Hiding our IP

0 views
Skip to first unread message

Julien P.

unread,
Apr 25, 2001, 8:29:20 AM4/25/01
to
In my company we have to go through a proxy to access internet. So the
system administrator can see what sites we are surfing. Is it possible, and
how, to hide, or even better to change, our IP address to our proxy, so the
system administrator will have a fake IP and so cannot know who is surfing
those sites ?

Thanks


Kane Swift

unread,
Apr 25, 2001, 8:36:48 AM4/25/01
to

www.safeweb.com

It also encrypts the traffic with SSL so even if they tap the line they
won't know where you're going or what you're viewing.

Julien P. <jp...@mis.mc> wrote in message
news:9882016...@toffoli.webstore.fr...

Julien P.

unread,
Apr 25, 2001, 9:01:12 AM4/25/01
to
But my goal will be to even hide that I am surfing on the web, so they dont
even know I am on the web. That is why I want to hide or change my IP for
the proxy...


"Kane Swift" <nob...@nodomain.com> a écrit dans le message news:
9c6gd9$1lun$1...@buty.wanadoo.nl...

Ahab

unread,
Apr 25, 2001, 9:41:38 AM4/25/01
to
-----BEGIN PGP SIGNED MESSAGE-----

It sounds like you want to combine port forwarding with secure
tunnelling to an external proxy. Unfortunately, chances are that your
companies firewall will block this, depends on how tight your sys
admin keeps the screws.

Port forwarding will stop your sys admin from being able to tell what
you're doing from the ports you use, and the SSL part of the equation
will encrypt the packets so he can't use a packet sniffer, and the
proxy will make sure he cant see where the packets are going.

- --
Regards,

Ahab
ahab<at>nym<dot>alias<dot>net
#Ahab on DALnet

And on the third day, God said:
"Let there be div(D)=Pf, div(B)=0, curl(E)=-dB/dt, curl(H)=jf+dD/dt"


"Julien P." <jp...@mis.mc> wrote in message

news:9882034...@toffoli.webstore.fr...

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBOubTM/QGip6C6USdAQH9jAf8CWOmObThREdt1mplUcL1Eo44MLcvpGbt
O80BAU9iKveSz2dQOq4fpl6o+yyKQy+FDlyUApLbo4ts2MWhS93BrKBEAyJbS0x2
EulLX0UoKxgH3A90Zgmh9vqBgkS3xpj1RCJ51I/U74lZZN3Y3pllD6g5yHGm3E2h
SkRL1clYRaXM44ycrDbiPZG8dUNFj2mHG10QUp20iOaV9wpNaN9rMojOfCoCItaT
2hpcZ2s2vlbyFbeN0y5IPj3yU8YKtEB/YAev4OtNbmE0f3zkQFWgMnFT72UCVFUM
il9NMsFjJBGWfqxj+Q3b9FICYNMXC8jc1AeRNn0kqszEV/rfWeybkw==
=KGKj
-----END PGP SIGNATURE-----

Julien P.

unread,
Apr 25, 2001, 9:58:08 AM4/25/01
to
Oh... What I just would like to do is to fake my IP so for example my admin
will believe the one that is surfing one web site us 191.168.0.160 for
example and in real my real IP adress is not this one.

But I don't know if it is possible...

"Ahab" <see...@sig.block> a écrit dans le message news:
muAF6.103829$n56.2...@news.easynews.com...

nemo outis

unread,
Apr 25, 2001, 11:01:53 AM4/25/01
to
There's a whole technology around tunnelling out - you might see if this will
do the trick for you. You use "httport" to tunnel out to an outside proxy
server. (Look 'em up.) But if you want to get fancy you can roll your own and
set up, say, your home computer as the proxy server you tunnel out to by
installing htthost. (There are cracks for httport to get the encryption
features, etc. or I suppose you could even pay for it.)

Take a look at:

http://www.htthost.com/

There are also "socks" ways of doing this with socks2http. I haven't looked
into whether there is any secure https version tunnelling software around
somewhere - you might come across something in your searches.

