How to make and use a highly anonymous encryption proxy server

First, a brief introduction to the classification of agents:

Agent score: Level 1~level 55 grades;

Or it can be divided into 3 categories: ·

A. All anonymous agents don't change your request.

Fields, making the server side look like there's a real client browser accessing it. Of course, your real IP is hidden. The server's webmaster does not think you are using a proxy.

B. Ordinary anonymous agents can hide your real IP, but will change your request

Fields may be thought to have used the agent, but it is only possible, generally speaking, is no problem. But don't be misled by its name, its security may be higher than all anonymous proxies, and some agents will peel off some of your information (like the stealth of firewalls).

Mode), so that the server side does not detect your operating system version and browser version.

C. The transparent agent (simple proxy) adapts your request Fields and transmits the real IP.

The site you visit will see you clearly, know that you use the agent, know the IP agent, but also know your real IP.

General Level3?-level5 belong to transparent agent; level 1-LEVEL3 belong to anonymous agent! All anonymous proxies are sometimes called super proxies!

Do not want to let network management (domestic proxy server} or ISP (foreign proxy server) know where I want to go, then your connection request with SSL encryption on the line.

With the anonymous feature plus encrypted connection, invisibility finally practiced!

The software required to make and use this agent is Ccproxy 6.2,stunnel,openssl,sockscap. are free software, CC3 users are enough.

Suppose you already have a remote machine a proxy server, your own machine is B.

On a machine, we want to open a SOCKS5 local proxy port and encrypt his transmission with SSL. First, in Ccproxy, enable the SOCKS5 agent service, assuming that the port is 1080, create a user, authentication mode for username/password/IP mixed, assuming username password is 123 , IP 127.0.0.1, and remember to "prohibit the LAN outside the user access" on the hook, because the remote B-machine will not directly access this service, so that elderly people to scan the password. Here's the key, open the Ccproxy.ini file, modify and confirm the following 2 parameters:

Enableproxyconnection=0

Enablereferer=0

That way, people don't know that you're using an agent, and you don't know where you're from. It seems that CC6.0 also supports these two parameters, but the official is 6.3 to write in the FAQ.

The stuneel.conf file is then configured with the following contents:

Cert=stunnel.pem

Key = Stunnel.pem

Taskbar=no #这个参数可以隐藏STUNELL的图标, if you do bad things, use $%#%#.

Client=no

[Socks2ssl]

Accept = #在80端口监听, ready to accept external connections.

Connect = 127.0.0.1:1080 #连接CCPROXY开的SOCKS5服务端口

The reason to set the listening port to 80 is the extreme assumption that the firewall in front of the B-machine only allows B-machine access to port 80, and if not, just set one.