Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if the proxy modifies traffic #18

Open
cyian-1756 opened this issue Aug 7, 2016 · 4 comments
Open

Check if the proxy modifies traffic #18

cyian-1756 opened this issue Aug 7, 2016 · 4 comments
Labels
enhancement

Comments

@cyian-1756
Copy link

A neat feature would be to check if the proxy was injecting ads/javascript (or in any other way modifying traffic)
@constverum
Copy link
Owner

Yes, this feature is in the TODO. I think the only way to implement this is to compare a checksum. If anyone have other options I'm ready to discuss =)

@cyian-1756
Copy link
Author

Yes, this feature is in the TODO.

Well I completely missed it, sorry about that.

I think the only way to implement this is to compare a checksum.

You might also be able to do size and number of files returned as well. Also sending data thru the proxy and seeing if it was changed on it's way to it's destination would be another way to tell if the proxy was messy with the traffic

@erm3nda
Copy link

erm3nda commented Oct 25, 2017

Theres no real way to compare websites 100% because each html will be rendered different in each request. Checksum will fail so often.

An idea will be to save a list of web elements (the html dom names, not their content) and compare the main structure. You will notice changes for ads or div created between direct and proxy requests.

@Wilbo007
Copy link

@erm3nda or you could just request a static web page retard

@synchronizing
Copy link

synchronizing commented Jun 1, 2019
edited

@erm3nda I partially agree with this comment as checksum doesn't have to be index.html specific. Another method would be to do a checksum on the website's resources; i.e., its main .css file, js files, etc. Whatever the case -- whether it is checksum or specific HTML -- there are only two ways this can be achieved:

  • Statistically, by verifying > ~10% of proxies respond with the same DOM/checksum request.
  • Request from the local machine that saves either checksum or DOM state to be verified against all proxies. This method, however, exposes the IP of the user using ProxyBroker.

Another thing to mention is the fact that not all websites are rendered the same depending on the language. Take NYTimes.com, for example:

Both websites look fairly similar, but it seems that their HTML is rendered differently. Therefore, I believe, it would be preferred the client serves a proper Accept-Language header and verifies the Content-Language in the checking of the page on top of whatever other mechanism is being done to verify the page.

ckir pushed a commit to ckir/ProxyBroker that referenced this issue Jan 13, 2023
@bluet
Merge pull request constverum#18 from bluet/snyk-fix-9a1892184ca2431e…
69c44e9 
…bfe33fb99bac5965

[Snyk] Security upgrade pyyaml from 5.3.1 to 5.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@synchronizing @Wilbo007 @constverum @erm3nda @cyian-1756