Regards,

In article <98820687...@toffoli.webstore.fr>, "Julien P." <jp...@mis.mc>
wrote:

Ahab

unread,
Apr 25, 2001, 11:35:55 AM4/25/01
to
-----BEGIN PGP SIGNED MESSAGE-----

Why not try the Freedom client, its free. It will filter out most
ads, and has a cookie manager and other stuff.

- --
Regards,

Ahab
ahab<at>nym<dot>alias<dot>net
#Ahab on DALnet

And on the third day, God said:
"Let there be div(D)=Pf, div(B)=0, curl(E)=-dB/dt, curl(H)=jf+dD/dt"


> Gillhaney says:
> > Anonymizer's are though, aren't they?
>
> Yeah, but it's run by greedy scroogeian assholes who purposedly
> slow you down and clutter your browser with a lot more ads. If you
> don't want to see graphics, I suggest cotse.com
>
> http://www.cotse.com/anonimizer.htm
>
> Yes, they spell it that way. It's fast and removes ads. I rarely
> surf with images turned on these days anyway. Most sites have too
> many ads and bandwidth is just too important to waste on those
> parasites. I also refuse to enable cookies and java/script.
>
> Alternatively, I would suggest the proxy at http://anon.xg.nu , but
> they'll be history in two weeks. I'm willing to be that no one
> donated anything. They're services are easy to use, but not very
> efficient.
>
> --
> Shale
>
> "Did you ever look up the word 'mercenary'? It's
> someone who 'works merely for money.' It's not
the money that bothers me, it's the 'merely'."

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBOubt+/QGip6C6USdAQFB9wgAp0bHxgHHZyYRGXLG2usNU7Fqym/y3DMa
fR8SBQkyIt5g5XA5A6oIhzykk6eROPZKzjkx5DmDMsh1v9mUIIPMqpUUD7lUR2CM
T+/fTohJFmYnGxqhnysXb7YsxEnxPsKneOjY0NTVQoTaHBGhA3m1oWaJG7nQyifX
lQ87wZnPcZ6u0xFNzYXFrLytpfDgAK6+QCg34uCc1pfGCWBaHIitAHAd5xWeRFhH
lgfirPRe2uQ5rzU8y3CEnUq03dHiiRmfLjuyoZgTOkvWxI1k0Jk/zxMNopl/1EAn
FKNcFQCroZnbiSTJjFOyMa37+2lJVCgmR3/tpsNbqksJQ00iMwvSEQ==
=zfTs
-----END PGP SIGNATURE-----

Juergen Nieveler

unread,
Apr 25, 2001, 3:21:52 PM4/25/01
to
"Julien P." <jp...@mis.mc> wrote in
<9882016...@toffoli.webstore.fr>:

Can't be done.

And if the administrator and your company don't want you to surf to certain
sites, than you'd better not try to outsmart them... otherwise you'll see
how fast they can detect it and fire you.

--
Juergen Nieveler
Support the ban of Dihydrogen Monoxide: http://www.dhmo.org/
"The people united can never be ignited!"- Sgt. Colon, Ankh-Morpork Watch
www.bofh.mynetcologne.de / bo...@netcologne.de / PGP Supported!

Dave Howe

unread,
Apr 25, 2001, 3:47:47 PM4/25/01
to
In our last episode (<alt.security.pgp>[25 Apr 2001 19:21:52 GMT]),
juergen....@web.de (Juergen Nieveler) said :
>Can't be done.
can be, but is risky.

>And if the administrator and your company don't want you to surf to certain
>sites, than you'd better not try to outsmart them... otherwise you'll see
>how fast they can detect it and fire you.

yup, this is more to the point.

methods
1. change your IP address to something else. while you are at it,
change your MAC address to something else too (most network cards
support this, but you will have to research how it is done yourself)
consider your MAC address to be like an ip address that is "lower" and
closer to the wire than IP - routers learn to associate an IP address
with a MAC address for purposes of routing, so it is possible to
backtrack a machine via this too.
2. find a machine that is permitted to surf (such as a webserver or a
upper management machine *grin*) and install a proxy server on it.
disable any logs on the proxy, and bounce your packets off that rather
than off the official proxy.

