简评使用http代理服务器的安全性简评(On the safety of HTTP proxy server)

http代理服务器  时间:2021-03-03  阅读:()

使用http代理服务器的安全性简评On the safety of HTTP proxyserver

Due to various reasons, in the domestic Internet, it isunavoidable to deal with HTTP proxy server. HTTP proxy serveris divided into encrypted proxy server and general proxy server.If we run some software on your computer can access before cannot access the site, then it may be encrypted proxy; if we setthe proxy server in the browser, without running any software,so this type of proxy server is the general agent. In general,encryption agent security is better than ordinary proxy ifthere is no problem with encryption agent software. Here, thisarticle is mainly about the security of ordinary agents.Brief introduction of 1 and HTTP proxy agreement

The communication between the browser and the HTTP proxy serveris through the HTTP proxy protocol. If we do not use theencrypted proxy running on your computer, but directly in thebrowser settings on the internet proxy server address, thensend between the browser and proxy server communication to theInternet will. The common requests of proxy server are GET, POSTand CONNECT, and the following are introduced respectively:

1. 1, GE T

If we access aweb page of a HTTP protocol through a proxy server,then the browser sends the GET request to the HTTP proxy server.For example, when we access http://www.microsoft.com/ througha proxy server, the browser sends data to the HTTP proxy server:

. . . . . .

After the proxy server gets the data, the web page is returnedto the browser:

HTTP/1. 1 200 OK

. . . . . .

<html>

. . . . . .

We did not use and comparison of the proxy server, if not usinga proxy server, then we visit http://www.microsoft.com/, thebrowser will send a request to the server underwww.microsoft.com:

GET / HTTP/1. 1

. . . . . .

Server return:

HTTP/1. 1 200 OK

. . . . . .

<html>

. . . . . .

We see that after using the proxy server, the format of the GETrequest and return is almost unchanged, and there is nodifference in the security of using the proxy server.

1.2, POST

When we submit the form in the use of the HTTP protocol on thesite (such as the website user login form, fill in the user nameand password, and then log in, the form is submitted to theserver) , if the form type is POST (most of the type of form isPOST, but the search engine search form seemed to be GET type) ,then the browser will send a POST request to the proxy server.Comments such as inhttp://www.williamlong. info/archives/2209.html, the datawill be submitted to the http://www.williamlong. info/cmd.asp?Act=cmt&key=a666b083, if we use the HTTP proxy server, therequest will be sent to the proxy server:

POST http://www.williamlong. info/cmd.asp?

Act=cmt&key=a666b083 HTTP/1. 1

. . . . . .

[submission of comment data]

If the proxy server is not used, the following POST requestsare sent directly to the www.williamlong. info server:

POST /cmd.asp? Act=cmt&key=a666b083 HTTP/1. 1

. . . . . .

[submission of comment data]

The results returned using proxy server and without proxyserver are basically the same. So POST requests are basicallyno different in terms of the security of using proxy servers.

1.3, CONNECT

When we visit the HTTPS protocol web site, the browser sendsthe CONNECT request to the proxy server. For example, we visithttps://mail.google.

When com/mail/? Shva=1#inbox, the browser sends the followingrequest to the proxy server:

CONNECT mail.google.com:443 HTTP/1.0

. . . . . .

Then the server returns:

HTTP/1. 1 200 Connection established

. . . . . .

Then the browser starts sending encrypted data to the proxyserver, using the mail.google. com SSL certificate. The proxy

server to encrypt data as mail.google. com returns back to thebrowser.

If you don't use a proxy server, the browser connects directlyto the mail.google. com:443, and then starts sending andreceiving encrypted data.

We see that the use of the HTTP proxy server, HTTPS protocolcontent still end-to-end encryption, HTTPS still maintains thetransmission of any content will not be responsible for datatransmission equipment (including proxy server) to see thecharacteristics. Whether the proxy server is used does notchange the security of the HTTPS protocol.

2. Discuss in depth

Q: we see, after using the proxy server will need to access thedomain name of the website (including HTTPS) sent to the proxyserver, so that if the network being monitored, you will knowwhat sites we visit (but not HTTPS protocol to monitor thecontents of the transmission, only know that we visited thewebsite) , this is reduce security?

A: if our network is monitored, all network data packets arerecorded, so if you don't use a proxy server, the browser willfirst send a query to the corresponding domain name IP DNSrequest, IP will also be sent after the TCP connection requestto the need to visit the site, they can knowwhat sites we visitby network packet monitor.

