|
Home > Archive > Anonymous Servers > May 2005 > Anon Proxy servers and malicious Java/Javascript
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Anon Proxy servers and malicious Java/Javascript
|
|
| speeder 2005-05-18, 5:51 pm |
| Can proxy server ops inject malicious Java or Javascript code in the
http requests it gets? Can this be done in Tor? If so, how to protect
oneself if still determined to use anon proxy servers?
| |
| Stephen K. Gielda 2005-05-18, 5:51 pm |
| In article <ijgm81p8li2retf2i34obb1b6iesgil3j6@4ax.com>,
no.spam@invalid.com says...
> Can proxy server ops inject malicious Java or Javascript code in the
> http requests it gets? Can this be done in Tor? If so, how to protect
> oneself if still determined to use anon proxy servers?
>
>
I don't know if it can be done in Tor, but it can easily be done in many
types of http proxies. They all get the page, rewrite it, and pass it
on if they are filtering proxies. It would be very easy to have it add
code on the rewrite.
/steve
--
Free Privacy Resources
http://www.cotse.net/resources.html
| |
| Me Neither 2005-05-19, 5:46 pm |
| speeder wrote:
> Can proxy server ops inject malicious Java or Javascript code in the
> http requests it gets?
Of course they can.
> Can this be done in Tor?
Sure. Tor is open source. Everyone can run a secretly modified exit node.
> If so, how to protect oneself if still determined to use anon proxy
> servers?
You need to filter what you receive. Use a filtering proxy like privoxy
right in front of your browser and set it on ultra-paranoid mode. Disable
all javacript, active-x plugins and other sources of trouble. Better yet,
use a simple text-mode browser and you should be reasonably safe.
Except for the secret modifications to your browser or proxy by
whoever you downloaded the compiled binaries or source code from.
|
|
|
|
|