[noCensorship] Re: Testing proxies from Freerk's list / was Re: Proxytools censored - a thanks

  • From: wayne <wayne@xxxxxxxxxxxxx>
  • To: nocensorship@xxxxxxxxxxxxx
  • Date: 30 Dec 2003 22:09:21 -0000

> From: Denis Green <rainman@xxxxxxxxxxxx>
> To: nocensorship@xxxxxxxxxxxxx
> Subject: [noCensorship] Re: Testing proxies from Freerk's list / was Re: 
> Proxytools censored - a thanks
> Dear Wayne
> >>>> 2.1./ Yes I am working from behind a firewall
> >
> >>
> >>A personal firewall?
> Company firewall. I have no rights over the admin of this
> firewall. 

Then it's doubtful if you can listen for a connection from the 
Internet. SP will never get a back-connection from the proxy, 
so all the anon tests will be (at best) blank.
The *only* case where this could work is if your company firewall 
is a socks thingy, and then you would need to be socksifying SP 
etc. - not happening.


> >>>> 6/ Test as in 5.1. seems to run ok on my machine and gives an
> >>>> output. Doesn't take much time either (total time it took on 190+
> >>>> proxies was less than 10 minutes)
> >
> >>
> >>That's slow, probably because test 13 needs to wait for each proxy 
> >>to connect back to you. Or timeout.
> Or, it is my firewall that is screwing up things

That's my guess. All the back-connections are timing out.

> >>I see you got no 'P' or 'F' (pass or fail) for test 13.
> >>That makes it look like your firewall is screwing with you.
> may be. Is there a way to avoid / circumvent or by pass this ?

SP lets you analyze proxies by making a connection through CONNECT 
capable proxies, but even that works for all but the anon test.

Basically, SP will test for anonymity in only one way - by 
listening for the proxy to connect back and examine the headers 
sent in that request. There are other ways, which involve using 
web sites on the Internet to tell you what they see in your 
requests to them, but SP doesn't use any of these (it's too 
flaky, changes every second day, etc.). You can do these by hand, 
and decide for yourself which ones you believe. They're normally 
referred to as 'Proxy Judges' and a Google search will give you 
a hundred or so. I prefer the ones that don't 'judge' at all, 
but just show the headers the proxy passed on for your web 
request. Look for your own IP address in the environment listed.

> >>In that test, 'R' and 'T' (connection refused or timed-out) tells 
> >>you about the SP attempt to connect to the proxy prior to starting 
> >>the test. Usually, that means test 0 should have the same result, 
> >>but there's one exception above:  :8000
> >>When that kind of thing happens, it's got to be a flaky network. 
> >>Sometimes you get a connection, other times you don't. 
> ok. I checked the complete output and had more cases like this.
> I'm sending you the entire output by direct mail. 

I haven't seen it yet, but I think I'm correct in diagnosing so far.

> >>Other than those cases, you have 3 passes on test 0 (so they *are* 
> >>proxies) but an empty response for test 13. Assuming you let the 
> >>tests finish, this means SP was able to connect to those proxies 
> >>for test 13, but then there was no response, or something which  
> >>caused the test to *not* be performed. The test is, after all, to 
> >>see if your IP address is in the proxies request headers ('F') 
> >>or not ('P'). 
> >>I would guess the headers weren't seen at all.
> >>Sounds like very slow proxies (SP must timeout eventually), or 
> >>a firewall interfering.
> When U see the complete output you will see some more cases like this
> Is there a way to solve this problem ? (i.e.) if it is the firewall
> screwing up my tests
> note : I understand you've give me a series of command line
> options below. I'll be firing those today. But AFAI can see I
> need to crack a way to do the test 13 ,  since Test 13 along with
> test 0 seem to be the most important *for me*

You're correct in thinking that if the firewall is screwing test 13, 
then there's no command line option to fix it. Sorry.

> >>copy config-User1.xml temp0.xml
> Please see if you can reply to the addl. questions included in 
> <http://www.freelists.org/archives/nocensorship/12-2003/msg00029.html>
> - I'd like to what all configs come *pre-configured* and how to use 
> them in different situations

LP configs?

You could start an LP config that's preconfigured (User0 was 
designed for a corp intranet like yours) and let LP do it's 
best to get you out. Generally, if there's a way, it finds it, 
but as I said before (referring to the windows executable), there 
are ways that LP doesn't know about.

Once LP is running, you can switch to anon (there's a 'Not 
anonymous' button to click), and then browse the proxy judge 
sites to see how anonymous it really is.

> - Further the error messages when I try to start LP are
> also included in the above REVISED message
> What configs to use while using a LAN ?

LP is quite resilient. Specifying the wrong config doesn't matter 
a whole lot. Supplying LP with the proxy address, and SP test 
results is a lot more useful. I'll go into that if you like, but 
it's essentially the same statProxy and mergeHosts lines as below, 
with your proxy substituted for '-l FreerkList.txt'. Start LP with 
config-User1.xml if you do this. Forget all the copies, and the 
extractHosts line.

Another way to do it is to select config User1, and put your 
proxy in the 'Proxies for AutoConfig/test/merge' field in LP, 
and press 'Test/merge proxies'. That does exactly the same 

> >>copy config-User1.xml temp0.xml
> >>copy hosts.xml temp1.xml
> >>perl statProxy.pl -p -t 0:13 -l Freerklist.txt
> >>perl mergeHosts.pl statProxy.2003.12.29.?.out config-User1.xml
> >>copy config-User1.xml hosts.xml
> >>perl extractHosts.pl outputFile.txt isEnabled doesNotPassIPAddressThrough
> >><speed term, etc...> 
> >>copy temp1.xml hosts.xml
> >>copy temp0.xml config-User1.xml
> I'll run exactly these
> But here again test 13 may fail 


> So what are the alternatives ? 
> - Check from outside the firewall (i.e.) dialup .. etc.
>   connection 

That will work, if you can do it.
SP result files contain the location the test was done from, and 
those results can be merged to a config file anywhere. Your 
firewall will not be one that LP already knows about, so expect 
it to do some 'learning' before it gets anywhere (if it can at 

> - some other tests that you can recommend ?

Master.pl is what the 'AutoConfigure' button does. That actually 
scans your firewall to see if there are any direct holes through.
Worth a try. If your firewall allows connections out on port 8000, 
for example, you're home free. LP will be able to use many proxies 
then. Even a hole on port 443 will enable LP to build with a few 
external proxies.

SP run on your proxy might show that it allows CONNECT out to 
some of the external proxies. LP could use that too.

> Thanks as always
> DG

Turing email: wayne at nym.alias.nest
(remove the obvious extra 's')
===8>============== noCensorship community ===============
List's webpage: http://www.freelists.org/webpage/nocensorship
List's archive: http://www.freelists.org/archives/nocensorship
To unsubscribe: nocensorship-request@xxxxxxxxxxxxx with 'unsubscribe' in the 
SUBJECT field.
Moderator's email: nocensorship-moderators@xxxxxxxxxxxxx
===8>============== noCensorship community ===============

Other related posts: