OFF: anonymizers (was Re: NIK: HW: Burg Herzberg etc.)

Arin Komins akomins at UCHICAGO.EDU
Fri Jul 22 11:22:16 EDT 2005


On Fri, 22 Jul 2005, Drill wrote:

:Subject: Re: NIK: HW: Burg Herzberg etc.
:
:Does that work? Someone showed me a way to employ international proxy
:servers but I don't remember the details or how it could be so
:effective. I can't use anything useful with the free anonymizer,
:specifically email and internet-phone relay services. But tangible

[snip]

:> Is it okay if we use it to send harassing e-mail to people when
:> necessary (logged in via anonymizer.com, naturally)? >;-)

[snip]

Web anonymizers work brilliantly if you are using web-based mail clients.
If you are using POP(S), IMAP(S), or MAPI (for you Exchange-loving fiends
out there), then anonymizing is a bit more tricky. If you are in a
SMTP-AUTH scenario, then perhaps you want to rethink the need to anonymize
;-)

If you want to do your own anonymization for web-based mail products (or
web surfing in general), you can download and use one of the handy-dandy
web proxy tools (normally used for security research).  I happen to like
webproxy (used to be free from the now defunct Lopht/atstake crew) and webscarab (from owasp.org.)

Remember to set up your own regex's, though, for anonymity, as by default
most proxy tools don't remove your identifying info.  I'd also change the
user agent strings, just in case someone is blocking your particular proxy
;-)

Arin
(web application security person by day ;-) )
--
------------------------------------------------------------------
Arin Komins                                   akomins at uchicago.edu
Assistant Director/ENSS
University of Chicago/NSIT/ENSS                 tel: (773)834-4087
1155 E. 60th St. #418    Chicago, IL 60637      fax: (773)702-0559
------------------------------------------------------------------



More information about the boc-l mailing list