Hiding IP via Other Servers
There are a lot of proxy (waiters) out there in this digital world
Some are free while some may charge u for their service. We will
concentrate on free waiters/proxies. How to 'call' a waiter depends
on what kind or server u are dealing with. In each case u will get
yr drink tru a waiter if u know how to call the waiters to get the
drink from which restaurants.
Free Servers Outside
The common server/restaurants
serving the drinks are:
- HTTP/HTTPS server which serve at port 80, 8080 etc
- Proxy Server which serve at port 80, 8080, 3128 etc
- FTP servers which serve at port 21
- SMTP servers at port 25
- NNTP servers at port 119
- PopD servers at port 110
- TelNet/Wingate servers at port 23
- Socks servers at port 1080
Why show port nos? Becos u can run a Port Scanner
and find an open Port for yr hiding projects!
Or Free Servers Inside....
Besides those servers mentioned above, there are MANY more
servers which also serve drinks - but they are different
kind of drinks... so they exist at different ports as well
Some are very much hidden N used for spying.
They require ports as well, N you yourself could be the
servers serving them...... :)
Serve to whom? to hackers clients off course
- Back Orifice = port UDP 31337
- NetBus = port TCP 12345/12346 etc etc etc!
Facts about HTTP/HTTPS/FTP Proxy Servers
There are few categories of proxy servers/waiters.
Some are free N some will charge u for service.
U should get Anonymous Proxy aka Non Transparent Proxy
-
Anonymous Proxy.
This waiter will forward yr request.
He does not care who u are, theoretically...
unless u later proved to be a criminal, this
little waiter will tell Big Brother about u
(if he still remembers....)
-
Non Anonymous
Proxy.
This waiter will
tell the chef who u are N yr table location!
This is done by revealing yr original IP via HTTP Environment variables
such as HTTP_X_FORWARDED_FOR
Some proxys are web caching servers - so they speed things up too,
but u need to RELOAD some pages on some non intelligent caching servers
Hiding IP via Socks
-
These socks proxy
are not as popular as the other proxy servers
-
If u want to use
them for yr browser make sure it works becos it
-
will overide yr
proxy settings N as the result
-
u aint going anywhere.....
-
To avoid confusion
- I won't be discussing them in full details.
-
Most socks proxy
are running sock4 or sock5 and the problem is
-
a lot of them
are not open for public all the time.
Hiding via
Anonymizer/CGI
-
Anonymizers are
compiled C or CGI driven applications which can switch from
-
one proxy to another.
As the result yr IP logged to the destination site will
-
be constantly
changing...
-
With source codes available for Squid, Junkbuster, Socks, etc one can build
a suitable and fast anonymizer.
-
Technologies available are:
-
The Anonymizer
-
Anonymouse
(or here)
-
SSL rewebber
- www.spaceproxy.com
-
IDZap
-
JunkBuster Proxy DownLoad
-
Sample CGI based proxy Source Code: CGiProxy
by John Marshall
-
Freedom Servers
from ZeroKnowledge
-
Onion Router
-
Crowds
-
SomeBody
Hiding via Other Methods
-
Sometime u can
call a proxy by typing
-
http://proxy:port/http://www.target.com/
for some proxy such as
- http://invis.free.anonymizer.com/http://www.target.com
- http://anon.free.anonymizer.com/http://www.target.com
- http://anon-regulus.free.anonymizer.com/http://www.target.com
-
http://delegate.proxy.com:port-_-http://www.target.com
for delegate proxy
-
U may try delegate SSL
at magusnet proxy server
Hiding via
Manual Telnet to Wingate/Whatever
-
This method is
used by advanced people only
-
The concept is
simple.
-
Almost all Internet
Stuff are client N server based.
-
Each one has an
IP N communicate via specified ports.
-
What u should
know in advanced is the rule to talk to these servers.
-
Fortunately u
can search N study RFCs N many docs out there.
-
Example: HTTP
Protocol
-
Suggested Reading:
HTTP 1.0 (RFC
1945) or
HTTP 1.1 or W3C
-
1st run telnet
N connect to a known wingate/firewall etc
-
type telnet
wingate.server.com 23 (most wingate at port
23)
-
wingate>www.victim.com
80 (assuming server is at port 80)
-
GET /path/to/file/index.html
HTTP/1.0 (then press ENTER TWICE)
-
The server will
respond with something like
HTTP/1.0 200
OK or HTTP/1.0 404 Not Found if problem
and give some other output to u
Notes:
The HTTP version
is in the same format as in the request line, "HTTP/x.x".
The status
code is meant to be computer-readable; the reason phrase is meant to be
human-readable, and may vary.
The status
code is a three-digit integer, and the first digit identifies the general
category of response:
1xx indicates an informational message only
2xx indicates success of some kind
3xx redirects the client to another URL
4xx indicates an error on the client's part
5xx indicates an error on the server's part
-
Of course u hate
typing - but why not make one or two program which randomly select a wingate
N automate all the GET N POST to interact with the servers? Well u might
will endup as a hacker.... esp. if u are interested in reading
the 1st few lines of the Server Response
-
These normally
display the O/S
N the WebServer Software running over
there plus Last Modified Time - something can be used to chk active
profile of the page owner/webmaster!
Hiding via
Spoofing
-
This method is
based on deceiving the principle of trust between 2 hosts
-
It can be achieved
by analysing the TCP/IP Packets N Predicting them
-
These methods
involved deep understanding of TCP/IP stuff plus some
-
hacking guts inside
yrself
-
U need these:
- U yrself + yr Brain +
- Telnet s/w + RFC knowledge +
- Source/Pgm + 2 IP + 2 Ports +
- refs from below
-
Read Phrack
Article #48
-
Read the Art
illustrated
-
Get
RFC Index from me
-
Find the RFC stuff
- Understand IP RFC
-
Read N
Understand IP/RFC
-
Get
the TCP/IP illustrated Guru Book
-
As u will see - Most of these advanced spoofing features can be
activated via dedicated c programs.
Hiding via
exploits
-
In order to do
this u need to be a webmaster N yr site is frequently visited
-
by many people,
or u are the owner of some wingate/socks/proxy/router where
-
alot of people
are passing tru them... or in short
-
u are inside
N within the the transaction path
-
Most people don't
care what u are doing in the background at the server side,
-
They just want
to see the the content N they don't expect u to hijack their IP.
-
As the result
u can send yr stuff by clipping them to the victim's IP
-
A simple example
is to
-
create a socket
with my contents/stuff N
-
send them using
yr IP as a base after
-
manipulating
the REMOTE ADDRESS variable N
-
then forward
it via a proxy to the victim site.
-
(sounds complicated?)