Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel
{"title":"揭开免费代理的面纱:免费代理服务的脆弱性和纵向分析","authors":"Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel","doi":"10.14722/madweb.2024.23035","DOIUrl":null,"url":null,"abstract":"Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.","PeriodicalId":513202,"journal":{"name":"ArXiv","volume":"25 1‐2","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services\",\"authors\":\"Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel\",\"doi\":\"10.14722/madweb.2024.23035\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.\",\"PeriodicalId\":513202,\"journal\":{\"name\":\"ArXiv\",\"volume\":\"25 1‐2\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-03-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ArXiv\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/madweb.2024.23035\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ArXiv","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/madweb.2024.23035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
免费代理从网络诞生之初就开始普及,它可以帮助用户绕过地理封锁,隐藏自己的 IP 地址。各种代理服务器提供商承诺提供更快的上网速度或更高的隐私保护,同时宣传他们的列表由数百个随时可用的免费代理服务器组成。然而,虽然付费代理服务宣传支持加密连接和高稳定性,但免费代理往往缺乏此类保证,因此容易发生恶意活动,如窃听或修改内容。此外,市场还鼓励利用设备安装代理服务器。在本文中,我们介绍了一项为期 30 个月的纵向研究,分析了我们从 11 个提供商处收集的免费网络代理的稳定性、安全性和潜在操纵性。我们收集了超过 640,600 个代理服务器,每天对其进行累积测试。我们发现,只有 34.5% 的代理服务器在测试期间至少活跃过一次,这表明免费代理服务器普遍存在不稳定性。从地域上看,大多数代理服务器来自美国和中国。利用 Shodan 搜索引擎,我们在代理服务器的 IP 地址上发现了 4,452 个不同的漏洞,其中 1,755 个漏洞允许未经授权的远程代码执行,2,036 个漏洞允许主机设备上的权限升级。通过对代理服务器 IP 地址的软件分析,我们发现其中 42,206 个代理服务器似乎运行在 MikroTik 路由器上。令人担忧的是,我们还发现 16,923 个代理程序操纵内容,这表明代理程序所有者可能有恶意意图。最终,我们的研究表明,使用免费网络代理会给用户的隐私和安全带来巨大风险。我们在分析中发现的不稳定性、漏洞和潜在的恶意行为使我们强烈警告用户不要依赖免费代理。
Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services
Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.