VITAL QUESTION cgi Proxies on httpS

Discussion in 'Computer Security' started by seeker, Nov 11, 2004.

  1. seeker

    seeker Guest

    VITAL QUESTION cgi Proxies on httpS


    ?????????????????????????????????????????????????????????????????????
    DO WEB BASED PHP AND CGI PROXIES ON HTTPS WEB SITES STOP THE SNOOPING
    AUTHORITIES SEEING THE WEB SITES PEOPLE VISIT THROUGH THE PROXIES
    ?????????????????????????????????????????????????????????????????????




    This cgi script

    http://www.jmarshall.com/tools/cgiproxy/

    and this php script

    http://sourceforge.net/projects/poxy/

    can be uploaded to web sites.

    Then a cgi and/or php web based proxy is made available.

    These cgi and php web based proxies hide your ip from sites you visit
    through them and these cgi and php web based proxies have options to
    block your referer header so sites you visit with them cannot see the
    sites you have hyperlinked from.

    Those cgi and php proxies can be uploaded to http web sites and those
    cgi and php proxies can also be uploaded to httpS web sites.


    QUESTION
    **********

    In countries, work places and schools very often the authorities log
    and record the web sites that people visit. In many countries, people
    are jailed and tortured when the authorities discover they have visited
    a forbidden web site.


    Do these web based cgi and php proxies prevent the school and workplace
    authorities from logging the web sites people visit through these web
    based cgi and php proxies when these cgi and php proxies are on a httpS
    web site ???????

    Web sites that are httpS are encrypted and regarded as secure. The
    banks use these httpS web sites and these httpS web sites are used for
    credit card payments.

    Web mail such as https://www.hushmail.com is secure and snoops cannot
    see the emails and attachments users send and receive with hushmail.


    Snoops cannot see the contents of httpS web pages but

    THE QUESTION IS
    *****************

    DO SNOOPS SEE, LOG AND RECORD THE URLS OF THESE HTTPS WEB PAGES ????


    The way these web based cgi and php proxies work is the url of the
    proxy is put before the url of the web page that you want to visit.

    For example to visit

    http://www.showmyip.com/

    through these proxies the url looks like this

    https://nhuanet.com/dmirror/http/www.showmyip.com/


    In that example you just change the http:// of http://www.showmyip.com/
    to http/ to make http/www.showmyip.com/

    and then just put https://nhuanet.com/dmirror/ which is the url of the
    proxy before http/www.showmyip.com/ to make

    https://nhuanet.com/dmirror/http/www.showmyip.com/

    and effectively visit http://www.showmyip.com/ through the proxy.



    QUESTION
    **********

    When the country, school and workplace authorities are logging
    the web surfing of the people, do these snooping authorities log the
    full httpS urls ?????????

    For example, do the snooping authorities log

    https://nhuanet.com/dmirror/http/www.showmyip.com/

    and see the person has visited http://www.showmyip.com/ through the
    proxy https://nhuanet.com/dmirror/ ????????

    or do the snooping authorities only log something like

    CONNECT nhuanet.com

    and not see the web site visited through the proxy ?????

    Visiting http sites uses the GET method but visiting httpS sites uses
    the CONNECT method.


    ?????????????????????????????????????????????????????????????????????
    DO WEB BASED PHP AND CGI PROXIES ON HTTPS WEB SITES STOP THE SNOOPING
    AUTHORITIES SEEING THE WEB SITES PEOPLE VISIT THROUGH THE PROXIES
    ?????????????????????????????????????????????????????????????????????


    Below are some of these web based proxies on httpS web sites for your
    convenience, use and research


    https://nhuanet.com/cgi-bin/nph-proxyb.cgi/
    https://nhuanet.com/dmirror/http/www.showmyip.com/

    https://www1.beijing999.com/cgi-bin/nph-proxyb.cgi/
    https://www2.beijing999.com/cgi-bin/nph-proxyb.cgi/
    https://www3.beijing999.com/cgi-bin/nph-proxyb.cgi/
    https://www1.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    https://www2.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    https://www3.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    https://www4.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    https://www1.ft888.net/cgi-bin/nph-proxyb.cgi/
    https://www2.ft888.net/cgi-bin/nph-proxyb.cgi/
    https://www3.ft888.net/cgi-bin/nph-proxyb.cgi/

    https://www.heshan18.com/cgi-bin/nph-proxyb.cgi/
    https://www1.6lishi.com/cgi-bin/nph-proxyb.cgi/

    https://www.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    https://www1.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    https://www9.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    https://www12.zhonghua999.com/cgi-bin/nph-proxyb.cgi/

    https://68.229.16.106/cgi-bin/nph-proxyb.cgi/
    https://68.229.16.106/dmirror/http/www.showmyip.com/
     
    seeker, Nov 11, 2004
    #1
    1. Advertising

  2. The target IP address must always be sent in the clear. I don't think DNS
    servers use encryption so the answer is yes, the servers you send
    information to may be discovered.

    I think the files and directories that you access remain secret though as
    the request sent to the secure server is encrypted.

    Don't rely entirely on this as I'm not completely sure of it.

