using littleproxy as an anonymizing proxy server (internet facing)
578 views
Skip to first unread message
James
Feb 24, 2011, 6:56:29 PM2/24/11
to LittleProxy
hey, just stumbled across your project while i was looking for a
lightweight anonymizing proxy server (i.e. a proxy that will appear to
be the origin of forwarded http requests). this proxy will be
accessible via the internet, but only to users with a valid username/
pwd. it will only be used by a couple of users at most.
your project looks great and easy to use, I had a simple proxy up and
running in no time, running with basic auth.
I'm not an expert on the http protocol, but wikipedia tells me:
"Some anonymizing proxy servers may forward data packets with header
lines such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED, which
may reveal the IP address of the client. Other anonymizing proxy
servers, known as elite or high anonymity proxies, only include the
REMOTE_ADDR header with the IP address of the proxy server, making it
appear that the proxy server is the client. A website could still
suspect a proxy is being used if the client sends packets which
include a cookie from a previous visit that did not use the high
anonymity proxy server. Clearing cookies, and possibly the cache,
would solve this problem."
is your proxy fit for my purpose and does it use the header lines
mentioned above?
thanks!
great app btw,
James
lightweight anonymizing proxy server (i.e. a proxy that will appear to
be the origin of forwarded http requests). this proxy will be
accessible via the internet, but only to users with a valid username/
pwd. it will only be used by a couple of users at most.
your project looks great and easy to use, I had a simple proxy up and
running in no time, running with basic auth.
I'm not an expert on the http protocol, but wikipedia tells me:
"Some anonymizing proxy servers may forward data packets with header
lines such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED, which
may reveal the IP address of the client. Other anonymizing proxy
servers, known as elite or high anonymity proxies, only include the
REMOTE_ADDR header with the IP address of the proxy server, making it
appear that the proxy server is the client. A website could still
suspect a proxy is being used if the client sends packets which
include a cookie from a previous visit that did not use the high
anonymity proxy server. Clearing cookies, and possibly the cache,
would solve this problem."
is your proxy fit for my purpose and does it use the header lines
mentioned above?
thanks!
great app btw,
James
Adam Fisk
Feb 24, 2011, 7:43:29 PM2/24/11
to littl...@googlegroups.com
LittleProxy does include the Via header, as the first goal was to be as compliant as possible with RFC 2616 and standard practice. It would certainly be an easy change to remove the Via handling, however.
I'm super tied up with some other projects right now (LittleShoot and Lantern), but I would recommend first grabbing the 0.4 snapshot and then looking at
HttpRequestHandler.java
I'm also going to be migrating all snapshots over to Sonatype and the main Maven repo quite soon, and I'll make a post about it when I do.
Let me know if you run into issues, James, or want to apply any patches. It would be cool if this were configurable from littleshoot.properties!
-Adam
James
Feb 25, 2011, 12:51:36 AM2/25/11
to LittleProxy
Thanks for the quick reply Adam!
Yes, looking at HttpRequestHandler, I can see that the Via http header
is added when the HttpRequest object is copied using
copyHttpRequest(...) during HttpRequestHandler.processMessage(...).
Probably the most elegant way to prevent this would be to to add an
implementation of HttpRequestFilter which strips out the via header (a
simple one-liner):
httpRequest.removeHeader(HttpHeaders.Names.VIA));
This is effective as the filter call happens after the copy, and
probably better than making any code changes as it preserves the
purity of your proxy code (using it as an anonymizer breaks the
compliance should probably be considered a customisation rather than a
feature). The only downside is a very slight performance hit from
adding and then removing the http header.
The only other issue i have is that the copyHttpRequest strips the
hostname from the uri before forwarding it. Again, it's easy to
reverse this in the filter, but i was wondering why you decided to do
this as a default behaviour?
I'm happy to add this functionality as a property in
littleshoot.properties, a lookup could be done in
DefaultHttpProxyServer to see if the anonymizing HttpRequestFilter
should be added (only if no filter is provided). Let me know if thats
what you'd like... and if there are any other considerations for an
anonymizer that i've missed.
I haven't tried this yet, i've only looked at the code so ofc it might
not work...
Thanks for the help,
James
Yes, looking at HttpRequestHandler, I can see that the Via http header
is added when the HttpRequest object is copied using
copyHttpRequest(...) during HttpRequestHandler.processMessage(...).
Probably the most elegant way to prevent this would be to to add an
implementation of HttpRequestFilter which strips out the via header (a
simple one-liner):
httpRequest.removeHeader(HttpHeaders.Names.VIA));
This is effective as the filter call happens after the copy, and
probably better than making any code changes as it preserves the
purity of your proxy code (using it as an anonymizer breaks the
compliance should probably be considered a customisation rather than a
feature). The only downside is a very slight performance hit from
adding and then removing the http header.
The only other issue i have is that the copyHttpRequest strips the
hostname from the uri before forwarding it. Again, it's easy to
reverse this in the filter, but i was wondering why you decided to do
this as a default behaviour?
