Principle Analysis and Security Q & A of HTTP Proxy Servers

For various reasons, it is inevitable to connect to the Internet in China to deal with the HTTP proxy server. HTTP proxy servers are divided into encryption proxy servers and common proxy servers. If we run some software on our computer to access a previously inaccessible website, it is likely to be an encrypted proxy. If we directly set up a proxy server in the browser, if you do not need to run any software, this type of proxy server is a common proxy. Generally, if there is no problem with the encryption proxy software, the security of the encryption proxy is better than that of the common proxy. Here, this article focuses on the security of common proxies.

　　Recommended:Free Proxy Server(Daily update)

1. Introduction to HTTP Proxy Protocol

The browser communicates with the HTTP Proxy server through the HTTP Proxy protocol. If we do not use an encrypted proxy running on our computer, but directly set the proxy server address on the Internet in the browser, then the communication between the browser and the proxy server will be sent to the Internet. Common requests on the proxy server include GET, POST, and CONNECT. The following describes the common requests:

1.1. GET

If we access an http Webpage Through the proxy server, the browser will send a GET request to the HTTP proxy server. For example, if we access http://www.microsoft.com/through the proxy server, then the browser will send data to the HTTP Proxy Server:

GET http://www.microsoft.com/https/1.1
......

Then the proxy server obtains the data and returns the webpage to the browser:

HTTP/1.1 200 OK
......
<Html>
......

Let's compare it with the absence of a proxy server. If the proxy server is not used, then we access the http://www.microsoft.com/and the browser will send the following request to the server www.microsoft.com:

GET, HTTP, 1.1
......

Server return:

HTTP/1.1 200 OK
......
<Html>
......

We can see that after using the proxy server, the GET request and the returned format are basically unchanged, and there is basically no difference in the security of whether to use the proxy server.

1.2. POST

When we submit a form on a website using the http protocol (such as the user login form on the website, fill in the user name and password, and click Login to submit the form to the server ), if the form type is POST (most form types are POST, but the search forms of the search engine all seem to be GET), the browser will send a POST request to the proxy server. For example, when a comment is made in a http://www.bkjia.com/archives/2209.html, the data is committed to the http://www.bkjia.com/cmd.asp? Act = cmt & key = a666b083. If we use an HTTP proxy server, the following requests will be sent to the proxy server:

POST http://www.bkjia.com/cmd.asp? Act = cmt & amp; key = a666b083 HTTP/1.1
......
[Submitted comment Data]

If the proxy server is not used, the following POST requests are sent directly to the www.veryhuo.com Server:

POST/cmd. asp? Act = cmt & amp; key = a666b083 HTTP/1.1
......
[Submitted comment Data]

The results returned by using the proxy server and not using the proxy server are basically the same. Therefore, there is basically no difference in the security of POST requests using proxy servers.

1.3. CONNECT

When we access an https website, the browser will send a CONNECT request to the proxy server. For example we access https://mail.google.com/mail? Shva = 1 # inbox, the browser will send the following request to the proxy server:

CONNECT mail.google.com: 443 HTTP/1.0
......

Then the server returns:

HTTP/1.1 200 Connection established
......

Then the browser starts to send encrypted data to the proxy server, using the SSL Certificate of mail.google.com. The proxy server returns the original encrypted data returned by mail.google.com to the browser.

If the proxy server is not used, the browser directly connects mail.google.com: 443 and then starts sending and receiving encrypted data.

We can see that after the HTTP Proxy Server is used, the content transmitted over HTTPS is still end-to-end encrypted, and HTTPS still keeps the transmitted content from any device (including the proxy server) responsible for data transmission) see the features. Whether to use the proxy server does not change the security of the HTTPS protocol.

2. In-depth discussion

Q: After the proxy server is used, all domain names (including https domain names) that need to access the website are sent to the proxy server. If the network is monitored, we can see what website we are visiting (but the https protocol cannot monitor the transmitted content, but we can only know that we have accessed this website). Does this reduce security?
A: If our network is monitored and all network packets are recorded, the browser will first send a dns request to query the IP address corresponding to the domain name if no proxy server is used, after the IP address is obtained, a TCP connection request will be sent to the website to be accessed. The network packet monitoring will show you what website we are visiting.

Q: How does some proxy server products claim to be able to record content transmitted over HTTPS?
A: SSL hijacking is used. The corresponding clients need to be installed for all these Proxy Server products. Once these clients are installed, the client computer can be controlled, and then the proxy server's own certificate can be installed for SSL hijacking. Some products do not need to install the client, but the client browser does not pass the SSL certificate verification of the browser when accessing all HTTPS websites. The browser will give a warning that the certificate is invalid.

Q: If we were unable to access a website, we could use a proxy server to ask about the website, which is based on the http protocol, in this way, all accesses to this website will be recorded in the monitored network environment?
A: Yes. Because the proxy server does not change the security of the HTTP protocol, all content transmitted in plaintext can be recorded by the monitoring system. Therefore, when you use the proxy server to submit important information (such as the user name and password), You must select the HTTPS protocol. when entering the user name and password, you must note that the address bar of the browser starts with https.

Q: When a proxy server is used, what is the impact on the security of network packets?
A: It depends on each node in the route that passes through the proxy server. Even if the proxy server is not used, the Internet access in China will still face various man-made network faults. After using the proxy server, because of the different routes, it may still need to face these man-made network faults, there may also be no need to deal with these man-made network faults (if the proxy server solves these faults ).

3. Summary

Based on the above, the security of the remote HTTP Proxy Server is basically the same as that of the proxy server. The human network faults we face may still exist after the proxy server is used, it may also decrease or even disappear. If someone provides a proxy server in China that solves the man-made network fault, it will be used by some people who do not use or cannot use the encrypted proxy software, combined with "how to use proxy server" and AutoProxy, so the era of universal proxy may come.

Source: Reader contribution, Author: Ying, author Twitter: @ David sky2012, Author: Google Reader: https://www.google.com/reader/shared/lehui99

Source: moonlight blog