Man In The Proxy

04 Jul 2020 - Alejandro Piña

I really didn’t know how to headline this article so after give it turns and more turns I concluded that this technique should be called Man in The Proxy from Man in The Middle technique but on a global scale

In this first delivery of the Man in The Proxy series I’ll limit myself to explain the theoretical functionality in a second part we will put it into practice.

What is Man in The Proxy?

Maybe you heard that best way to search through internet anonymously is to connect your browser, computer or modem to a proxy server, on the way you found hundreds of sites where good Samaritans have shared their proxy servers with IP addresses and ports ready to you can browse in a safe and anonymous way

The idea of a proxy server is that it make requests on your behalf and if it also offers you anonymity service, it deletes client IP address, many people use this service type to access content restricted by country just for mentioning a common prupose. I hope that at the end of this article you think the risk to connect a proxy server to browser

The basic shape of the Man in The Proxy technique is when the client sends a request through intermediary(proxy server), intermediary manipulates response of website, altering its content.

Cherry on the cake

At this point stuff can start to get out of hand, and I’ll say it as a big question.

What happens if we mount a proxy server, perhaps with Apache, IIS or Nginx, also if we invent a middleware capable of itercept requests for javascript files and that these files are manipulated before being delivered to the client injecting a code snippet which will be executed once it renderized by the client browser also with a cache expiration for the next five years and this code snippet is able to maintain a connection to a server waiting for instructions, when was the last time you cleared the cache?

We have created a botnet on a global scale

Soon the source code… to be continue…