Ready to Start Your Career?Create Free Account
January 9, 2018
Become the Man-In-The-Middle with an Open Internet Proxy
January 9, 2018
January 9, 2018
Ever wanted to manage a chunk of internet traffic? Whether you are learning to use network management tools or doing something more nefarious, having a test bed of traffic is an important tool. Follow this tutorial and you'll be the boss of more traffic than you can handle. I'm showing you how to create an open internet proxy with Squid.
What's a proxy?A proxy is a device that acts as an intermediary between your computer and the server that you are trying to reach. There are several reasons that you might want a proxy:
- Masking network addresses: Hackers use proxies because their source address is hidden from the destination, making it non-obvious who is doing the hacking. People behind firewalls (for instance, people who can't surf facebook at work) use proxies because the destination address is hidden from their corporate oppressors, making facebook appear despite the restrictions.
- Caching: If you have multiple people requesting the same website, the proxy only has to get the files from the remote server once. In big networks this can save real money.
- Policy Enforcement: The proxy can enforce policies (like no porn or gambling) for its users.
What you need to get startedWhile it's possible to do this on your personal desktop, it is not at all advisable. You should have a VPS - virtual private server. One with unmetered bandwidth. The one I use has 3 cores, 3Gb of RAM and 60GB SSD. It does really well at running squid plus doing the packet inspection things I want it to. You only need one IP address. In this tutorial, I'll show you commands for Debian/Ubuntu - so that is the operating system you should pick.
Setting Up SquidThe first step is to install squid.
We configure squid via a 7900 line configuration file (no kidding) at /etc/squid/squid.conf. The file is that big because it's also a large part of the documentation for each feature. Learn how to search for a phrase in your favorite text editor.Here are the lines we need to add or modify.
sudo apt update && sudo apt install squid
- http_port: This is the port that squid will be accessible on. Modify the existing line to make it become a more widely known port. It should read
- http_access: This tells squid who is able to access the server. You'll see a line in the file that says "http_access deny all", in the line above it, add
http_access allow all
- dns_v4_first: This line will increase the performance of your squid proxy dramatically. At least it did for me. Find the line that says "# dns_v4_first off" and remove the# that indicates a comment, then change it to say
These lines say 1) there is only one delay pool, 2) delay pool number one is of class one (limits total bandwidth), 3) delay pool 1 is limited to this much bandwidth (these settings work out to ~2Mbps, don't ask me how that math works), and 4) all traffic goes into delay_pool 1.That's it. You've done the bare minimum to get squid running well. Now let's just restart it and we're ready to go.
delay_pools 1delay_class 1 1delay_parameters 1 32000/64000delay_access 1 allow all
Now you should be able to test your proxy by configuring your browser to use it. The hostname is the ip address of your VPS, and the port is 8080.
sudo service squid restart