In today’s increasingly complex network environment, the requirements for penetration testers have gradually increased. From the very beginning of the pure IP site naked (well, today there are still many enterprises, government sites do so), to later high security, CDN, anti-CC concept, and now the major vendors of cloud protection competition is intensifying, how to adapt to the maximum extent to the situation of security operations and maintenance habits, which is the most urgent requirements for penetration testing engineers.
This article focuses on reverse proxy technology, trusted residential proxies via Private Proxy from the attacker’s perspective insight into the security operation and maintenance habits, of course, before that, we have to come to complete familiarity with the agent technology.
At present, we mention that agent technology is only three kinds: forward agent, transparent agent, and reverse agent, In the following, we take the B / S architecture as an example to briefly introduce the differences.
Top
Network proxy technologies are mainly implemented in the following ways: socks5, VPN (a virtual private network), https, ssh tunneling, tor (onion routing), etc. They each have their own focus, and this article would like to give an overview of these technologies and sort out the relationships and veins between them.
Socks4/5
- socks5 adds UDP proxy support over socks4, which works below the application layer and above the transport layer, and is a communication protocol specifically designed for network proxies.
- Under the ordinary socks5 proxy method, the application software sends data to the server directly through the socks5 protocol, but the socks5 protocol is sent in clear text and can be easily intercepted. The improved type is to use socks5-TLS to encrypt the data and send it to the server side, but the process feature of socks5 to establish the connection is obvious, and it is still easy to be blocked.
- Finally, shadowsocks was born, which is divided into ss-client and ss-server. The application software sends data to the ss-client through the socks5 protocol, and then the ss-client sends data to the ss-server after encryption and obfuscation, and finally, ss-server sends data to the destination address.
VPN (Virtual Private Network)
This is a large class of technology that works at the third layer of the network, intercepting all IP layer data directly and forwarding it. There are a variety of specific implementation protocols, including L2TP/IPSec, IKEv2, etc. The representative software is strongswan, the general operating system automatically supports these VPN protocols, so you only need to configure strongswan on the server side, and then simply configure it in the local operating system can be used. Of course, for some special VPN protocols such as SSTap, we need to install the corresponding client software, this software will generally virtualize a network card for intercepting data, in fact, the operating system that comes with the VPN configuration will also generate a similar virtual network card device.
https, ssh
The https proxy requires a dedicated proxy server, which works at the application layer and can only proxy http and https protocols. ssh can be used as a proxy through ssh tunnels, but it still interacts with the application through the socks5 protocol, so it can essentially be considered a socks5 server.
The difference between the protocol stacks that https and ssh work on is that although they are both application layer protocols. https = http + TLS/SSL, which is a combination of http and TLS/SSL so that other protocols can also reuse the TLS/SSL layer, such as socks5-TLS. ssh implements the whole process.
tor (onion routing)
My understanding is that it places more emphasis on anonymity, so it requires multiple proxies in between, and therefore is much slower, as you can see from Baidu, there are many related descriptions.
Forward proxy
The client forwards the request to the proxy server, which in turn is responsible for forwarding it to the target website, and the server responds to the proxy server first, which in turn forwards it to the corresponding client.
Of course, the forward proxy can be a proxy for clients on the LAN, but not limited to, you can also choose a public network server as a proxy, which plays a role similar to NAT.
Transparent proxy
- A transparent proxy is also called an inline proxy, intercepting proxy, or force proxy, which means that the proxy is imperceptible to the client, i.e., no additional configuration is required.
- Transparent proxies are basically similar to forward proxies, and even transparent proxies can be used as a type of forwarding proxy.
- Transparent proxy technology often exists as an alternative mode, such as in firewalls, as a policy to filter and block some traffic; generally, the Internet behavior management system within the company is also the application of transparent proxy.
- In addition, if there are cousins who like to play routers should have contact with Merlin, Pandora system, in which the proxy mode for network users is also the application of transparent proxy.
- In general, as long as the gateway or the network equipment on the main link can achieve transparent proxy mode, or with the use of technology such as route forwarding with better results.
Reverse proxy (Reverse proxy)
The client sends the request to the reverse proxy server, which then forwards the request to the real server to process the request, and the real server sends the processing result to the reverse proxy, which then constructs the response and responds to the client.
Of course, the reverse proxy server does not necessarily have to be the same intranet as the target website, we sometimes find http/https springboards on the Internet, and the target we visit is not the target intranet content, but this is still an application of reverse proxy technology.
As for the advantages of reverse proxy, there are different opinions, after all, the advantages follow the needs, but nothing more than the following: reduce the use of public IPs, prevention of malicious attacks on intranet servers from outside, caching to reduce the pressure on servers and access security control, load balancing to distribute user requests to multiple servers, plus some special things to do special things (such as IPS -Intrusion Prevention System, web application firewall, etc.).
Read Also : Things to Consider Before Using Linux Cloud Hosting