 80, 8080, 3128 etc
- FTP servers which serve at port 21
- SMTP servers at port 25
- NNTP servers at port 119
- PopD servers at port 110
- TelNet/Wingate servers at port 23
- Socks servers at port 1080
Why show port nos? Becos u can run a Port Scanner
and find an open Port for yr hiding projects!
Or Free Servers Inside....
Besides those servers mentioned above, there are MANY more
servers which also serve drinks - but they are different
kind of drinks... so they exist at different ports as well
Some are very much hidden N used for spying.
They require ports as well, N you yourself could be the
servers serving them...... :)
Serve to whom? to hackers clients off course
Facts about HTTP/HTTPS/FTP Proxy Servers
- Back Orifice = port UDP 31337
- NetBus = port TCP 12345/12346 etc etc etc!
There are few categories of proxy servers/waiters.
Some are free N some will charge u for service.
U should get Anonymous Proxy aka Non Transparent Proxy
Hiding IP via Socks
This waiter will forward yr request.
He does not care who u are, theoretically...
unless u later proved to be a criminal, this
little waiter will tell Big Brother about u
(if he still remembers....)
This waiter will
tell the chef who u are N yr table location!
This is done by revealing yr original IP via HTTP Environment variables
such as HTTP_X_FORWARDED_FOR
Some proxys are web caching servers - so they speed things up too,
but u need to RELOAD some pages on some non intelligent caching servers
These socks proxy
are not as popular as the other proxy servers
If u want to use
them for yr browser make sure it works becos it
will overide yr
proxy settings N as the result
u aint going anywhere.....
To avoid confusion
- I won't be discussing them in full details.
Most socks proxy
are running sock4 or sock5 and the problem is
a lot of them
are not open for public all the time.
compiled C or CGI driven applications which can switch from
one proxy to another.
As the result yr IP logged to the destination site will
With source codes available for Squid, Junkbuster, Socks, etc one can build
a suitable and fast anonymizer.
Technologies available are:
JunkBuster Proxy DownLoad
Sample CGI based proxy Source Code: CGiProxy
by John Marshall
Hiding via Other Methods
Sometime u can
call a proxy by typing
for some proxy such as
for delegate proxy
U may try delegate SSL
at magusnet proxy server
Manual Telnet to Wingate/Whatever
This method is
used by advanced people only
The concept is
Almost all Internet
Stuff are client N server based.
Each one has an
IP N communicate via specified ports.
What u should
know in advanced is the rule to talk to these servers.
can search N study RFCs N many docs out there.
HTTP 1.0 (RFC
HTTP 1.1 or W3C
1st run telnet
N connect to a known wingate/firewall etc
wingate.server.com 23 (most wingate at port
80 (assuming server is at port 80)
HTTP/1.0 (then press ENTER TWICE)
The server will
respond with something like
OK or HTTP/1.0 404 Not Found if problem
and give some other output to u
The HTTP version
is in the same format as in the request line, "HTTP/x.x".
code is meant to be computer-readable; the reason phrase is meant to be
human-readable, and may vary.
code is a three-digit integer, and the first digit identifies the general
category of response:
1xx indicates an informational message only
2xx indicates success of some kind
3xx redirects the client to another URL
4xx indicates an error on the client's part
5xx indicates an error on the server's part
Of course u hate
typing - but why not make one or two program which randomly select a wingate
N automate all the GET N POST to interact with the servers? Well u might
will endup as a hacker.... esp. if u are interested in reading
the 1st few lines of the Server Response
display the O/S
N the WebServer Software running over
there plus Last Modified Time - something can be used to chk active
profile of the page owner/webmaster!
This method is
based on deceiving the principle of trust between 2 hosts
It can be achieved
by analysing the TCP/IP Packets N Predicting them
involved deep understanding of TCP/IP stuff plus some
hacking guts inside
U need these:
- U yrself + yr Brain +
- Telnet s/w + RFC knowledge +
- Source/Pgm + 2 IP + 2 Ports +
- refs from below
Read the Art
RFC Index from me
Find the RFC stuff
- Understand IP RFC
the TCP/IP illustrated Guru Book
As u will see - Most of these advanced spoofing features can be
activated via dedicated c programs.
In order to do
this u need to be a webmaster N yr site is frequently visited
by many people,
or u are the owner of some wingate/socks/proxy/router where
alot of people
are passing tru them... or in short
u are inside
N within the the transaction path
Most people don't
care what u are doing in the background at the server side,
They just want
to see the the content N they don't expect u to hijack their IP.
As the result
u can send yr stuff by clipping them to the victim's IP
A simple example
create a socket
with my contents/stuff N
send them using
yr IP as a base after
the REMOTE ADDRESS variable N
it via a proxy to the victim site.