    "seeker" <> wrote in message
    news:...
    > VITAL QUESTION cgi Proxies on httpS
    >
    >
    > ?????????????????????????????????????????????????????????????????????
    > DO WEB BASED PHP AND CGI PROXIES ON HTTPS WEB SITES STOP THE SNOOPING
    > AUTHORITIES SEEING THE WEB SITES PEOPLE VISIT THROUGH THE PROXIES
    > ?????????????????????????????????????????????????????????????????????
    >
    >
    >
    >
    > This cgi script
    >
    > http://www.jmarshall.com/tools/cgiproxy/
    >
    > and this php script
    >
    > http://sourceforge.net/projects/poxy/
    >
    > can be uploaded to web sites.
    >
    > Then a cgi and/or php web based proxy is made available.
    >
    > These cgi and php web based proxies hide your ip from sites you visit
    > through them and these cgi and php web based proxies have options to
    > block your referer header so sites you visit with them cannot see the
    > sites you have hyperlinked from.
    >
    > Those cgi and php proxies can be uploaded to http web sites and those
    > cgi and php proxies can also be uploaded to httpS web sites.
    >
    >
    > QUESTION
    > **********
    >
    > In countries, work places and schools very often the authorities log
    > and record the web sites that people visit. In many countries, people
    > are jailed and tortured when the authorities discover they have visited
    > a forbidden web site.
    >
    >
    > Do these web based cgi and php proxies prevent the school and workplace
    > authorities from logging the web sites people visit through these web
    > based cgi and php proxies when these cgi and php proxies are on a httpS
    > web site ???????
    >
    > Web sites that are httpS are encrypted and regarded as secure. The
    > banks use these httpS web sites and these httpS web sites are used for
    > credit card payments.
    >
    > Web mail such as https://www.hushmail.com is secure and snoops cannot
    > see the emails and attachments users send and receive with hushmail.
    >
    >
    > Snoops cannot see the contents of httpS web pages but
    >
    > THE QUESTION IS
    > *****************
    >
    > DO SNOOPS SEE, LOG AND RECORD THE URLS OF THESE HTTPS WEB PAGES ????
    >
    >
    > The way these web based cgi and php proxies work is the url of the
    > proxy is put before the url of the web page that you want to visit.
    >
    > For example to visit
    >
    > http://www.showmyip.com/
    >
    > through these proxies the url looks like this
    >
    > https://nhuanet.com/dmirror/http/www.showmyip.com/
    >
    >
    > In that example you just change the http:// of http://www.showmyip.com/
    > to http/ to make http/www.showmyip.com/
    >
    > and then just put https://nhuanet.com/dmirror/ which is the url of the
    > proxy before http/www.showmyip.com/ to make
    >
    > https://nhuanet.com/dmirror/http/www.showmyip.com/
    >
    > and effectively visit http://www.showmyip.com/ through the proxy.
    >
    >
    >
    > QUESTION
    > **********
    >
    > When the country, school and workplace authorities are logging
    > the web surfing of the people, do these snooping authorities log the
    > full httpS urls ?????????
    >
    > For example, do the snooping authorities log
    >
    > https://nhuanet.com/dmirror/http/www.showmyip.com/
    >
    > and see the person has visited http://www.showmyip.com/ through the
    > proxy https://nhuanet.com/dmirror/ ????????
    >
    > or do the snooping authorities only log something like
    >
    > CONNECT nhuanet.com
    >
    > and not see the web site visited through the proxy ?????
    >
    > Visiting http sites uses the GET method but visiting httpS sites uses
    > the CONNECT method.
    >
    >
    > ?????????????????????????????????????????????????????????????????????
    > DO WEB BASED PHP AND CGI PROXIES ON HTTPS WEB SITES STOP THE SNOOPING
    > AUTHORITIES SEEING THE WEB SITES PEOPLE VISIT THROUGH THE PROXIES
    > ?????????????????????????????????????????????????????????????????????
    >
    >
    > Below are some of these web based proxies on httpS web sites for your
    > convenience, use and research
    >
    >
    > https://nhuanet.com/cgi-bin/nph-proxyb.cgi/
    > https://nhuanet.com/dmirror/http/www.showmyip.com/
    >
    > https://www1.beijing999.com/cgi-bin/nph-proxyb.cgi/
    > https://www2.beijing999.com/cgi-bin/nph-proxyb.cgi/
    > https://www3.beijing999.com/cgi-bin/nph-proxyb.cgi/
    > https://www1.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    > https://www2.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    > https://www3.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    > https://www4.dongtaiwang.com/cgi-bin/nph-proxyb.cgi/
    > https://www1.ft888.net/cgi-bin/nph-proxyb.cgi/
    > https://www2.ft888.net/cgi-bin/nph-proxyb.cgi/
    > https://www3.ft888.net/cgi-bin/nph-proxyb.cgi/
    >
    > https://www.heshan18.com/cgi-bin/nph-proxyb.cgi/
    > https://www1.6lishi.com/cgi-bin/nph-proxyb.cgi/
    >
    > https://www.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    > https://www1.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    > https://www9.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    > https://www12.zhonghua999.com/cgi-bin/nph-proxyb.cgi/
    >
    > https://68.229.16.106/cgi-bin/nph-proxyb.cgi/
    > https://68.229.16.106/dmirror/http/www.showmyip.com/
     
    Timothy Goddard, Nov 11, 2004
    #2
    1. Advertising

  3. seeker

    Richard Guest

    The filters only log the IP address and host name of the proxy server
    that the request is sent through. The actual URL of the 'banned'
    website can not be determined.

    --
    visit my computer security website:
    http://computer-security.no-ip.info
     
    Richard, Nov 25, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. chuck
    Replies:
    0
    Views:
    658
    chuck
    Nov 15, 2005
  2. Joel Rubin
    Replies:
    2
    Views:
    631
    Lady Chatterly
    Oct 20, 2004
  3. shopzero.net

    Seven Steps to a Vital Videoconference

    shopzero.net, Jul 24, 2006, in forum: DVD Video
    Replies:
    2
    Views:
    507
    myvideotalk2u
    Sep 22, 2006
  4. Au79
    Replies:
    0
    Views:
    438
  5. Adam Cameron
    Replies:
    10
    Views:
    1,514
    Lawrence D¹Oliveiro
    Sep 19, 2004
Loading...

Share This Page