English (US) 
Archived Blog
Web proxy sites using obfuscation
02.25.2010 - 5:27 PM
As some of you may know, Web proxy sites are a common tool used for anonymously surfing the Web or bypassing Web security filters. These sites are easy to find, set up, and share. However, not all Web proxies are the same.
Lately we've found more and more Web proxies that use randomized obfuscated content. Why is this interesting and unusual? Well, JavaScript Obfuscation is used for many reasons. It's mainly used to hide or make source code difficult to understand, something we have seen all the time in Web-based attacks. The Web proxy site source code is deliberately obfuscated to conceal its purpose, to deter reverse engineering, and to avoid content signature detection, especially when the strings randomly change with each visit to the Web site. This type of proxy is simple to install, making it easy to spread for use on the Internet, yet difficult to detect or track.
Here is an example of a Web proxy's source code:
As you can see, the site code is completely obfuscated and unreadable. Now, if we decode the obfuscation, we can detect what the site really is:
The code is now readable and we can determine that it is a Web proxy site:
The use of Web proxies is controversial. Although some people use proxies for anonymity, others use them to bypass security filters at work and school. Just keep in mind, as we mentioned in a previous blog, "Sites like these can be run by bad guys for malicious intent. Not only can data going through a proxy can be easily read by the owner (information such as your usernames and passwords) but it also allows you to bypass security filters and visit sites that could inject malicious code." Who do you trust with your web traffic?
Security Researcher: Jack Rasgaitis