downside is as above - if you get caught websurfing, you will get a
telling off. if you get caught deliberately buggering about with your
IP, MAC or someone elses machine, you will be looking for a new job.
Don't try it on *my* network as I *will* notice, and retribution will
be swift (once I track you down) :)

<alt.security.pgp snipped - can't see why it was crossposted there
anyhow.>
--== DaveHowe ( is at) Bigfoot dot com ==--

Paul Rubin

unread,
Apr 25, 2001, 6:08:48 PM4/25/01
to
"Julien P." <jp...@mis.mc> writes:
> But my goal will be to even hide that I am surfing on the web, so they dont
> even know I am on the web. That is why I want to hide or change my IP for
> the proxy...

Get yourself a WAP phone and surf on your own nickel :).

Paul Rubin

unread,
Apr 25, 2001, 7:35:55 PM4/25/01
to
gill...@bigfoot.com (Gillhaney) writes:
> >http://www.cotse.com/anonimizer.htm
>
> That's my favourite, especially for visiting those risky sites where you
> don't know what's gonna be running in the background.

My favorite is now safeweb, since it uses SSL on the local side.
I wish Cotse would do the same.

Thomas Shaddack

unread,
Apr 25, 2001, 7:29:11 PM4/25/01
to
juergen....@web.de (Juergen Nieveler) wrote in
<Xns908EC8057E4E...@nieveler-43544.user.cis.dfn.de>:

>>In my company we have to go through a proxy to access internet. So the
>>system administrator can see what sites we are surfing. Is it possible,
>>and how, to hide, or even better to change, our IP address to our
>>proxy, so the system administrator will have a fake IP and so cannot
>>know who is surfing those sites ?
>
>Can't be done.
>
>And if the administrator and your company don't want you to surf to
>certain sites, than you'd better not try to outsmart them... otherwise
>you'll see how fast they can detect it and fire you.

Can you make an SSH (or telnet) connection out?
Do you want text and can sacrifice the pictures?

If you answer both yes, the solution is simple.
A unixoid (Linux, *BSD, AIX, BeOS, whatever) account "outside". Connect
there, run Lynx, browse the Net.

Or study your firewall. You could open a persistent connection through port
80, opening HTTP tunnel to another machine. Will require some programming
on both sides. Alternatively, you could tunnel through any other protocol;
I heard about full TCP/IP tunnelling through AIM messaging.

Don't try to outsmart a smart sysadmin; but, as far as I seen/heard, they
are rare. Don't be too bold, don't hog the bandwidth; keep low profile,
don't do anything that would attract attention when browsing the logs.

Shaddack, the Mad Scientist

Thomas Shaddack

unread,
Apr 26, 2001, 6:08:41 AM4/26/01
to
Ring Zero <ring...@fredsinc.com> wrote in
<p1peet8h1u3lbs8e2...@4ax.com>:

> Yeah, but still, if your IS dept. is watching, they may
>question why you are using an anonymizing service. That's a sure sign
>that you're probably doing something that is not company business.

You could claim you don't want to make the company associatede with your
online activities, in order to prevent their eventual liability?

In case you get questioned, prepare a cover story that would in believable
way claim you are protecting the company's interests. Could work :)

Juergen Nieveler

unread,
Apr 26, 2001, 6:28:57 AM4/26/01
to
NOSPAMs...@type2.com (Thomas Shaddack) wrote:

>Or study your firewall. You could open a persistent connection through
>port 80, opening HTTP tunnel to another machine. Will require some
>programming on both sides. Alternatively, you could tunnel through any
>other protocol; I heard about full TCP/IP tunnelling through AIM
>messaging.

Uh... I'd suggest to first study your contract. Otherwise you might be in
for a NASTY surprise, namely two people escorting you out after cleaning
out your desk.

>Don't try to outsmart a smart sysadmin; but, as far as I seen/heard,
>they are rare. Don't be too bold, don't hog the bandwidth; keep low
>profile, don't do anything that would attract attention when browsing
>the logs.

Or just DON'T DO IT.

Do not underestimate your Sysadmin... he might seem dumb, he might seem to
be a nerd, but he was smart enough to be hired as a Sysadmin.

Juergen Nieveler

unread,
Apr 26, 2001, 7:54:06 AM4/26/01
to
NOSPAMs...@type2.com (Thomas Shaddack) wrote:

>You could claim you don't want to make the company associatede with your
>online activities, in order to prevent their eventual liability?

In which case they would ask "What did you do that _could_ make us liable?"
and "What does it have to do with your job here and why did you have to do
it during your work time?"

Thomas Shaddack

unread,
Apr 26, 2001, 7:48:57 AM4/26/01
to
juergen....@web.de (Juergen Nieveler) wrote in
<Xns908F682D713F...@nieveler-43544.user.cis.dfn.de>:

>>Or study your firewall. You could open a persistent connection through
>>port 80, opening HTTP tunnel to another machine. Will require some
>>programming on both sides. Alternatively, you could tunnel through any
>>other protocol; I heard about full TCP/IP tunnelling through AIM
>>messaging.
>
>Uh... I'd suggest to first study your contract. Otherwise you might be
>in for a NASTY surprise, namely two people escorting you out after
>cleaning out your desk.

You have to be caught first.
Then, depending on your bosses, you could happen to become the new
sysadmin. On many local schools the students that hack the school networks
are put on charge of it. (IMHO, clever solution how to get cheap, qualified
admins there.) Anyway, you have to count with being caught; but if you
aren't careless and have a dumb admin, you have good chance. If you get
caught, the results will depend on the people you will have to deal with.
Risk also depends on your abilities to eventually find a new job; hightech
skills, largely necessary to fool the networks, help here as well.

>>Don't try to outsmart a smart sysadmin; but, as far as I seen/heard,
>>they are rare. Don't be too bold, don't hog the bandwidth; keep low
>>profile, don't do anything that would attract attention when browsing
>>the logs.
>
>Or just DON'T DO IT.
>
>Do not underestimate your Sysadmin... he might seem dumb, he might seem
>to be a nerd, but he was smart enough to be hired as a Sysadmin.

If he seems to be a nerd, it's probable he will know his network; never
judge technician's skills from how he looks, it often corresponds inversely
(true aces tend to be asocial/antisocial types). However, the fact one is
hired as a sysadmin by far doesn't have to mean he is smart enough; it
means only that the *management* thought he is smart enough. Often they are
just MCSE-having drones; it isn't coincidence MCSE is rumoured to mean Must
Call Someone Experienced. I seen some sad cases, and my friends techies
told me more similar stories...

Your sysadmin may be a drone, relying on easy-to-fool scanning tools. Or he
may be a knows-it-all ace that will spot you from a single glance to the
logfiles. You have to know your adversary.

Shaddack, the Mad Scientist

Thomas Shaddack

unread,
Apr 26, 2001, 10:29:33 AM4/26/01
to
juergen....@web.de (Juergen Nieveler) wrote in
<Xns908F80BA6A7C...@nieveler-43544.user.cis.dfn.de>:

>NOSPAMs...@type2.com (Thomas Shaddack) wrote:
>
>>You could claim you don't want to make the company associatede with
>>your online activities, in order to prevent their eventual liability?
>
>In which case they would ask "What did you do that _could_ make us
>liable?" and "What does it have to do with your job here and why did you
>have to do it during your work time?"

If you will do it right, the chance you will get caught is small.

You don't necessarily need even to install any special software on your
machine; depending on your needs, maybe you could establish a 'tunnel' out
via a java applet, downloadable and installable via a webpage.

Also, by infecting your own machine by a trojan, ie. Back Orifice or
Subseven, you can achieve certain degree of deniability, as long as you
will not be caught red-handed. (Be careful here to not put the company
security into jeopardy; keep the backdoor passworded. You don't want to
attract an intruder; you want to make an appearance there was one. You must
make completely believable image of outside intrusion. Against, depends on
how careful the sysadmin is, if he scans the network for backdoors - then
avoid this. Most sysadmins' security consciousness is quite lax, though.)
To clarify more and to balance the risks/benefits/costs, I'd need to know
more accurately what do you need/want to accomplish; if it's watching
football results, access to a webmail, or 'tunneling out' sensitive
informations.