Q: some proxy server products claim to be able to record the

contents of HTTPS transmission. How do they do that?

A: using the SSL hijacking means. These proxy server products,without exception, need to install the corresponding client,once you install these clients, you can control the clientcomputer, and then install the proxy server' s own certificate,SSL hijacking. Some products do not need to install the client,but the client browser access all the HTTPS web site, but thebrowser SSL certificate validation, the browser will give thecertificate invalid warning.

Q: if we were not able to access a website, use a proxy servercan be put on the website, this website is the HTTP protocol,so that access to this site all actions are logged in themonitored network environment?

A: yes. Because the proxy server does not change the securityof the HTTP protocol, all the contents of the plaintexttransmission can be recorded by the monitoring system. So, weuse a proxy server to submit important information (such as username and password) , you must select the HTTPS protocol, enterthe user name and password in the need to pay attention to thebrowser' s address bar is not to begin with https.

Q: after using aproxy server, theway the network packet passesis not different from that of the proxy server. What' s theimpact on the security?

A: it depends on every node in the road that was used beforeand after the proxy server was used. Even if you do not use aproxy server, the Internet still face a variety of human network

fault, using a proxy server because of the path is different,so there may still need to face these artificial networkfailures, there may be no need to face these people a networkfailure (if the proxy server itself specifically addressesthese failures) .

3, s umm ary

The above, using a remote HTTP proxy server security and do notuse a proxy server basic does not have what difference, thehuman network problems we face in using a proxy server theremay still exist, but also may reduce or even disappear.If someone offers artificial network failure to resolve theproxy server in the country, not to use or inability to useencryption software agents used, combined with the "proxyserver" and how to use AutoProxy, the agent of the era mightcome oh.

TmhHost 全场八折优惠且充值返10% 多款CN2线路

TmhHost 商家是一家成立于2019年的国人主机品牌。目前主营的是美国VPS以及美国、香港、韩国、菲律宾的独立服务器等,其中VPS业务涵盖香港CN2、香港NTT、美国CN2回程高防、美国CN2 GIA、日本软银、韩国cn2等,均为亚太中国直连优质线路,TmhHost提供全中文界面,支持支付宝付款。 TmhHost黑五优惠活动发布了,全场云服务器、独立服务器提供8折,另有充值返现、特价服务器促销...

NameCheap 2021年新年首次活动 域名 域名邮局 SSL证书等

NameCheap商家如今发布促销活动也是有不小套路的,比如会在提前一周+的时间告诉你他们未来的活,比如这次2021年的首次活动就有在一周之前看到,但是这不等到他们中午一点左右的时候才有正式开始,而且我确实是有需要注册域名,等着看看是否有真的折扣,但是实际上.COM域名力度也就一般需要51元左右,其他地方也就55元左右。当然,这次新年的首次活动不管如何肯定是比平时便宜一点点的。有新注册域名、企业域...

酷锐云香港(19元/月) ,美国1核2G 19元/月,日本独立物理机,

酷锐云是一家2019年开业的国人主机商家,商家为企业运营,主要销售主VPS服务器,提供挂机宝和云服务器,机房有美国CERA、中国香港安畅和电信,CERA为CN2 GIA线路,提供单机10G+天机盾防御,提供美国原生IP,支持媒体流解锁,商家的套餐价格非常美丽,CERA机房月付20元起,香港安畅机房10M带宽月付25元,有需要的朋友可以入手试试。酷锐云自开业以来一直有着良好的产品稳定性及服务态度,支...

http代理服务器为你推荐
网络明星网络明星是怎样成名的呢?如何又是网络明星呢?!!在线漏洞检测求免费的漏洞扫描工具百度抢票浏览器百度浏览器怎么抢票?1433端口怎么去看1433端口网站运营刚创业的网站运营怎么做?镜像文件是什么什么叫镜像文件,作用是什么?唱吧电脑版官方下载电脑上可以安装唱吧吗?如何建立一个网站要建立一个网站怎么弄啊?开机滚动条电脑开机滚动条要走好几次雅虎天盾我装了360安全卫士,原来的雅虎天盾需不需要卸载
域名备案中心 域名备案收费吗 net主机 东莞电信局 紫田 国外bt 好看的桌面背景大图 长沙服务器 777te jsp空间 双11秒杀 可外链相册 服务器是干什么的 百度云1t 空间技术网 metalink 视频服务器是什么 河南移动梦网 starry 华为云建站 更多