EvilZone

Other => Found it on the Webs => : kenjoe41 January 04, 2015, 01:57:39 PM

: why free proxies are free.
: kenjoe41 January 04, 2015, 01:57:39 PM

I recently stumbled across a presentation of Chema Alonso from the Defcon 20 Conference where he was talking about how he created a Javascript botnet from scratch and how he used it to find scammers and hackers.

Everything is done via a stock SQUID proxy with small config changes.

The idea is pretty simple:

    [Server] Install Squid on a linux server
    [Payload] Modify the server so all transmitted javascript files will get one extra piece of code that does things like send all data entered in forms to your server
    [Cache] Set the caching time of the modified .js files as high as possible

Read More: https://blog.haschek.at/post/fd9bc (https://blog.haschek.at/post/fd9bc)

: Re: why free proxies are free.
: racktapbang January 04, 2015, 06:41:28 PM

Hmm this is very interesting. Thanks for posting. Good read!

: Re: why free proxies are free.
: madf0x January 04, 2015, 06:43:42 PM

Yeah I saw this when it got posted too. It's neat, but g0tm1lk and plenty others beat this guy to the punch already :P I had a similar project going for awhile on an old machine I had. Was meant to be less obvious about injecting shit and acting as a more transparent proxy(no url rewriting either).

Might need to remake that little project with some smaller more fine tuned tool.

: Re: why free proxies are free.
: Kulverstukas January 04, 2015, 07:52:01 PM

This is no news, people been doing it for ages.