Concrete approach depends mainly on what exactly do you want to do.
Sometimes a simple PHP script accessed via HTTPS will do its job; sometimes
you need to telnet out; sometimes you need full-scale TCP/IP tunneling.

A question for the Public: Is there a java applet that can serve as SSH
client? A webpage that would contain a console screen? A lot of el-neato
toys could be written in Java, then run as an applet from a webpage.

Shaddack, the Mad Scientist

Julien P.

unread,
Apr 26, 2001, 11:25:54 AM4/26/01
to
All I want to do sometimes is accessing my email via a web page and game
sites...

"Thomas Shaddack" <NOSPAMs...@type2.com> a écrit dans le message news:
Xns908FA4BD3804...@195.250.128.40...

anonymous

unread,
Apr 26, 2001, 6:52:05 PM4/26/01
to
But how do you know that at this very moment your employer is not serching
that entity which used to be deja news in order to see what you are posting
here ?

What then.........

"Julien P." <jp...@mis.mc> wrote in message

news:9882034...@toffoli.webstore.fr...

David Ness

unread,
Apr 26, 2001, 11:54:45 PM4/26/01
to
Bast...@Paris.gov wrote:
>
> I have to wonder about all this. Has anyone done a study concerning what
> nonproductive resources employers put into spying on the surfing time and
> proclivities of their employees? Should not the bottom line be employee
> productivity? Period!
>

A pretty naive view of business. These days employers are very often in rather
sever legal jeopardy for the actions of their employees. If employers do not
exercise judicious attention' to their employees activities they may end up
in real trouble. Imagine an employee running a gambling or prostitution ring on
a corporate machine as an extreme example.

Johan Wevers

unread,
Apr 27, 2001, 2:47:31 AM4/27/01
to
Thomas Shaddack wrote:

> A question for the Public: Is there a java applet that can serve as SSH
> client? A webpage that would contain a console screen? A lot of el-neato
> toys could be written in Java, then run as an applet from a webpage.

Webmin (www.webmin.com) contains a hhps server and a Java telnet applet.
However, this requires root access to a Unix machine on the net. But
perhaps it can be rewritten for this purpose?

--
ir. J.C.A. Wevers // Physics and science fiction site:
joh...@iae.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

Johan Wevers

unread,
Apr 27, 2001, 2:48:43 AM4/27/01
to
Shale wrote:

> Unfortunately the ads clutter the interface.

www.junkbusters.com

> And the URLs are not encrypted at all.

Too bad.

Johan Wevers

unread,
Apr 27, 2001, 2:51:07 AM4/27/01
to
"Julien P." wrote:

> But my goal will be to even hide that I am surfing on the web, so they dont
> even know I am on the web. That is why I want to hide or change my IP for
> the proxy...

Install a proxyserver on another computer in the company and surf through
that proxy. It will then apear as if the other computer is surfing.

However, it opens the risk of that other computer being thoroughly examined.
So make sure this proxy is not backtracable to you (so, for example, only
allowing access from your own machine is a bad idea).

Johan Wevers

unread,
Apr 27, 2001, 11:05:56 AM4/27/01
to
Bast...@Paris.gov wrote:

> No, it's not an extreme example. Employees have been misusing their employers'
> assets for their own ends since time immemorial. In doing so, they are not
> doing the job for which they were hired and should be fired.

Don't overreact, it is sometimes considered as part of the reward for the
job. And for some jobs here there is such a shortage on personel that some
employers silently allow such things to happen. If they fire him, noone will
do the job.

Paul Rubin

unread,
Apr 27, 2001, 2:02:07 PM4/27/01
to
Johan Wevers <joh...@iae.nl> writes:
> > A question for the Public: Is there a java applet that can serve as SSH
> > client? A webpage that would contain a console screen? A lot of el-neato
> > toys could be written in Java, then run as an applet from a webpage.
>
> Webmin (www.webmin.com) contains a hhps server and a Java telnet applet.
> However, this requires root access to a Unix machine on the net. But
> perhaps it can be rewritten for this purpose?

www.mindbright.com has a java ssh applet called Mindterm. It's handy.
It does require opening a connection from the browser to the remote
computer's ssh port, which some firewalls interfere with. I've figured
out ways around this problem but not gotten around to implementing them.

Paul Rubin

unread,
Apr 27, 2001, 2:04:19 PM4/27/01
to
"Julien P." <jp...@mis.mc> writes:
> But my goal will be to even hide that I am surfing on the web, so they dont
> even know I am on the web. That is why I want to hide or change my IP for
> the proxy...

Totally ignoring the issue of what you're up to, you're asking
something like "I want to make outgoing phone calls through the
company phone system without the company knowing I'm making them".
Sorry. Aside from location-specific answers like "hack the company
PBX", there's no way to do that. The closest you can come is bring
your own cellular phone to work and make your calls from that.

Paul Rubin

unread,
Apr 27, 2001, 8:52:10 PM4/27/01
to
Johan Wevers <joh...@iae.nl> writes:
> > No, it's not an extreme example. Employees have been misusing
> > their employers' assets for their own ends since time
> > immemorial. In doing so, they are not doing the job for which they
> > were hired and should be fired.
>
> Don't overreact, it is sometimes considered as part of the reward for the
> job. And for some jobs here there is such a shortage on personel that some
> employers silently allow such things to happen. If they fire him, noone will
> do the job.

It's considered normal and acceptable where I work, to make a personal
phone call from work every once in a while. But normally one doesn't
try to bypass the phone accounting system to disguise the call's
existence. That would be considered abnormal and suspicious, not
normal and acceptable.

Thomas J. Boschloo

unread,
Apr 30, 2001, 3:46:10 PM4/30/01
to
Johan Wevers wrote:
>
> Shale wrote:
>
> > Unfortunately the ads clutter the interface.
>
> www.junkbusters.com

Even better, combined with <http://www.webwasher.com> and
<http://proxomitron.cjb.net> you have killer ad-killer capabilities. I
wouldn't even use junkbusters anymore when using those two programs.
Combined they do the same thing and they do it much easier.

Proxomitron kills the animated gif banners and blocks the referers and
user-agent headers. Webwasher blocks the ad-providers and automatically
spots ads by their size and dimensions (if you set it to).

Thomas
--
"The only way out is through" - Trent Reznor


Thomas J. Boschloo

unread,
Apr 30, 2001, 3:46:55 PM4/30/01
to
Secret Squirrel wrote:
>
> On Wed, 25 Apr 2001, Shale <bere...@the.substitute> wrote:

> >Unfortunately the ads clutter the interface. And the URLs are not
> >encrypted at all.
> >
> The ads are trivial; if they help keep the service free, I'm glad to
> put up with them. So far, the service has been very quick; I hope they
> can keep pace.
>
> I don't understand your remark about the URLs; could you elaborate?

Something like
<http://anonymous-server.com/?www.doihaveaids.org/ihopemyemployerdoesntfindout>
can be very revealing.

There is also the thing about ads that Stephen Gielda has said in the
past, the ad providers want unique ip-addresses, your address. And a
referer header (that most people don't know about) can also be very
revealing.

Thomas J. Boschloo

unread,
Apr 30, 2001, 3:47:33 PM4/30/01
to
Thomas Shaddack wrote:

> A question for the Public: Is there a java applet that can serve as SSH
> client? A webpage that would contain a console screen? A lot of el-neato
> toys could be written in Java, then run as an applet from a webpage.

I have never really tried it myself, so I don't know how it works, but
do you know of Java Anonymous Proxy (JAP)?
<http://anon.inf.tu-dresden.de>. I know it comes from a good stock ;-> I
mean, <http://www.inf.tu-dresden.de/~hf2/anon/> is there and they seem
to do some anonimity research at that technical university (tu) in
Germany.

