Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

ArXiv Pub Date : 2024-03-04 DOI:10.14722/madweb.2024.23035
Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel
{"title":"Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services","authors":"Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel","doi":"10.14722/madweb.2024.23035","DOIUrl":null,"url":null,"abstract":"Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.","PeriodicalId":513202,"journal":{"name":"ArXiv","volume":"25 1‐2","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ArXiv","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/madweb.2024.23035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.
揭开免费代理的面纱:免费代理服务的脆弱性和纵向分析
免费代理从网络诞生之初就开始普及,它可以帮助用户绕过地理封锁,隐藏自己的 IP 地址。各种代理服务器提供商承诺提供更快的上网速度或更高的隐私保护,同时宣传他们的列表由数百个随时可用的免费代理服务器组成。然而,虽然付费代理服务宣传支持加密连接和高稳定性,但免费代理往往缺乏此类保证,因此容易发生恶意活动,如窃听或修改内容。此外,市场还鼓励利用设备安装代理服务器。在本文中,我们介绍了一项为期 30 个月的纵向研究,分析了我们从 11 个提供商处收集的免费网络代理的稳定性、安全性和潜在操纵性。我们收集了超过 640,600 个代理服务器,每天对其进行累积测试。我们发现,只有 34.5% 的代理服务器在测试期间至少活跃过一次,这表明免费代理服务器普遍存在不稳定性。从地域上看,大多数代理服务器来自美国和中国。利用 Shodan 搜索引擎,我们在代理服务器的 IP 地址上发现了 4,452 个不同的漏洞,其中 1,755 个漏洞允许未经授权的远程代码执行,2,036 个漏洞允许主机设备上的权限升级。通过对代理服务器 IP 地址的软件分析,我们发现其中 42,206 个代理服务器似乎运行在 MikroTik 路由器上。令人担忧的是,我们还发现 16,923 个代理程序操纵内容,这表明代理程序所有者可能有恶意意图。最终,我们的研究表明,使用免费网络代理会给用户的隐私和安全带来巨大风险。我们在分析中发现的不稳定性、漏洞和潜在的恶意行为使我们强烈警告用户不要依赖免费代理。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信