Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

Mehanna, Naif; Rudametkin, Walter; Laperdrix, Pierre; Vastel, Antoine

Document type :

Communication dans un congrès avec actes

DOI :

10.14722/madweb.2024.23035

Title :

Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

Author(s) :

Mehanna, Naif [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Rudametkin, Walter [Auteur]

Diversity-centric Software Engineering [DiverSe]
Institut universitaire de France [IUF]
Laperdrix, Pierre [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Vastel, Antoine [Auteur]
DataDome

Conference title :

MADWeb 2024 - Workshop on Measurements, Attacks, and Defenses for the Web

City :

San Diego (CA)

Country :

Etats-Unis d'Amérique

Start date of the conference :

2024-02-23

Book title :

Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb'24)

Publication date :

2024

English keyword(s) :

Free Proxies
Web security
Vulnerabilities
Web Proxies

HAL domain(s) :

Informatique [cs]/Cryptographie et sécurité [cs.CR]

English abstract : [en]

Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising ...
Show more >Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there’s a market that encourages exploiting devices to install proxies.In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640, 600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4, 452 distinct vulnerabilities on the proxies’ IP addresses, including 1, 755 vulnerabilities that allow unauthorized remote code execution and 2, 036 that enable privilege escalation on the host device. Through the software analysis on the proxies’ IP addresses, we find that 42, 206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16, 923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users’ privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.Show less >

Language :

Anglais

Peer reviewed article :

Oui

Audience :

Internationale

Popular science :

Non

ANR Project :

Fingerprinting et exploration des attaques et défenses sur CPU depuis des scripts web
FP-Locker : Renforcer l'authentification web grâce aux empreintes de navigateur

Collections :

Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL

Files

document
Open access
Access the document

free-proxies.pdf
Open access
Access the document

document
Open access
Access the document

free-proxies.pdf
Open access
Access the document

Free Proxies Unmasked: A Vulnerability and ... BibTeX CSV Excel RIS

Files

Free Proxies Unmasked: A Vulnerability and ...

BibTeX

CSV

Excel

RIS