The URL under the heading in this message shows a list of raw IP addresses.
One of those addresses is 127.0.0.1:3128.
What is he proposing we do? Blindly use these addresses as proxies??
I haven't checked any of the others, but they don't feel like safe surfing
to me.
> -----Original Message-----
> From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
> On Behalf Of dungdm001
> Sent: Tuesday, October 16, 2007 9:16 AM
> To: webappsec_at_securityfocus.com
> Subject: Proxy List For You!
>
>
> NEW PROXY UPDATE EVERYDAY
> http://www.boy.us.com/proxylist.php.
>
> Fake IP Address
> When you connect to a web site, it can see your IP address as the "Remote
> IP" or "Remote Address". When you surf through a proxy server, these
> fields
> contain the IP address of the proxy server instead of your own IP address.
> So the web site will see the address of the proxy instead of your actual
> address.But all non-anonymous proxies usually put the IP addresses of
> their
> clients (i.e. of the computers using those proxies) in either of the two
> following request headers (variables): "HTTP_CLIENT_IP" or
> "HTTP_X_FORWARDED_FOR_IP" There are no strict standards, so one proxy may
> be
> sending the IP with "Client_IP" variable and another with
> "X_Forwarded_For_IP".
>
> There is not much difference between them but they are never used together
> -
> either one or the other.So, if the proxy you are using is not anonymous,
> the
> web site will be able to see you true IP address in one of these
> fields.Requests that are generated by anonymous servers do not have these
> fields (that's what makes them anonymous).The thing is that you can set
> A4Proxy to create these fields, and put there "fake" IP addresses (they
> are
> generated as random numbers, so they are different for each request).
>
> As the result, the web site which you are visiting will "think" that you
> are
> visiting it through a non-anonymous proxy server (while in fact it is a
> truly anonymous server with an additional fake field generated by
> A4Proxy).
> Not all web sites will look for these fields (Client_IP or
> X_Forwarded_For_IP). However, those which do look for them will definitely
> be confused as the fake IP address will be different for each request.It
> may
> be a good idea to switch on one of these options (and it is not important
> which one).Finally, if you want a particular address to be sent to the web
> site in one of that field, you will need to create a modification for that
> field on the Browser Options tab, in addition to enabling the appropriate
> Simulate... option.
>
> --
> View this message in context: http://www.nabble.com/Proxy-List-For-You%21-
> tf4635211.html#a13236985
> Sent from the Web App Security mailing list archive at Nabble.com.
>
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Cross-Site Scripting (XSS) is one of the most common application-level
> attacks that hackers use to sneak into web applications today. This
> whitepaper will discuss how traditional XSS attacks are performed, how to
> secure your site against these attacks and check if your site is
> protected.
> Cross-Site Scripting Explained - Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
> -------------------------------------------------------------------------
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
Received on Oct 18 2007
Intro
