Here Be Web Proxies

  • Nicholas Weaver
  • Christian Kreibich
  • Martin Dam
  • Vern Paxson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8362)

Abstract

HTTP proxies serve numerous roles, from performance enhancement to access control to network censorship, but often operate stealthily without explicitly indicating their presence to the communicating endpoints. In this paper we present an analysis of the evidence of proxying manifest in executions of the ICSI Netalyzr spanning 646,000 distinct IP addresses (“clients”). To identify proxies we employ a range of detectors at the transport and application layer, and report in detail on the extent to which they allow us to fingerprint and map proxies to their likely intended uses. We also analyze 17,000 clients that include a novel proxy location technique based on traceroutes of the responses to TCP connection establishment requests, which provides additional clues regarding the purpose of the identified web proxies. Overall, we see 14% of Netalyzr-analyzed clients with results that suggest the presence of web proxies.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aase, N., Crandall, J., Diaz, A., Knockel, J., Molinero, J.O., Saia, J., Wallach, D., Zhu, T.: Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors’ Resources and Motivations. In: Proc. USENIX FOCI, Bellevue, WA, USA (August 2012)Google Scholar
  2. 2.
    Auger, R.: Easy method for detecting caching proxies (February 2011), http://www.cgisecurity.com/2011/02/easy-method-for-detecting-caching-proxies.html
  3. 3.
  4. 4.
    DiCioccio, L., Teixeira, R., May, M., Kreibich, C.: Probe and Pray: Using UPnP for Home Network Measurements. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 96–105. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    EICAR Anti-Malware Test File, http://www.eicar.org/86-0-Intended-use.html
  6. 6.
    Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1. RFC 2616, IETF (June 1999)Google Scholar
  7. 7.
    Fox, A., Goldberg, I., Gribble, S.D., Lee, D.C., Polito, A., Brewer, E.A.: Experience With Top Gun Wingman, A Proxy-Based Graphical Web Browser for the USR PalmPilot. In: Proc. Middleware (1998)Google Scholar
  8. 8.
    Fox, A., Gribble, S.D., Brewer, E.A., Amir, E.: Adapting to Network and Client Variability via On-Demand Dynamic Distillation. In: Proc. ASPLOS-VII (October 1996)Google Scholar
  9. 9.
    Giobbi, R.: CERT Vulnerability Note VU 435052: Intercepting proxy servers may incorrectly rely on HTTP headers to make connections (February 2009)Google Scholar
  10. 10.
    Huang, L.S., Chen, E.Y., Barth, A., Rescorla, E., Jackson, C.: Talking to yourself for fun and profit. In: Proceedings of the Web 2.0 Security & Privacy (W2SP) Workshop (2011)Google Scholar
  11. 11.
    Kreibich, C., Weaver, N., Nechaev, B., Paxson, V.: Netalyzr: Illuminating The Edge Network. In: Proc. ACM IMC, Melbourne, Australia (November 2010)Google Scholar
  12. 12.
    Citizen Lab. Planet Blue Coat: Mapping Global Censorship and Surveillance Tools, https://citizenlab.org/2013/01/planet-blue-coat-mapping-global-censorship-and-surveillance-tools/
  13. 13.
    Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting In-Flight Page Changes with Web Tripwires. In: Proc. USENIX NSDI (2008)Google Scholar
  14. 14.
    Sfakianakis, A., Athanasopoulos, E., Ioannidis, S.: Inferring Mechanics of Web Censorship Around the World. In: CensMon: A Web Censorship Monitor (August 2011)Google Scholar
  15. 15.
    Somerville, M.: Mobile operators altering (and breaking) web content, http://www.mysociety.org/2011/08/11/mobile--operators--breaking--content/
  16. 16.
    Verkamp, J., Gupta, M.: Inferring Mechanics of Web Censorship Around the World. In: Proc. USENIX FOCI, Bellevue, WA, USA (August 2012)Google Scholar
  17. 17.
    Weaver, N., Kreibich, C., Paxson, V.: Redirecting DNS for Ads and Profit. In: Proc. USENIX FOCI, San Francisco, CA, USA (August 2011)Google Scholar
  18. 18.
    Wikipedia. Proxy server (June 2012), http://en.wikipedia.org/wiki/Http_proxy#Detection

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nicholas Weaver
    • 1
  • Christian Kreibich
    • 2
  • Martin Dam
    • 3
  • Vern Paxson
    • 4
  1. 1.ICSIUC San DiegoUSA
  2. 2.ICSILastlineUSA
  3. 3.Aalborg UniversityDenmark
  4. 4.ICSIUC BerkeleyUSA

Personalised recommendations