I'm happy to add this functionality as a property in
littleshoot.properties, a lookup could be done in
DefaultHttpProxyServer to see if the anonymizing HttpRequestFilter
should be added (only if no filter is provided). Let me know if thats
what you'd like... and if there are any other considerations for an
anonymizer that i've missed.
I haven't tried this yet, i've only looked at the code so ofc it might
not work...
Thanks for the help,
James
Adam Fisk
May 18, 2011, 12:31:39 AM5/18/11
to littl...@googlegroups.com
Sorry for the ridiculously late reply on this. I added the code to strip the host simply because most web servers don't expect the full URI as they're sent to proxies, but rather the path in the URI and the host in the Host header.
If you did end up making those changes, I'd be more than happy to add 'em in if you have a patch!
-Adam
alexander
Sep 22, 2015, 8:59:53 AM9/22/15
to LittleProxy, james...@googlemail.com
sorry for raising up the deads but i found this the only solution
i'm trying to make an anonymizing service with this awesome little app but the via header is driving me nuts
someone set up a solution for me using the jar of this app
i figured i could remove via header by manually setting transparency to false but it seems i can't get rid of it.
i am using v1.0.0-beta7 (.jar) and i would like to change the app's behavior to not output any via headers to the client
i might be able to comment some lines in this section (ClientToProxyConnection.java)
protected Future<?> execute() {
LOG.debug("Responding with CONNECT successful");
HttpResponse response = responseFor(HttpVersion.HTTP_1_1,
CONNECTION_ESTABLISHED);
response.headers().set(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.KEEP_ALIVE);
response.headers().set("Proxy-Connection", HttpHeaders.Values.KEEP_ALIVE);
ProxyUtils.addVia(response);
return writeToChannel(response);
but i am so novice in this i don't know how to compile it to .jar
can you guys please lend a hand ? i am willing to donate for this
i want the .jar with no via: headers (not even on client side) as it bugs my client
/ after 3 hours playing around with eclipse still no joy ... i managed to import it from git but won't run as an ant .... i simply don't get it ... i've been at it too long and my head is spinning.
I'll just hit Post ... see what happens ... thanks in advance for whoever will respond to this.
i'm trying to make an anonymizing service with this awesome little app but the via header is driving me nuts
someone set up a solution for me using the jar of this app
i figured i could remove via header by manually setting transparency to false but it seems i can't get rid of it.
i am using v1.0.0-beta7 (.jar) and i would like to change the app's behavior to not output any via headers to the client
i might be able to comment some lines in this section (ClientToProxyConnection.java)
protected Future<?> execute() {
LOG.debug("Responding with CONNECT successful");
HttpResponse response = responseFor(HttpVersion.HTTP_1_1,
CONNECTION_ESTABLISHED);
response.headers().set(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.KEEP_ALIVE);
response.headers().set("Proxy-Connection", HttpHeaders.Values.KEEP_ALIVE);
ProxyUtils.addVia(response);
return writeToChannel(response);
but i am so novice in this i don't know how to compile it to .jar
can you guys please lend a hand ? i am willing to donate for this
i want the .jar with no via: headers (not even on client side) as it bugs my client
/ after 3 hours playing around with eclipse still no joy ... i managed to import it from git but won't run as an ant .... i simply don't get it ... i've been at it too long and my head is spinning.
I'll just hit Post ... see what happens ... thanks in advance for whoever will respond to this.
Frank Ganske
Sep 22, 2015, 12:58:51 PM9/22/15
to littl...@googlegroups.com
Hi,
what's the reason to use 1.0.0-beta7? Isn't it possible to build a
recent version. I think the right place to implement your issue is a
filter which overrides the serverToProxyResponse method. It's not
intended or necessary to modify ClientToProxyConnection.
Do you need a step by step developer start up documentation? But, I
don't know if this make sense in the LP documentation, since this highly
depends on the preferences of the developer normally.
I don't understand it completely, but consider to use the
org.littleshoot.proxy.HttpProxyServerBootstrap.withTransparent(boolean)
option. This leads the ClientToProxyConnection to "If and only if our
proxy is not running in transparent mode, modify the request headers to
reflect that it was proxied.".
Regards Frank
> --
> You received this message because you are subscribed to the Google
> Groups "LittleProxy" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to littleproxy...@googlegroups.com
> <mailto:littleproxy...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
what's the reason to use 1.0.0-beta7? Isn't it possible to build a
recent version. I think the right place to implement your issue is a
filter which overrides the serverToProxyResponse method. It's not
intended or necessary to modify ClientToProxyConnection.
Do you need a step by step developer start up documentation? But, I
don't know if this make sense in the LP documentation, since this highly
depends on the preferences of the developer normally.
I don't understand it completely, but consider to use the
org.littleshoot.proxy.HttpProxyServerBootstrap.withTransparent(boolean)
option. This leads the ClientToProxyConnection to "If and only if our
proxy is not running in transparent mode, modify the request headers to
reflect that it was proxied.".
Regards Frank
> You received this message because you are subscribed to the Google
> Groups "LittleProxy" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to littleproxy...@googlegroups.com
> <mailto:littleproxy...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages