Webpage Proxying

50 %
50 %
Information about Webpage Proxying

Published on October 14, 2007

Author: m1ke



Webpage proxying “surfing to the same page all day long” Michael Hendrickx <>

Proxy • Doesn’t have to be proxy *server* • Web server can serve HTTP content • Web scripts can retrieve HTTP content • So, dynamic web content can be used as a proxy

Webpage Proxy: use? • Government censors Internet, blocks content • Corporate content filtering • Privacy needed in certain cases

Introducing “phrogsy” • Proxy -> Phrogsy – Hey, it’s only a name • Idea sprung up during development of covert channel PoC • Allows surfing through a web page • Increases surfing privacy • Bypasses proxy restrictions

How to.. erm.. “phrogsy”? • Download phrogsy • Install firefox extension • Upload PHP or perl script to *your web server *server you have access to • Ready to go

Phrogsy • How webpage proxying works: Transparent connection Target website Proxy SITM server* Site in the middle (optional)

Phrogsy 5. response 6. response Target website SITM Site in the middle 3. Browser connects to SITM, passes on target URL 1. User requests page (target) 4. SITM sends request to target 2. Browser rewrites URL to SITM website

Security issues • SITM will be able to see your requests • SSL (target) is not supported yet • SITM can reside on SSL server you SITM Target Proxy server

SSL - privacy • If you connect to SITM over SSL, (mandatory/transparent) proxy server won’t see your traffic • Optional Base64 possible SSL you SITM Target Proxy server

You (browser) • (Currently only) Firefox extension • Rewrites target URL to SITM • On recv(), rewrites SITM back to original target you SITM Target Proxy server

You (browser) • URL entered in FireFox • Rewritten to http://SITM/?page= • Reply is seen as “coming from SITM” • Reply is rewritten: http://SITM/?page= Becomes

Site in the Middle • (for now) PHP & Perl scripts • socket connection to target • Passes on vars (cookie, post data, ..) you SITM Target Proxy server

Proxy server • Proxy server only sees legitimate traffic – http://sitm/ is not blocked – http://target/ is blocked Often outside of ISP restrictions, depending on geographical status Results in “blocked error page” Allowed *Allowed you SITM Target Proxy server

HTTP Connection • As said before, SSL is possible • Base64 encoding to avoid keyword detection • Crypt (charCodeAt()+1) optional you SITM Target Proxy server

Constraints • Caching can mess up things sometimes • URL doesn’t get rewritten properly • Hosting provider can block outgoing connections

Future? • More SITM platforms (asp, aspx, etc…) • More fiddling with mod_rewrite • Proxy chaining? – Integration into TOR (

Questions? Email: Or catch us on

Add a comment

Related pages

Understanding Proxying and Redirection: Exchange 2010 Help

Set-OWAVirtualDirectory -Identity "Contosoowa (Default Web site)" -CrossSiteRedirectType Silent. ... In an Exchange 2010 proxying environment, ...
Read more

SSL Proxying • Charles Web Debugging Proxy

SSL Proxying. Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the communication between web browser and SSL web ...
Read more

Microsoft Exchange 2010 – Using Proxying and Redirection ...

Email; Microsoft Exchange 2010 – Using Proxying and Redirection (Part 2) Cross-Site Silent Redirection. Exchange 2010 SP2 lets administrators configure ...
Read more

Exclude a website from proxying - Forums ...

Posts: 13 Joined: 9.Jun.2006 Status: offline: Hi I have a quick question regarding the use of firewall clients and ISA 2006. I have found a few websites ...
Read more

Proxy server - Wikipedia, the free encyclopedia

In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking ...
Read more

Page-Based Template Proxying - Oracle Help Center

When processing page-based templates, the portal servlet uses a process called proxying to help ensure that users always stay within the context of the ...
Read more

Blogs - Exchange Team Blog - Site Home - TechNet Blogs

In this case the First CAS will return a web page that contains a link to the correct ... I will cover how Exchange 2007 CAS Proxying works for ...
Read more

web proxying | NorthernUC - NorthernUC | The World of Lync ...

Posts about web proxying written by northernuc. NorthernUC The World of Lync 2010 & Lync 2013. Search. Main menu. Skip to primary content. Skip to ...
Read more

Proxying (@_Proxying) | Twitter

The latest Tweets from Proxying (@_Proxying). Pixelmon Developer. Fife, Scotland
Read more