Proxy Servers / Anonymous Surfing (Hotspot Shield/Tor Browser – DarkNet/Deep Web)

In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.[1]Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity.

Types of proxy

A proxy server may reside on the user’s local computer, or at various points between the user’s computer and destination servers on the Internet.

  • A proxy server that passes requests and responses unmodified is usually called a gateway or sometimes a tunneling proxy.

A proxy server connecting an internal network and the Internet.

A forward proxy taking requests from an internal network and forwarding them to the Internet.
  • A forward proxy (Open-Proxy/Public-Proxy) is an Internet-facing proxy used to retrieve from a wide range of sources (in most cases anywhere on the Internet).

Diagram of proxy server connected to the Internet.

An open proxy forwarding requests from and to anywhere on the Internet.
  • A reverse proxy is usually an Internet-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as load-balancing, authentication, decryption or caching.

A proxy server connecting the Internet to an internal network.

A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests connect to the proxy and may not be aware of the internal network.

Uses of proxy servers

Monitoring and filtering

Content-control software

Filtering of encrypted data

Bypassing filters and censorship

Logging and eavesdropping

Improving performance (caching proxy server)


Accessing services anonymously (anonymous proxy server (sometimes called a web proxy))

Access control

QA geotargeted advertising


Cross-domain resources

Implementations of proxies

Web proxy servers

Web proxies forward HTTP requests. Some web proxies allow the HTTP CONNECT[12] to set up forwarding of arbitrary data through the connection; normally this is only allowed to port 443 to allow forwarding of HTTPS traffic.

Examples of web proxy servers include Apache (with mod_proxy or Traffic Server), IIS configured as proxy (e.g., with Application Request Routing), Squid, and WinGate.

Transparent proxy

Also known as an intercepting proxyinline proxy, or forced proxy, a transparent proxy intercepts normal communication at the network layer without requiring any special client configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.

“A ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification”.

“A ‘non-transparent proxy’ is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering”.

Intercepting proxies are commonly used in businesses to enforce acceptable use policy, and to ease administrative overheads, since no client browser configuration is required. This second reason however is mitigated by features such as Active Directory group policy, or DHCP and automatic proxy detection.

Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching. This is more common in countries where bandwidth is more limited (e.g. island nations) or must be paid for

In integrated firewall / proxy servers where the router/firewall is on the same host as the proxy, communicating original destination information can be done by any method, for example Microsoft TMG or WinGate.

Interception can also be performed using Cisco’s WCCP (Web Cache Control Protocol). This proprietary protocol resides on the router and is configured from the cache, allowing the cache to determine what ports and traffic is sent to it via transparent redirection from the router. This redirection can occur in one of two ways: GRE Tunneling (OSI Layer 3) or MAC rewrites (OSI Layer 2).

Once traffic reaches the proxy machine itself interception is commonly performed with NAT (Network Address Translation). Such setups are invisible to the client browser, but leave the proxy visible to the web server and other devices on the internet side of the proxy. Recent Linux and some BSD releases provide TPROXY (transparent proxy) which performs IP-level (OSI Layer 3) transparent interception and spoofing of outbound traffic, hiding the proxy IP address from other network devices.

Anonymous HTTPS proxy

Users wanting to bypass web filtering, that want to prevent anyone from monitoring what they are doing, will typically search the internet for an open and anonymous HTTPS transparent proxy. They will then program their browser to proxy all requests through the web filter to this anonymous proxy. Those requests will be encrypted with https. The web filter cannot distinguish these transactions from, say, a legitimate access to a financial website. Thus, content filters are only effective against unsophisticated users.

Use of HTTPS proxies are detectable even without examining the encrypted data, based simply on firewall monitoring of addresses for frequency of use and bandwidth usage. If a massive amount of data is being directed through an address that is within an ISP address range such as Comcast, it is likely a home-operated proxy server. Either the single address or the entire ISP address range is then blocked at the firewall to prevent further connections.

Tor onion proxy software

The Vidalia Tor-network map.

Tor (short for The Onion Router) is a system intended to enable online anonymity.[18] Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user’s location or usage from someone conducting network surveillance ortraffic analysis. Using Tor makes it more difficult to trace Internet activity, including “visits to Web sites, online posts, instant messages and other communication forms”, back to the user.[18] It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored.

Onion routing” refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a “layer” of encryption before passing the data on to the next relay and ultimately the destination. This reduces the possibility of the original data being unscrambled or understood in transit.[19]

The Tor client is free software, and there are no additional charges to use the network.


Proxy vs. NAT

Most of the time ‘proxy’ refers to a layer-7 application on the OSI reference model. However, another way of proxying is through layer-3 and is known as Network Address Translation (NAT). The difference between these two technologies is the tier in which they operate, and the way of configuring the clients to use them as a proxy.

In client configuration of NAT, configuring the gateway is sufficient. However, for client configuration of a layer-7 proxy, the destination of the packets that the client generates must always be the proxy server (layer-7), then the proxy server reads each packet and finds out the true destination.

Because NAT operates at layer-3, it is less resource-intensive than the layer-7 proxy, but also less flexible. As we compare these two technologies, we might encounter a terminology known as ‘transparent firewall’. Transparent firewall means that the layer-3 proxy uses the layer-7 proxy advantages without the knowledge of the client. The client presumes that the gateway is a NAT in layer-3, and it does not have any idea about the inside of the packet, but through this method the layer-3 packets are sent to the layer-7 proxy for investigation.

