Why do we need proxies?
The main purpose for which we use Proxifiers is to change the IP address.
To create a new identity and look like a new person to security systems we have to change IP and many people stop at that, but those resources that help us change the IP can also hurt us. Users often confuse the concepts of “Anonymity” and “Security”.
The user thinks he has changed IP address, and now nobody will know it, but at the same time he leaks his real IP address in several places at once. It is because of incorrect use of network resources that Anti-Fraud systems de-anonymize users.
The first place to start is with the foundation, we need to define what network resources we need, and the OSI Model can help us do this, as you can see in the figure below.
The OSI/ISO Network Protocol Stack Model
As we can see there are as much as 7 major stages in our network connection, and each of these stages (hereafter – the levels) are characterized by different levels of rights, access and architecture, where Level #1 is the lowest, Level 7 is the highest.
The choice of Proxifier will depend on what level we will work at, because in some cases we will need just a proxy in a browser (Level 7) and sometimes we will have to go lower, for example when proxying the whole operating system with VPN (Level 2).
What resources are commonly used to change the IP address when bypassing Anti-Fraud systems?
A Proxy server is a broker which receives our packets on the connection and “forwards” them from us to our target web resource.
Proxies can be set up on a server, a home PC, a router, a telephone, a coffee machine and almost any other accessible network resource.
Proxies come in several varieties:
CGI – or web proxy in other words. It is a web page that asks you to enter the address of a site and it will open in the same page with a different IP. Browser variant.
HTTP – A simple proxy for HTTP requests. Useless solution in our case.
In addition to everything else HTTP are divided into three other conditional groups:
Transparent Proxies – Tell all web resources your real IP. An example is the x-forwarded-for header. Useless.
Anonymous proxies – Hides your IP, but tells people you’re using a proxy. Useless.
Elite Proxies – Will hide your IP, but will not tell you that a proxy is being used. Useless.
HTTPS – The same useless for us HTTP proxy, but now +S – which means that it supports encryption, meaning that we will proxy web pages https – forms of authorization, entry and transmission of sensitive information, etc. But this proxy is still visible to Anti-Fraud systems and may modify our packages.
Socks 4 – The first workable proxy protocol. It tries to hide proxification, does not modify packets and in general is not bad, but it has its disadvantages.
Socks 5 – Practically ideal variant, as well as Socks 4 with addition of so needed support of UDP protocol, and correspondingly the possibility of DNS and IPv6 substitution.
ShadowSocks – Chinese open-source invention, which is in the lead among all competitors by its functionality. Ideal.
The difference between the Proxy protocols is impressive, and yet every item of functionality listed in this table can be used by User Authentication systems.
It is this difference in functionality that makes HTTP, HTTPS, SOCKS 4 protocols useless, because the lack of support for UDP protocol, plus the lack of proxying DNS queries will be anomalous and will separate us from the masses of real users.
Socks 5 and ShadowSocks variants are the only ones that can help us in masking our identity with the User Identity systems. But there are not only Proxy, now let’s move on to consideration of other technologies.
The second most popular technology after Proxy.
A remote server, which we forced to become an intermediary server. It works like this: when SSH-client and SSH-server connect, on the side of SSH-client appears SOCKS-proxy, for example, on localhost, which can be pointed to SOCKS-enabled applications. The proxy itself will be through the SSH server you are connecting to. In sum – the Internet will see you on behalf of the SSH-server, the connection between SSH-client and SSH-server is encrypted, so you can not see the attachments of the application, and for the application everything looks like access to the usual SOCKS-proxy.
VPN – Virtual Private Network – is a technology that allows you to create an encrypted connection in unencrypted networks. It came to us from the telephone networks and has more than 10 varieties, in practice, for all its advantages, has a serious disadvantage in the work – a weak ability to mask the use of technology VPN.
When it comes to identity change, some people like to wisecrack:
“Even Snowden used TOR – use TOR!”
“TOR wouldn’t be broken by the FBI, not like that Amazon of yours!”
And other similar nonsense pours out of the keyboards of smart people who don’t even understand the meaning of both the TOR network and identity change techniques.
There are two problems with TOR in our case:
1. the TOR Browser doesn’t change our digital identity fingerprints.
2. TOR Browser has its own unique features that will give us away.
3. Everyone knows that the TOR network officially advocates an uncensored Internet, but in fact there are mostly drugs and child porn. No self-respecting security system will not allow anything to do with the IP address included in the network output nodes of the Tor network. Just forget about using TOR at work.
And the results, among all the popular technology to change IP addresses, we can distinguish four technologies suitable for work:
1. Socks 5
3. SSH tunnels
Unsuitable for work:
1. CGI Proxy
2. HTTP Proxy
3. HTTPS Proxy
4. Socks 4 Proxy
Which technology is the best?
The #1 place is ShadowSocks
The technology that is the only one among all applicants was created to mask the identity, while others were created either to secure the information being intercepted or as a part of the network architecture. Therein lies the secret of ShadowSocks success, as Anonymity was the reason for its emergence, but not the consequence.
The #2 place is Socks 5
Having its obvious shortcomings, Socks 5 protocol is still a reliable solution for identity swapping in the work with Anti-Fraud systems. Yes, it does not mask the traffic, it is not stable against Deep Packet Inspection – but such technologies are currently quite rare, so you can work, although time and inexorably flies forward and the situation of relevance of Socks 5 will soon change not for the better.
#3 place – VPN and SSH
On the third place are two technologies capable of changing our IP address and they are generally identical – they can be used in the work, but their identification is in most cases a very simple task, so to rely on these technologies in the work of alas not the best choice. There are many variants of determining the use of VPN and SSH and in fact all of them are already used by antifraud systems, here’s a good example:
Where do Proxy, SSH and VPN come from?
There are three main sources of origin of network resources on the market:
1. Vendors themselves “raise” network resources.
2. Vendors hack into someone else’s web resources and put them up for sale.
As we can see from the three options – two are illegal. Of course the sellers do not inform us that “Our proxies are from Botnet” or something like that, and in fact the “Buyer did not ask, the seller did not tell” scheme is working, and everyone seems to be happy, however this scheme has its disadvantages – in fact the Buyer of the compromised web resource is responsible as the Seller of this compromised web resource.
In other words it is like buying a car – one person stole this car, the other bought and drives it – respectively they will both be guilty, some more than others, but you will agree that it would be very unpleasant if you were arrested by Interpol in some European airport and charged for using 100 hacked PCs 5 years ago, which you used to register Google accounts.
Using a botnet or targeted hacking of network resources allows such “sellers” to:
1. Reduce costs and therefore increase profits
2. Obtain a “Resident” or simply “home IP address” – such IP addresses are in greatest demand because, unlike the server IP is a higher level of confidence in anti-forefront systems.