A few weeks ago we discussed a website that pointed out some obvious obfuscation techniques that are used to hide the actual URL being visited, most of these techniques around masking the actual URL using variations on the IP address, and using the username/password area to give the appearance of visiting a site other than the actual one being accessed.
In addition to using these techniques to try and confuse the proxy, there are other ways the end-user can try to get around the proxy. If the goal of the end-user is to reach images that are being blocked by URL, a common technique is to go to Google Images and do the search there to get images. A less capable proxy will display the images, as most proxies don't go the extra distance to block the embedded URL's being displayed in each of the search results. There are proxies out there that are smart enough to block pics pointing to embedded URL's and some that even are capable of re-writing the Google search so that it always comes out a "safe search" regardless of the setting the end-user tries to use.
Google also offers another common method that end-users will attempt to use to bypass the proxy. The translation feature offered by Google for web pages, will produce a URL that looks like a Google URL, but contain all the contents of the page that was requested to be translated. For example, if you take www.playboy.com and ask it to be translated by Google from English to French, the result is a URL pointing at google.com, which once again, a lesser proxy will display to the end-user, but a more capable proxy should be able to block.
So what's the lesson here? Buyer beware when selecting your proxy. Be sure your proxy has advanced features like the ones discussed here. As end-users get more savvy, your proxy needs to be even more intelligent.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Friday, April 11, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment