Hello everyone, in this simple post we will take a look on how to setup an Elite Proxy. There are three types (probably many) of web proxy available outside which is:
- Transparent Proxy
- Anonymous Proxy
- Elite Proxy
What type they are basically just comes down to which HTTP Headers they include about who you are. Before we setup the proxy, let us take a deep through what that means.
1. Transparent Proxy
Exposing the proxy IP address through REMOTE_ADDR and HTTP_VIA headers, and your real IP address through HTTP_X_FORWARDED_FOR. This proxy is just simply a transparent proxy or a default proxy installation, nothing mod to the HTTP headers are made. All headers are allowed.
REMOTE_ADDR: Proxy IP address HTTP_VIA: Proxy IP address/hostname and details – e.g. 1.1 proxy1.mydomain.net:3128 (squid/2.7.STABLE9) HTTP_X_FORWARDED_FOR: Your real IP address 2. Anonymous Proxy
In Anonymous proxy, It completely hide your IP address from the webserver, by denying HTTP header X_FORWARDED_FOR but still revealing to the websites that you're using a proxy. Anonymous proxy not hide REMOTE_ADDR and HTTP_VIA HTTP header.
REMOTE_ADDR: Proxy IP address HTTP_VIA: Proxy IP address/hostname and details – e.g. 1.1 proxy1.mydomain.net:3128 (squid/2.7.STABLE9) HTTP_X_FORWARDED_FOR: blank 3. Elite Proxy
Elite proxy completely makes you anonymous by hiding your real IP address and not telling the web server that you're using a proxy. So the webserver will see that your IP is actually your Elite proxy IP (but don't know that you're using a proxy).
REMOTE_ADDR: Proxy IP address HTTP_VIA: blank HTTP_X_FORWARDED_FOR: blank Prerequisites
To enable such highly anonymous proxy, you'll need to build Squid proxy from source and enabling --enable-http-violation when configuring because we need to modify the HTTP response and request headers. Please follow this guide that I made last post.
WARNING: Doing this VIOLATES the HTTP standard. Enabling these feature could make you liable for problems which it causes. Enabling "paranoid" mode may causes problems on visiting some websites.
Anonymous configs
This option only applies to outgoing HTTP request headers (i.e., headers sent by Squid to the next HTTP hop such as a cache peer or an origin server). The option has no effect during cache hit detection.
Below is a suggestion configs by Squid to achieve the same behavior as the old 'http_anonymizer standard' option, you should use:
request_header_access From deny all request_header_access Referer deny all request_header_access User-Agent deny all reply_header_access Server deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all After done modifying, restart Squid and test the different.
Elite configs
Elite configs in simpler form:
### Deny headers request_header_access Via deny all request_header_access Forwarded-For deny all request_header_access X-Forwarded-For deny all request_header_access Referer deny all request_header_access From deny all request_header_access User-Agent deny all ### Deny headers reply_header_access Via deny all reply_header_access Server deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all Below configs allowing some useful headers and denying all other headers. To reproduce the old 'http_anonymizer paranoid' feature you should use:
request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Cache-Control allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Connection allow all request_header_access All deny all reply_header_access Allow allow all reply_header_access WWW-Authenticate allow all reply_header_access Proxy-Authenticate allow all reply_header_access Cache-Control allow all reply_header_access Content-Encoding allow all reply_header_access Content-Length allow all reply_header_access Content-Type allow all reply_header_access Date allow all reply_header_access Expires allow all reply_header_access Last-Modified allow all reply_header_access Location allow all reply_header_access Pragma allow all reply_header_access Content-Language allow all reply_header_access Retry-After allow all reply_header_access Title allow all reply_header_access Content-Disposition allow all reply_header_access Connection allow all reply_header_access All deny all After done modifying, restart Squid and see the difference.
Custom configs
In custom configs below, I follow the 'HTTP paranoid' above and add custom deny options. Note: If you customize the rule, make sure deny rule first then allow rule ('All' rule must at the bottom).
### Request Headers ### ### Deny headers request_header_access Via deny all request_header_access Forwarded-For deny all request_header_access X-Forwarded-For deny all request_header_access Referer deny all request_header_access From deny all request_header_access User-Agent deny all ### Allow headers request_header_access Cache-Control allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Pragma allow all request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all ### All others are deny request_header_access All deny all ### Replacement request_header_replace User-Agent 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13; ) Gecko/20101203' ##################### ### Reply Headers ### ### Deny headers reply_header_access Via deny all reply_header_access Server deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all ### Allow headers reply_header_access Allow allow all reply_header_access Proxy-Authenticate allow all reply_header_access Cache-Control allow all reply_header_access Content-Encoding allow all reply_header_access Content-Length allow all reply_header_access Content-Type allow all reply_header_access Date allow all reply_header_access Expires allow all reply_header_access Last-Modified allow all reply_header_access Location allow all reply_header_access Pragma allow all reply_header_access Content-Language allow all reply_header_access Retry-After allow all reply_header_access Title allow all reply_header_access Content-Disposition allow all reply_header_access Connection allow all ### All others are denied reply_header_access All deny all Post installation
1. Spoof request and response header
You might also want to spoof the request header such as User-Agent. You can do that by using request_header_replace tag. To spoof response header, use reply_header_replace tag. You can do this by refering to this post.
2. Post installation
Post instalation includes how you can enable the proxy startup on boot, allowing firewall, etc. Refer complete post installation here.
3. Complete uninstallation
Again, I've already write the tutorial on how to completely uninstall Squid proxy, please refer here for complete uninstallation.
Thoughts
In my opinion, the only way to 'really' anonimize you is by browsing through Tor network. It is not only safe but completely encrypt your network traffic. Using Tor is the best bet. But yet Anonymous Elite proxy can help you quick simple anonimization. Cheers!
'%3E%3Cg%20id='Group'%3E%3Cg%20id='Combined%20Shape'%3E%3Cuse%20xlink:href='%23path0_fill'%20transform='translate(5201.49%20697.468)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3Cg%20id='Logo'%3E%3Cg%20id='Fill%201'%3E%3Cuse%20xlink:href='%23path1_fill'%20transform='translate(5188.19%20700.863)'%20fill='%23FF9100'/%3E%3C/g%3E%3Cg%20id='Fill%202'%3E%3Cuse%20xlink:href='%23path2_fill'%20transform='translate(5188.19%20700.863)'%20fill='%23FFDD00'/%3E%3C/g%3E%3Cg%20id='Fill%203'%3E%3Cuse%20xlink:href='%23path3_fill'%20transform='translate(5186.75%20699.413)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3Cg%20id='Stroke%204'%3E%3Cuse%20xlink:href='%23path4_stroke'%20transform='translate(5186.75%20699.413)'/%3E%3C/g%3E%3Cg%20id='Fill%206'%3E%3Cuse%20xlink:href='%23path5_fill'%20transform='translate(5188.24%20697.056)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3Cg%20id='Group%2011'%3E%3Cg%20id='Stroke%207'%3E%3Cuse%20xlink:href='%23path6_stroke'%20transform='translate(5188.24%20697.056)'%20fill='%23050505'/%3E%3C/g%3E%3Cg%20id='Stroke%209'%3E%3Cuse%20xlink:href='%23path7_stroke'%20transform='translate(5187.29%20700.863)'/%3E%3C/g%3E%3C/g%3E%3Cg%20id='Fill%2012'%3E%3Cuse%20xlink:href='%23path8_fill'%20transform='translate(5187.07%20705.304)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3Cg%20id='Stroke%2013'%3E%3Cuse%20xlink:href='%23path9_stroke'%20transform='translate(5187.07%20705.304)'/%3E%3C/g%3E%3C/g%3E%3Cg%20id='Oval'%20opacity='0.2'%3E%3Cmask%20id='mask0_outline_ins'%3E%3Cuse%20xlink:href='%23path10_fill'%20fill='white'%20transform='translate(5180.65%20701.166)'/%3E%3C/mask%3E%3Cg%20mask='url(%23mask0_outline_ins)'%3E%3Cuse%20xlink:href='%23path11_stroke_2x'%20transform='translate(5180.65%20701.166)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3Cg%20id='Oval'%20opacity='0.2'%3E%3Cuse%20xlink:href='%23path12_fill'%20transform='translate(5200.84%20707.692)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3Cg%20id='Oval'%3E%3Cuse%20xlink:href='%23path12_fill'%20transform='translate(5184.56%20712.696)'%20fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3C/g%3E%3Cdefs%3E%3Cpath%20id='path0_fill'%20fill-rule='evenodd'%20d='M%201.11914%200.172241C%201.02246%200.272827%200.962891%200.409363%200.962891%200.559753L%200.962891%200.962952L%200.55957%200.962952C%200.250488%200.962952%200%201.21356%200%201.52277C%200%201.83191%200.250488%202.08252%200.55957%202.08252L%200.962891%202.08252L%200.962891%202.48566C%200.962891%202.7948%201.21338%203.04547%201.52246%203.04547C%201.83203%203.04547%202.08252%202.7948%202.08252%202.48566L%202.08252%202.08252L%202.48584%202.08252C%202.79492%202.08252%203.04541%201.83191%203.04541%201.52277C%203.04541%201.21356%202.79492%200.962952%202.48584%200.962952L%202.08252%200.962952L%202.08252%200.559753C%202.08252%200.25061%201.83203%200%201.52246%200C%201.36377%200%201.2207%200.06604%201.11914%200.172241Z'/%3E%3Cpath%20id='path1_fill'%20fill-rule='evenodd'%20d='M%205.02978%200.0305451L%200%200L%202.46998%2015.7258L%203.00889%2015.7258L%207.94885%2015.7258L%208.48776%2015.7258L%2010.9577%200L%205.02978%200.0305451Z'/%3E%3Cpath%20id='path2_fill'%20fill-rule='evenodd'%20d='M%205.02978%200.0305451L%200%200L%202.46998%2015.7258L%203.00889%2015.7258L%206.69141%2015.7258L%207.23031%2015.7258L%209.7003%200L%205.02978%200.0305451Z'/%3E%3Cpath%20id='path3_fill'%20fill-rule='evenodd'%20d='M%200%201.45021L%2012.9786%201.45021L%2012.9786%200L%200%200L%200%201.45021Z'/%3E%3Cpath%20id='path4_stroke'%20d='M%200%201.45021L%20-0.440282%201.45021L%20-0.440282%201.8905L%200%201.8905L%200%201.45021ZM%2012.9786%201.45021L%2012.9786%201.8905L%2013.4189%201.8905L%2013.4189%201.45021L%2012.9786%201.45021ZM%2012.9786%200L%2013.4189%200L%2013.4189%20-0.440282L%2012.9786%20-0.440282L%2012.9786%200ZM%200%200L%200%20-0.440282L%20-0.440282%20-0.440282L%20-0.440282%200L%200%200ZM%200%201.8905L%2012.9786%201.8905L%2012.9786%201.00993L%200%201.00993L%200%201.8905ZM%2013.4189%201.45021L%2013.4189%200L%2012.5384%200L%2012.5384%201.45021L%2013.4189%201.45021ZM%2012.9786%20-0.440282L%200%20-0.440282L%200%200.440282L%2012.9786%200.440282L%2012.9786%20-0.440282ZM%20-0.440282%200L%20-0.440282%201.45021L%200.440282%201.45021L%200.440282%200L%20-0.440282%200Z'/%3E%3Cpath%20id='path5_fill'%20fill-rule='evenodd'%20d='M%208.98176%200L%205.88305%200L%204.04179%200L%200.943084%200L%200%202.17532L%204.04179%202.17532L%205.88305%202.17532L%209.92484%202.17532L%208.98176%200Z'/%3E%3Cpath%20id='path6_stroke'%20d='M%208.98176%200L%209.38571%20-0.175129L%209.27076%20-0.440282L%208.98176%20-0.440282L%208.98176%200ZM%200.943084%200L%200.943084%20-0.440282L%200.654085%20-0.440282L%200.539131%20-0.175129L%200.943084%200ZM%200%202.17532L%20-0.403953%202.00019L%20-0.670758%202.6156L%200%202.6156L%200%202.17532ZM%209.92484%202.17532L%209.92484%202.6156L%2010.5956%202.6156L%2010.3288%202.00019L%209.92484%202.17532ZM%208.98176%20-0.440282L%205.88305%20-0.440282L%205.88305%200.440282L%208.98176%200.440282L%208.98176%20-0.440282ZM%205.88305%20-0.440282L%204.04179%20-0.440282L%204.04179%200.440282L%205.88305%200.440282L%205.88305%20-0.440282ZM%204.04179%20-0.440282L%200.943084%20-0.440282L%200.943084%200.440282L%204.04179%200.440282L%204.04179%20-0.440282ZM%200.539131%20-0.175129L%20-0.403953%202.00019L%200.403953%202.35045L%201.34704%200.175129L%200.539131%20-0.175129ZM%200%202.6156L%204.04179%202.6156L%204.04179%201.73504L%200%201.73504L%200%202.6156ZM%204.04179%202.6156L%205.88305%202.6156L%205.88305%201.73504L%204.04179%201.73504L%204.04179%202.6156ZM%205.88305%202.6156L%209.92484%202.6156L%209.92484%201.73504L%205.88305%201.73504L%205.88305%202.6156ZM%2010.3288%202.00019L%209.38571%20-0.175129L%208.5778%200.175129L%209.52089%202.35045L%2010.3288%202.00019Z'/%3E%3Cpath%20id='path7_stroke'%20d='M%205.92796%200.0305451L%205.92569%200.470845L%205.93023%200.470821L%205.92796%200.0305451ZM%200%200L%200.00226862%20-0.440276L%20-0.515251%20-0.442943L%20-0.43495%200.0683159L%200%200ZM%202.46998%2015.7258L%202.03503%2015.7941L%202.09346%2016.166L%202.46998%2016.166L%202.46998%2015.7258ZM%209.38594%2015.7258L%209.38594%2016.166L%209.76246%2016.166L%209.82089%2015.7941L%209.38594%2015.7258ZM%2011.8559%200L%2012.2909%200.0683159L%2012.3712%20-0.442943L%2011.8537%20-0.440276L%2011.8559%200ZM%205.93023%20-0.409731L%200.00226862%20-0.440276L%20-0.00226862%200.440276L%205.92569%200.470821L%205.93023%20-0.409731ZM%20-0.43495%200.0683159L%202.03503%2015.7941L%202.90493%2015.6574L%200.43495%20-0.0683159L%20-0.43495%200.0683159ZM%202.46998%2016.166L%203.00889%2016.166L%203.00889%2015.2855L%202.46998%2015.2855L%202.46998%2016.166ZM%203.00889%2016.166L%208.84703%2016.166L%208.84703%2015.2855L%203.00889%2015.2855L%203.00889%2016.166ZM%208.84703%2016.166L%209.38594%2016.166L%209.38594%2015.2855L%208.84703%2015.2855L%208.84703%2016.166ZM%209.82089%2015.7941L%2012.2909%200.0683159L%2011.421%20-0.0683159L%208.95099%2015.6574L%209.82089%2015.7941ZM%2011.8537%20-0.440276L%205.92569%20-0.409731L%205.93023%200.470821L%2011.8582%200.440276L%2011.8537%20-0.440276Z'/%3E%3Cpath%20id='path8_fill'%20fill-rule='evenodd'%20d='M%2012.2601%200L%206.34287%200L%205.91723%200L%200%200L%201.10682%206.25405L%206.13005%206.19953L%2011.1533%206.25405L%2012.2601%200Z'/%3E%3Cpath%20id='path9_stroke'%20d='M%2012.2601%200L%2012.6936%200.0767275L%2012.7851%20-0.440282L%2012.2601%20-0.440282L%2012.2601%200ZM%200%200L%200%20-0.440282L%20-0.525044%20-0.440282L%20-0.433545%200.0767275L%200%200ZM%201.10682%206.25405L%200.673277%206.33077L%200.73833%206.69835L%201.1116%206.6943L%201.10682%206.25405ZM%206.13005%206.19953L%206.13483%205.75917L%206.12527%205.75927L%206.13005%206.19953ZM%2011.1533%206.25405L%2011.1485%206.6943L%2011.5218%206.69835L%2011.5868%206.33077L%2011.1533%206.25405ZM%2012.2601%20-0.440282L%206.34287%20-0.440282L%206.34287%200.440282L%2012.2601%200.440282L%2012.2601%20-0.440282ZM%206.34287%20-0.440282L%205.91723%20-0.440282L%205.91723%200.440282L%206.34287%200.440282L%206.34287%20-0.440282ZM%205.91723%20-0.440282L%200%20-0.440282L%200%200.440282L%205.91723%200.440282L%205.91723%20-0.440282ZM%20-0.433545%200.0767275L%200.673277%206.33077L%201.54037%206.17732L%200.433545%20-0.0767275L%20-0.433545%200.0767275ZM%201.1116%206.6943L%206.13483%206.63978L%206.12527%205.75927L%201.10204%205.81379L%201.1116%206.6943ZM%206.12527%206.63978L%2011.1485%206.6943L%2011.1581%205.81379L%206.13483%205.75927L%206.12527%206.63978ZM%2011.5868%206.33077L%2012.6936%200.0767275L%2011.8266%20-0.0767275L%2010.7197%206.17732L%2011.5868%206.33077Z'/%3E%3Cpath%20id='path10_fill'%20fill-rule='evenodd'%20d='M%201.845%203.69804C%202.86397%203.69804%203.69001%202.87021%203.69001%201.84902C%203.69001%200.827835%202.86397%200%201.845%200C%200.826036%200%200%200.827835%200%201.84902C%200%202.87021%200.826036%203.69804%201.845%203.69804Z'/%3E%3Cpath%20id='path11_stroke_2x'%20d='M%201.845%205.11673C%203.6504%205.11673%205.10869%203.65082%205.10869%201.84902L%202.27132%201.84902C%202.27132%202.0896%202.07754%202.27936%201.845%202.27936L%201.845%205.11673ZM%205.10869%201.84902C%205.10869%200.0472286%203.6504%20-1.41869%201.845%20-1.41869L%201.845%201.41869C%202.07754%201.41869%202.27132%201.60844%202.27132%201.84902L%205.10869%201.84902ZM%201.845%20-1.41869C%200.0396073%20-1.41869%20-1.41869%200.0472286%20-1.41869%201.84902L%201.41869%201.84902C%201.41869%201.60844%201.61246%201.41869%201.845%201.41869L%201.845%20-1.41869ZM%20-1.41869%201.84902C%20-1.41869%203.65082%200.0396073%205.11673%201.845%205.11673L%201.845%202.27936C%201.61246%202.27936%201.41869%202.0896%201.41869%201.84902L%20-1.41869%201.84902Z'/%3E%3Cpath%20id='path12_fill'%20fill-rule='evenodd'%20d='M%200.868237%201.74026C%201.34775%201.74026%201.73647%201.35069%201.73647%200.870128C%201.73647%200.38957%201.34775%200%200.868237%200C%200.388723%200%200%200.38957%200%200.870128C%200%201.35069%200.388723%201.74026%200.868237%201.74026Z'/%3E%3C/defs%3E%3C/svg%3E%0A)