|
|
| Line 1: |
Line 1: |
| − | {{expand}}
| + | =Source Code= |
| | + | * [http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4151644/4151645/04151691.pdf?tp=&isnumber=&arnumber=4151691 A Probabilistic Approach to Source Code Authorship Identification], Kothari, Jay; Shevertalov, Maxim; Stehle, Edward; Mancoridis, Spiros |
| | + | Information Technology, 2007. |
| | | | |
| − | '''Proxy server''' is a server which services the requests of its clients by forwarding requests to other servers.
| |
| | | | |
| − | == Overview ==
| + | * [http://www.springerlink.com/content/m605j8u184003330/ Source Code Author Identification Based on N-gram Author Profiles], Georgia Frantzeskou , Efstathios Stamatatos , Stefanos Gritzalis and Sokratis Katsikas, IFIP International Federation for Information Processing, 2006 |
| | | | |
| − | Proxy servers are widely used by organizations and individuals for different purposes:
| + | [[Category:Bibliography]] |
| − | | + | |
| − | * Internet sharing (like [[NAT]]);
| + | |
| − | * Traffic compression;
| + | |
| − | * Accelerating service requests by retrieving content from cache;
| + | |
| − | * and many others.
| + | |
| − | | + | |
| − | Proxy servers are commonly used by individuals who wish to violate network policies.
| + | |
| − | * In China, proxy servers are commonly used by individuals to get around national connectivity policies. (User A can't reach website Z, but A can reach proxy server P which can reach website Z).
| + | |
| − | * Criminals frequently use proxy servers to hide the origin of their connections (User A connects to website Z through proxy server P; the packets appear to come from P, and not A).
| + | |
| − | | + | |
| − | === HTTP proxies ===
| + | |
| − | | + | |
| − | ''These proxy servers are using HTTP.''
| + | |
| − | | + | |
| − | Example request (direct; with relative URI):
| + | |
| − | <pre>
| + | |
| − | GET / HTTP/1.1
| + | |
| − | Host: cryptome.org
| + | |
| − | User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
| + | |
| − | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
| + | |
| − | Accept-Encoding: gzip,deflate
| + | |
| − | Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
| + | |
| − | Keep-Alive: 300
| + | |
| − | Connection: keep-alive
| + | |
| − | If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
| + | |
| − | If-None-Match: "e01922-62e9-45937059ec2de"
| + | |
| − | Cache-Control: max-age=0
| + | |
| − | </pre>
| + | |
| − | Example request (using proxy; with absolute URI):
| + | |
| − | <pre>
| + | |
| − | GET http://cryptome.org/ HTTP/1.1
| + | |
| − | Host: cryptome.org
| + | |
| − | User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
| + | |
| − | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
| + | |
| − | Accept-Encoding: gzip,deflate
| + | |
| − | Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
| + | |
| − | Keep-Alive: 300
| + | |
| − | Proxy-Connection: keep-alive
| + | |
| − | If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
| + | |
| − | If-None-Match: "e01922-62e9-45937059ec2de"
| + | |
| − | Cache-Control: max-age=0
| + | |
| − | </pre>
| + | |
| − | ''Note:'' this HTTP request was intercepted on the way to proxy server.
| + | |
| − | | + | |
| − | According to RFC 2068 (section 5.1.2):
| + | |
| − | <pre>
| + | |
| − | The absoluteURI form is required when the request is being made to a proxy.
| + | |
| − | </pre>
| + | |
| − | ''Note:'' proxy server will convert absolute URI to relative URI.
| + | |
| − | | + | |
| − | === HTTPS proxies ===
| + | |
| − | | + | |
| − | ''The same as above, but using HTTPS (HTTP over SSL/TLS).''
| + | |
| − | | + | |
| − | Sometimes HTTP proxies that support CONNECT method are called ''"HTTPS proxies"''. These HTTP proxies can tunnel almost every TCP-based protocol.
| + | |
| − | | + | |
| − | Example request:
| + | |
| − | <pre>
| + | |
| − | CONNECT home.netscape.com:443 HTTP/1.0
| + | |
| − | User-agent: Mozilla/1.1N
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | === SOCKS proxies ===
| + | |
| − | | + | |
| − | SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.
| + | |
| − | | + | |
| − | === Web proxies (CGI proxies) ===
| + | |
| − | | + | |
| − | These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.
| + | |
| − | | + | |
| − | Example GET request from [http://anonymouse.ws/ Anonymouse] (to HTTP server):
| + | |
| − | <pre>
| + | |
| − | GET / HTTP/1.0
| + | |
| − | Host: [scrubbed]:8080
| + | |
| − | User-Agent: http://Anonymouse.org/ (Unix)
| + | |
| − | Connection: keep-alive
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | Example GET request from [http://www.hidemyass.com/ HideMyAss.com]:
| + | |
| − | <pre>
| + | |
| − | GET / HTTP/1.0
| + | |
| − | Host: [scrubbed]:8080
| + | |
| − | User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
| + | |
| − | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | == Proxy detection ==
| + | |
| − | | + | |
| − | [[Category:Anti-Forensics]]
| + | |
| − | [[Category:Network Forensics]] | + | |