DNS proxy

DNS proxy server takes DNS queries from a (usually local) network and forwards them to an Internet Domain Name Server. It may also cache DNS records.


An open proxy is a proxy server that is accessible by any Internet user. Generally, a proxy server only allows users within a network group (i.e. a closed proxy) to store and forwardInternet services such as DNS or web pages to reduce and control the bandwidth used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.

Diagram of proxy server connected to the Internet.

An open proxy forwarding requests from and to anywhere on the Internet.


An anonymous open proxy allows users to conceal their IP address and thereby help preserve their anonymity and maintain their security while browsing the web or using otherinternet services.


It is possible for a computer to run as an open proxy server without the computer’s owner knowing it. This can result from misconfiguration of proxy software running on the computer, or from infection with malware (virusestrojans or worms) designed for this purpose.[1] If it is caused by malware, the infected computer is known as a zombie computer.

Running an open proxy is a high risk for the server operator; providing an anonymous proxy server can cause real legal troubles to the owner. Such services are frequently used to break into foreign computer systems, child pornography is usually consumed through proxies, and illegal content is likely to be spread through such proxies. Also, such a proxy can cause a high bandwidth usage resulting in higher latency to the subnetwork and violation of bandwidth limits. A badly configured open proxy can also allow access to a private subnetwork or DMZ: this is a high security concern for any company or home network because computers that usually are out of risk or firewalled can be directly attacked.

Many open proxies run very slowly, sometimes below 14.4 kbit/s, or even below 300 bit/s, while other times the speed may change from fast to slow every minute. Some, such asPlanetLab proxies, run faster and were intentionally set up for public use.

Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies.[2] Likewise, a mail server may be configured to automatically test mail senders for open proxies, usingsoftware such as proxycheck.[3] Increasingly, mail servers are configured out of the box to consult various DNSBL servers in order to block spam; some of those DNSBLs also list open proxies.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user’s behalf, protecting personal information by hiding the client computer’s identifying information.


There are many reasons for using anonymizers. Anonymizers help minimize risk. They can be used to prevent identity theft, or to protect search histories from public disclosure.

Some countries apply heavy censorship on the internet. Anonymizers can help in allowing free access to all of the internet content, but cannot help against persecution for accessing the Anonymizer website itself. Furthermore, as information itself about Anonymizer websites are banned in these countries,[8] users are wary that they may be falling into a government-set trap.[9]

Anonymizers are also used by people who wish to receive objective information with the growing target marketing on the internet and targeted information. For example, large news outlets such as CNN target the viewers according to region and give different information to different populations. Websites such as YouTube obtain information about the last videos viewed on a computer, and propose “recommended” videos accordingly, and most of the online targeted marketing is done by showing advertisements according to that region. Anonymizers are used for avoiding this kind of targeting and getting a more objective view of information.

Use of anonymizers

Protocol specific anonymizers

Sometimes anonymizers are implemented to work only with one particular protocol. The advantage is that no extra software is needed. The operation occurs in this manner: A connection is made by the user to the anonymizer. Commands to the anonymizer are included inside a typical message. The anonymizer then makes a connection to the resource specified by the inbound command and relays the message with the command stripped out.

An example of a protocol-specific anonymizer is an anonymous remailer for e-mail. Also of note are web proxies, and bouncers for FTP and IRC.

Protocol independent anonymizers

Protocol independence can be achieved by creating a tunnel to an anonymizer. The technology to do so varies. Protocols used by anonymizer services may include SOCKS,PPTP, or OpenVPN.

In this case either the desired application must support the tunneling protocol, or a piece of software must be installed to force all connections through the tunnel. Web browsers, FTP and IRC clients often support SOCKS for example, unlike telnet.

Use of multiple relays

Proxies can be daisy chained. Chaining anonymous proxies can make traffic analysis far more complex and costly by requiring the eavesdropper to be able to monitor different parts of the Internet.[1] An anonymizing remailer can use this concept by relaying a message to another remailer, and eventually to its destination.

Even stronger anonymity can be gained by using Tor. Tor is not merely a proxy chain, but an onion router, which means that routing information (as well as message content) isencrypted in such a way as to prevent linking the origin and destination. Like all anonymity networks, Tor cannot end-to-end encrypt messages destined for the public Internet;[11]that must be arranged between the sender and recipient. Tor’s hidden service protocol does, however, provide end-to-end encryption, along with the ability to anonymize servers to make them more censorship-resistant.

Another anonymity network is the Invisible Internet Project (I2P). Unlike Tor, I2P is a fully internal network. The philosophy behind I2P is that each node routes traffic for others and blends its own traffic in, whereas one’s own traffic will be relayed by other peers through so-called tunnels made up of various other peers. As you never know if a given mix logs all connections or not, the only way to be really sure there is no logging is to run your own anonymizing mix node and blend your traffic with those of other users, who in turn need not trust you, as they blend their traffic with yours and other users’ traffic in their own mix nodes. The network is highly dynamic and totally decentralized. It also takes care of other nodes learning about your node existing, for without peers using your node, there would be no traffic to blend yours with. As all traffic always stay within the I2P network, a routing user’s I2P can remain end-to-end encrypted and will never show on public websites’ logs.






Posted on April 12, 2014, in Security - CCNA / CCNP Security. Bookmark the permalink. 1 Comment.

  1. It’s going to be ending of mine day, but before end I am reading this fantastic
    piece of writing to improve my know-how.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: