Abstract
HTTP proxies serve numerous roles, from performance enhancement to access control to network censorship, but often operate stealthily without explicitly indicating their presence to the communicating endpoints. In this paper we present an analysis of the evidence of proxying manifest in executions of the ICSI Netalyzr spanning 646,000 distinct IP addresses (“clients”). To identify proxies we employ a range of detectors at the transport and application layer, and report in detail on the extent to which they allow us to fingerprint and map proxies to their likely intended uses. We also analyze 17,000 clients that include a novel proxy location technique based on traceroutes of the responses to TCP connection establishment requests, which provides additional clues regarding the purpose of the identified web proxies. Overall, we see 14% of Netalyzr-analyzed clients with results that suggest the presence of web proxies.
This work is supported by the National Science Foundation under grants CNS-0831535, CNS- 1213157, and CNS-1223717, and the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) Broad Agency Announce- ment 11-02, and SPAWAR Systems Center Pacific via contract number N66001-12-C-0128, with additional support from Amazon, Google and Comcast.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aase, N., Crandall, J., Diaz, A., Knockel, J., Molinero, J.O., Saia, J., Wallach, D., Zhu, T.: Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors’ Resources and Motivations. In: Proc. USENIX FOCI, Bellevue, WA, USA (August 2012)
Auger, R.: Easy method for detecting caching proxies (February 2011), http://www.cgisecurity.com/2011/02/easy-method-for-detecting-caching-proxies.html
CmdrTaco. Mediacom using DPI to Hijack Searches, 404 errors, http://yro.slashdot.org/story/11/04/27/137210/mediacom-using-dpi-to-hijack-searches-404-errors
DiCioccio, L., Teixeira, R., May, M., Kreibich, C.: Probe and Pray: Using UPnP for Home Network Measurements. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 96–105. Springer, Heidelberg (2012)
EICAR Anti-Malware Test File, http://www.eicar.org/86-0-Intended-use.html
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1. RFC 2616, IETF (June 1999)
Fox, A., Goldberg, I., Gribble, S.D., Lee, D.C., Polito, A., Brewer, E.A.: Experience With Top Gun Wingman, A Proxy-Based Graphical Web Browser for the USR PalmPilot. In: Proc. Middleware (1998)
Fox, A., Gribble, S.D., Brewer, E.A., Amir, E.: Adapting to Network and Client Variability via On-Demand Dynamic Distillation. In: Proc. ASPLOS-VII (October 1996)
Giobbi, R.: CERT Vulnerability Note VU 435052: Intercepting proxy servers may incorrectly rely on HTTP headers to make connections (February 2009)
Huang, L.S., Chen, E.Y., Barth, A., Rescorla, E., Jackson, C.: Talking to yourself for fun and profit. In: Proceedings of the Web 2.0 Security & Privacy (W2SP) Workshop (2011)
Kreibich, C., Weaver, N., Nechaev, B., Paxson, V.: Netalyzr: Illuminating The Edge Network. In: Proc. ACM IMC, Melbourne, Australia (November 2010)
Citizen Lab. Planet Blue Coat: Mapping Global Censorship and Surveillance Tools, https://citizenlab.org/2013/01/planet-blue-coat-mapping-global-censorship-and-surveillance-tools/
Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting In-Flight Page Changes with Web Tripwires. In: Proc. USENIX NSDI (2008)
Sfakianakis, A., Athanasopoulos, E., Ioannidis, S.: Inferring Mechanics of Web Censorship Around the World. In: CensMon: A Web Censorship Monitor (August 2011)
Somerville, M.: Mobile operators altering (and breaking) web content, http://www.mysociety.org/2011/08/11/mobile--operators--breaking--content/
Verkamp, J., Gupta, M.: Inferring Mechanics of Web Censorship Around the World. In: Proc. USENIX FOCI, Bellevue, WA, USA (August 2012)
Weaver, N., Kreibich, C., Paxson, V.: Redirecting DNS for Ads and Profit. In: Proc. USENIX FOCI, San Francisco, CA, USA (August 2011)
Wikipedia. Proxy server (June 2012), http://en.wikipedia.org/wiki/Http_proxy#Detection
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Weaver, N., Kreibich, C., Dam, M., Paxson, V. (2014). Here Be Web Proxies. In: Faloutsos, M., Kuzmanovic, A. (eds) Passive and Active Measurement. PAM 2014. Lecture Notes in Computer Science, vol 8362. Springer, Cham. https://doi.org/10.1007/978-3-319-04918-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-04918-2_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04917-5
Online ISBN: 978-3-319-04918-2
eBook Packages: Computer ScienceComputer Science (R0)