Dave Howe

unread,
Apr 30, 2001, 6:58:08 PM4/30/01
to
In our last episode (<alt.security.pgp>[Mon, 30 Apr 2001 21:46:55
+0200]), "Thomas J. Boschloo" <nos...@multiweb.nl> said :and indeed, would show up in proxy logs as such (usually preceeded by
the words GET or POST)
however, if it is HTTP you do not get to see the url - what you get in
the logs looks like this:
CONNECT www.safeweb.com:443 HTTP/1.0
so they get to see you went to safeweb, but not what you did there

>There is also the thing about ads that Stephen Gielda has said in the
>past, the ad providers want unique ip-addresses, your address. And a
>referer header (that most people don't know about) can also be very
>revealing.

Safeweb blocks both.

Juergen Nieveler

unread,
May 1, 2001, 11:25:13 AM5/1/01
to
Dave Howe <Spam.B...@bigfoot.com> wrote in
<s7rretklo5l4r6lnf...@4ax.com>:

>><http://anonymous-server.com/?www.doihaveaids.org/ihopemyemployerdoesntf


>><indout>
>>can be very revealing.
>and indeed, would show up in proxy logs as such (usually preceeded by
>the words GET or POST)
>however, if it is HTTP you do not get to see the url - what you get in
>the logs looks like this:
>CONNECT www.safeweb.com:443 HTTP/1.0
>so they get to see you went to safeweb, but not what you did there

Nope... sorry to correct you.

A properly configured proxy (a Squid with standard config will do) will
show you the complete URL, including which picture was loaded.

Squid-Logs do make a funny reading... especially if you grep them for
certain keywords :-)

Nomen Nescio

unread,
May 1, 2001, 3:50:10 PM5/1/01
to
Mon, 30 Apr 2001 in <s7rretklo5l4r6lnf...@4ax.com> Dave Howe Spam.B...@bigfoot.com
wrote:

To use Safeweb Java & Java Scripts must be ON ?


Jeremy Bishop

unread,
May 1, 2001, 3:59:17 PM5/1/01
to
Juergen Nieveler wrote:
>
> Dave Howe <Spam.B...@bigfoot.com> wrote in
> <s7rretklo5l4r6lnf...@4ax.com>:

[small snip]

> >however, if it is HTTP you do not get to see the url - what you get in
> >the logs looks like this:
> >CONNECT www.safeweb.com:443 HTTP/1.0
> >so they get to see you went to safeweb, but not what you did there
>
> Nope... sorry to correct you.
>
> A properly configured proxy (a Squid with standard config will do) will
> show you the complete URL, including which picture was loaded.

Might either of you post a clarification? What I am seeing is Dave
talking about HTTPS and spelling it HTTP, and Juergen talking about
HTTP. So, which is it?

--
"A pentagram approaches a circle for
sufficiently large values of five."
-- Jerry, in The Wizardry Cursed by Rick Cook

Juergen Nieveler

unread,
May 1, 2001, 4:23:07 PM5/1/01
to
Jeremy Bishop <req...@org.praetor> wrote in
<3AEF1595...@org.praetor>:

>Might either of you post a clarification? What I am seeing is Dave
>talking about HTTPS and spelling it HTTP, and Juergen talking about
>HTTP. So, which is it?

Both HTTP and HTTPS will be logged with a complete URL.

Some anonymizers have an option to encrypt the requested URL, though...
maybe that's what he's been thinking of. In this case, you'd see (rough
example...):

http://www.(anonymizer of choice).com/ush73gsskhduee/

instead of

http://www.(anonymizer of choice).com/show=www.sex.com/

Maybe that's what he was thinking of... this is one of the reasons why
anonymizers are among the top of the list when an Admin blocks access to
certain sites.

Paul Rubin

unread,
May 1, 2001, 8:24:12 PM5/1/01
to
juergen....@web.de (Juergen Nieveler) writes:
> >CONNECT www.safeweb.com:443 HTTP/1.0
> >so they get to see you went to safeweb, but not what you did there
>
> Nope... sorry to correct you.
>
> A properly configured proxy (a Squid with standard config will do) will
> show you the complete URL, including which picture was loaded.

I don't see how it can do that. Safeweb uses SSL, so the URL path
(the part after the hostname) is encrypted.

Anonymous

unread,
May 1, 2001, 8:32:01 PM5/1/01