Difference between pages "Proxy server" and "Authorship Identificaiton"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
m
 
Line 1: Line 1:
{{expand}}
+
=Source Code=
 +
* [http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4151644/4151645/04151691.pdf?tp=&isnumber=&arnumber=4151691 A Probabilistic Approach to Source Code Authorship Identification], Kothari, Jay; Shevertalov, Maxim; Stehle, Edward; Mancoridis, Spiros
 +
Information Technology, 2007.
  
'''Proxy server''' is a server which services the requests of its clients by forwarding requests to other servers.
 
  
== Overview ==
+
* [http://www.springerlink.com/content/m605j8u184003330/ Source Code Author Identification Based on N-gram Author Profiles], Georgia Frantzeskou , Efstathios Stamatatos , Stefanos Gritzalis  and Sokratis Katsikas, IFIP International Federation for Information Processing, 2006
  
Proxy servers are widely used by organizations and individuals for different purposes:
+
[[Category:Bibliography]]
 
+
* Internet sharing (like [[NAT]]);
+
* Traffic compression;
+
* Accelerating service requests by retrieving content from cache;
+
* and many others.
+
 
+
Proxy servers are commonly used by individuals who wish to violate network policies.
+
* In China, proxy servers are commonly used by individuals to get around national connectivity policies. (User A can't reach website Z, but A can reach proxy server P which can reach website Z).
+
* Criminals frequently use proxy servers to hide the origin of their connections (User A connects to website Z through proxy server P; the packets appear to come from P, and not A).
+
 
+
=== HTTP proxies ===
+
 
+
''These proxy servers are using HTTP.''
+
 
+
Example request (direct; with relative URI):
+
<pre>
+
GET / HTTP/1.1
+
Host: cryptome.org
+
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
+
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+
Accept-Encoding: gzip,deflate
+
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+
Keep-Alive: 300
+
Connection: keep-alive
+
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
+
If-None-Match: "e01922-62e9-45937059ec2de"
+
Cache-Control: max-age=0
+
</pre>
+
Example request (using proxy; with absolute URI):
+
<pre>
+
GET http://cryptome.org/ HTTP/1.1
+
Host: cryptome.org
+
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
+
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+
Accept-Encoding: gzip,deflate
+
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+
Keep-Alive: 300
+
Proxy-Connection: keep-alive
+
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
+
If-None-Match: "e01922-62e9-45937059ec2de"
+
Cache-Control: max-age=0
+
</pre>
+
''Note:'' this HTTP request was intercepted on the way to proxy server.
+
 
+
According to RFC 2068 (section 5.1.2):
+
<pre>
+
The absoluteURI form is required when the request is being made to a proxy.
+
</pre>
+
''Note:'' proxy server will convert absolute URI to relative URI.
+
 
+
=== HTTPS proxies ===
+
 
+
''The same as above, but using HTTPS (HTTP over SSL/TLS).''
+
 
+
Sometimes HTTP proxies that support CONNECT method are called ''"HTTPS proxies"''. These HTTP proxies can tunnel almost every TCP-based protocol.
+
 
+
Example request:
+
<pre>
+
CONNECT home.netscape.com:443 HTTP/1.0
+
User-agent: Mozilla/1.1N
+
</pre>
+
 
+
=== SOCKS proxies ===
+
 
+
SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.
+
 
+
=== Web proxies (CGI proxies) ===
+
 
+
These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.
+
 
+
Example GET request from [http://anonymouse.ws/ Anonymouse] (to HTTP server):
+
<pre>
+
GET / HTTP/1.0
+
Host: [scrubbed]:8080
+
User-Agent: http://Anonymouse.org/ (Unix)
+
Connection: keep-alive
+
</pre>
+
 
+
Example GET request from [http://www.hidemyass.com/ HideMyAss.com]:
+
<pre>
+
GET / HTTP/1.0
+
Host: [scrubbed]:8080
+
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
+
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+
</pre>
+
 
+
== Proxy detection ==
+
 
+
[[Category:Anti-Forensics]]
+
[[Category:Network Forensics]]
+

Revision as of 19:31, 19 October 2008

Source Code

Information Technology, 2007.