How to check the security of proxy servers
A recent study of 443 free proxy servers by Austrian security researcher Christian Haschek ended with the conclusion that free is not necessarily a good thing, at least when it comes to the majority of proxy servers analyzed in the study.
Web proxies come in different flavors but the two groups that you will encounter the most are proxies that you use on web pages and proxies that you add to your browser directly.
If you search for "free proxies" or similar terms you will discover hundreds if not thousands that claim to be free and open.
Modifications are clearly problematic and were used almost exclusively to inject ads but the blocking of HTTPS is not something that should be taken lightly considering that all activities of users connected to the proxy can be recorded on the server.
The blocking of https traffic should generally be seen as a bad sign according to the researcher. While I would not go as far, it is fair to use it as an indicator that something might not be right.
How to check the security of proxy servers
The researcher has published the proxy checking script online which you can use to test the security of proxy servers that you plan to use.
Update: The proxy checking script is no longer free. It may only be used if you purchase a key that enables the proxy script on the site starting at $0.5 for a single check, and $20 for unlimited uses.
To use it, add a proxy IP and port to the script and hit enter. The page displays an annoying captcha that seems to reset ever so often.
The only other option provided on the page is to switch the proxy type from Socks to HTTP.
The script checks the following currently:
- Is the proxy up?
- Are HTTPS connections allowed?
- Is your IP address anonymized?
- Is the proxy modifying HTML contents?
Results are color coded for ease of use.
The checker accepts IP addresses and ports only which means that you may need to look up IP addresses of hostnames before you can run the script on them.
The script can be used to test one proxy at a time which means that it is not suitable for testing dozens or even hundreds of proxy servers as it would take a long time to test them all.
Still, if you work regularly with a specific proxy server you may want to test it to find out more about it. You may also want to do the same for new proxy servers that you consider using. (via Krebs on Security and Charles)
i don’t think there is such thing as proxy server security, more like honey pot illusionary security. unless of course you set up and configured that proxy server yourself. you have to keep in mind that every proxy server that is open for everyone to use is probably set up for very specific purpose knowing that it will be discovered in the wild and extra generated traffic will be used as shield or obfuscation to hide real intentions. Of course if you use it in manner that attracts attentions of some sort your activities will get attention.
Not exactly. There are many proxies around set as default installation and the owner doesn’t even know his server can be used as proxy.
There is a online tool named Lagado which also check the security of current server you are using. The Lagado Proxy Test shows details of any proxy servers you are using. It is especially useful to expose transparent proxies. These are proxies inserted between your browser and the web, typically by your ISP, and often without you knowing.
All good and fine–the public proxy server stuff. I guess one can use Book VPN which is, as far as I am concerned, the easiest and safest “proxy.” The definition of “proxy” may vary, but a free Open VPN server is intermediary connection channeling one’s Internet traffic so that information is hidden. Something like that.
What would be awesome is if users discovered how easy it is to establish a completely private SSH proxy with a VPS hosting company for about $5.00/year with zero throttling and only one user [or others if one decides to share the private IP].
It’s also super easy to setup a private proxy server, free, using Google Apps. And, I guess with a little homework, it’s as easy to setup Glype on Xampp Portable and take it everywhere. There could be issues with running a server on public computers.
But this idea that only Zenmate exists or Browsec or Tor or JonDo or whatever and only those Geeks [archaic term derived from Greeks who are human and divine] sitting with Zeus on Mount Olympus can “secure” the privacy of helpless souls–don’t buy into it. Far better ways to make it all work.
Opinion, of course. Why not take 30 minutes, setup a private server, and know that the server is safe. No proxy script checking needed. By the way, I did use the script–it shows I don’t exist online; and I tried the Lagado along with several other proxy checking sites. They all claim that my browsing is completely, totally, non-existent.
I tried to use this service (was free) to check some proxy server that claims to be elite proxy but now they ask for money o.O any other free services out there to check proxies? thanks