Ready to Start Your Career?
January 9, 2018
Become the Man-In-The-Middle with an Open Internet Proxy
January 9, 2018
January 9, 2018
Ever wanted to manage a chunk of internet traffic? Whether you are learning to use network management tools or doing something more nefarious, having a test bed of traffic is an important tool. Follow this tutorial and you'll be the boss of more traffic than you can handle. I'm showing you how to create an open internet proxy with Squid.
What's a proxy?A proxy is a device that acts as an intermediary between your computer and the server that you are trying to reach. There are several reasons that you might want a proxy:
- Masking network addresses: Hackers use proxies because their source address is hidden from the destination, making it non-obvious who is doing the hacking. People behind firewalls (for instance, people who can't surf facebook at work) use proxies because the destination address is hidden from their corporate oppressors, making facebook appear despite the restrictions.
- Caching: If you have multiple people requesting the same website, the proxy only has to get the files from the remote server once. In big networks this can save real money.
- Policy Enforcement: The proxy can enforce policies (like no porn or gambling) for its users.
What you need to get startedWhile it's possible to do this on your personal desktop, it is not at all advisable. You should have a VPS - virtual private server. One with unmetered bandwidth. The one I use has 3 cores, 3Gb of RAM and 60GB SSD. It does really well at running squid plus doing the packet inspection things I want it to. You only need one IP address. In this tutorial, I'll show you commands for Debian/Ubuntu - so that is the operating system you should pick.
Setting Up SquidThe first step is to install squid.
We configure squid via a 7900 line configuration file (no kidding) at /etc/squid/squid.conf. The file is that big because it's also a large part of the documentation for each feature. Learn how to search for a phrase in your favorite text editor.Here are the lines we need to add or modify.
sudo apt update && sudo apt install squid
- http_port: This is the port that squid will be accessible on. Modify the existing line to make it become a more widely known port. It should read
- http_access: This tells squid who is able to access the server. You'll see a line in the file that says "http_access deny all", in the line above it, add
http_access allow all
- dns_v4_first: This line will increase the performance of your squid proxy dramatically. At least it did for me. Find the line that says "# dns_v4_first off" and remove the# that indicates a comment, then change it to say
These lines say 1) there is only one delay pool, 2) delay pool number one is of class one (limits total bandwidth), 3) delay pool 1 is limited to this much bandwidth (these settings work out to ~2Mbps, don't ask me how that math works), and 4) all traffic goes into delay_pool 1.That's it. You've done the bare minimum to get squid running well. Now let's just restart it and we're ready to go.
delay_pools 1delay_class 1 1delay_parameters 1 32000/64000delay_access 1 allow all
Now you should be able to test your proxy by configuring your browser to use it. The hostname is the ip address of your VPS, and the port is 8080.
sudo service squid restart
Wait for your traffic to comeFor me, it was only 6 hours before my proxy was running at 2M per second. Some bot had clearly scanned port 8080 and found out about its true nature. They published it to a list, and other lists copied it. If that doesn't happen for you, you can submit to a proxy list as well. But I would suspect a Squid misconfiguration before I suspected a lack of port scanning bots.
Other Tools You Probably WantHere are a couple of good tools to use to keep an eye on your squid server. Squidanalyzer parses your squid logs to tell you about who is using your proxy and how, down to which urls individual users have accessed. NTOP is a great & easy to setup network monitoring solution, shows how your bandwidth is being consumed in close to real time.
You're the captain nowSnoop, tamper, ban, prioritize, do whatever you want with your traffic. It's yours. If you need some ideas for the type of possible mischief, check out this defcon talk from Chema Alonso. But be careful because there are laws.
Defending against rogue proxiesI should say a few words about defending yourself from this type of proxy. If you are using a proxy service, it's hard to know if your data is being tampered with. My advice is to only use trusted network services. Do not voluntarily route your traffic through anyone offering to take it for free. And encrypt everywhere. But mostly just don't use open proxies.
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry