Difference between pages "Mobile phone" and "Proxy server"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (removed category: Encryption :))
 
Line 1: Line 1:
#REDIRECT [[Cell phone]]
+
{{expand}}
 +
 
 +
'''Proxy server''' is a server which services the requests of its clients by forwarding requests to other servers.
 +
 
 +
== Overview ==
 +
 
 +
Proxy servers are widely used by organizations and individuals for different purposes:
 +
 
 +
* Internet sharing (like [[NAT]]);
 +
* Traffic compression;
 +
* Accelerating service requests by retrieving content from cache;
 +
* and many others.
 +
 
 +
Proxy servers are often used for malicious purposes (such as fraud).
 +
 
 +
== HTTP proxies ==
 +
 
 +
''These proxy servers are using HTTP.''
 +
 
 +
Example request (direct; with relative URI):
 +
<pre>
 +
GET / HTTP/1.1
 +
Host: cryptome.org
 +
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
 +
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 +
Accept-Encoding: gzip,deflate
 +
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
 +
Keep-Alive: 300
 +
Connection: keep-alive
 +
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
 +
If-None-Match: "e01922-62e9-45937059ec2de"
 +
Cache-Control: max-age=0
 +
</pre>
 +
Example request (using proxy; with absolute URI):
 +
<pre>
 +
GET http://cryptome.org/ HTTP/1.1
 +
Host: cryptome.org
 +
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
 +
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 +
Accept-Encoding: gzip,deflate
 +
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
 +
Keep-Alive: 300
 +
Proxy-Connection: keep-alive
 +
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
 +
If-None-Match: "e01922-62e9-45937059ec2de"
 +
Cache-Control: max-age=0
 +
</pre>
 +
''Note:'' this HTTP request was intercepted on the way to proxy server.
 +
 
 +
According to RFC 2068 (section 5.1.2):
 +
<pre>
 +
The absoluteURI form is required when the request is being made to a proxy.
 +
</pre>
 +
 
 +
== HTTPS proxies ==
 +
 
 +
''The same as above, but using HTTPS (HTTP over SSL/TLS).''
 +
 
 +
Sometimes HTTP proxies that support CONNECT method are called ''"HTTPS proxies"''. These HTTP proxies can tunnel almost every TCP-based protocol.
 +
 
 +
Example request:
 +
<pre>
 +
CONNECT home.netscape.com:443 HTTP/1.0
 +
User-agent: Mozilla/1.1N
 +
</pre>
 +
 
 +
== SOCKS proxies ==
 +
 
 +
SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.
 +
 
 +
== Web proxies (CGI proxies) ==
 +
 
 +
These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.
 +
 
 +
== Proxy detection ==
 +
 
 +
[[Category:Anti-Forensics]]
 +
[[Category:Network Forensics]]

Revision as of 14:06, 15 October 2008

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Proxy server is a server which services the requests of its clients by forwarding requests to other servers.

Overview

Proxy servers are widely used by organizations and individuals for different purposes:

  • Internet sharing (like NAT);
  • Traffic compression;
  • Accelerating service requests by retrieving content from cache;
  • and many others.

Proxy servers are often used for malicious purposes (such as fraud).

HTTP proxies

These proxy servers are using HTTP.

Example request (direct; with relative URI):

GET / HTTP/1.1
Host: cryptome.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
If-None-Match: "e01922-62e9-45937059ec2de"
Cache-Control: max-age=0

Example request (using proxy; with absolute URI):

GET http://cryptome.org/ HTTP/1.1
Host: cryptome.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
If-None-Match: "e01922-62e9-45937059ec2de"
Cache-Control: max-age=0

Note: this HTTP request was intercepted on the way to proxy server.

According to RFC 2068 (section 5.1.2):

The absoluteURI form is required when the request is being made to a proxy.

HTTPS proxies

The same as above, but using HTTPS (HTTP over SSL/TLS).

Sometimes HTTP proxies that support CONNECT method are called "HTTPS proxies". These HTTP proxies can tunnel almost every TCP-based protocol.

Example request:

CONNECT home.netscape.com:443 HTTP/1.0
User-agent: Mozilla/1.1N 

SOCKS proxies

SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.

Web proxies (CGI proxies)

These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.

Proxy detection