Hack The Proxy – A Bug Bounty Program

Proxy Server:

A proxy server is a gateway between you and the Internet. An intermediary server separating end users from the websites they browse. Proxy servers also vary in levels of functionality, security, and privacy, depending on your case, needs, or company policy.

If you’re using a proxy server, Internet traffic flows through the proxy server on the address you requested. Modern proxy servers do much more than forwarding web requests, all in the name of data security and network performance.

The Proxy allows you to configure your browser to route your browser traffic through that machine, which makes a request for a page on your behalf, sending back the result. A good proxy server keeps its users and the internal network protected from the bad stuff that lives out in the Internet ecosystem.

How does Proxy Server work?

Every device on the internet needs to have a unique Internet Protocol (IP) Address. Just like a post office (knows how to deliver mail to your address), the internet knows how to send the correct data to the correct computer by the IP address.

When you send a web request, your request goes to the proxy server first. A computer on the internet with its own IP address that your computer knows. The server then makes a request on your behalf, collects the response, and forwards you the web page data so you can see the page you requested.

A proxy server changes your IP address, and the webserver doesn’t know exactly where you are in the world. It can only encrypt your data, so it is unreadable in transit. A proxy server can block access to certain web pages, based on IP address.

Reasons why you should use a Proxy Server:

1. Control Internet usage: Organizations and parents set up proxy servers to control and monitor the usage of the Internet for their employees or kids. They can also monitor and log all web requests so they might not block the site.
2. Bandwidth savings and improved speeds: An overall network performance with a good proxy server. Proxy servers can cache (save a copy of the website locally) popular websites and will check to see if it has the most recent copy of the site and then send you the saved copy. When hundreds of people hit the same website at the same time from the same proxy server, it only sends one request to the domain. This saves bandwidth for the company and improves network performance.
3. Privacy benefits: Individuals and organizations alike use the servers to browse the internet more privately. Some of the proxy servers change the IP address and other identifying information. This further means that the server doesn’t know who actually made the original request, which helps your personal information and browsing habits more private.
4. Improved security: The proxy servers provide security benefits on top of the privacy benefits. You can configure your proxy server to encrypt your web requests to keep prying eyes from reading your transactions. A VPN can also be coupled with the proxy server for accessing the servers remotely.
5. Get access to blocked resources: Proxy servers allow users to circumvent content restrictions imposed by companies or governments. It will make you look like you in another country when you are operating it from your office/ home.

What is Proxy hacking?

Proxy hacking is an attack technique designed to supplant an authentic or official website in a search engine’s index and search results page. An attacker uses proxy hacking to gain an advantage over a competitor or redirects users requesting the targeted page to a malicious website. Proxy hacking is also known as proxy hijacking.

How it works: The attacker creates a copy of the targeted web page on a proxy server and uses the methods like keyboard stuffing and linking it to the copied page from the external sites. The authentic page will now rank lower and may be seen as duplicated content.

If you suspect that your website is the victim of a proxy hack, search for a phrase that shall be unique, or almost unique, to your content. If, however, a duplicate of your content shows up, it is a proxy page. TO]o prevent proxy hacking, you should limit connections from open proxy servers to your website.

Hack the Proxy:

Hack the Proxy was the first bug bounty program focusing on finding vulnerabilities for a government-owned organization (Pentagone, U.S) publicly accessible proxy servers.

The Department of Defense, Pentagon, conducted a bug bounty program with ethical hackers to identify vulnerabilities in their network last month, 2019. Out of 31 vulnerabilities discovered, 9 were ‘high severity,’ and one was found to be a ‘critical’ vulnerability. The top bug bounty hunter (U.S based) earned a total of $16.000.

Eighty-one ethical hackers uncovered a  total of 31 bugs across the Defense Department proxies, virtual networks, and virtual desktops. Throughout a two-week program from September 3 to September 18, 2019, hackers from the U.S, India, Turkey, Ukraine, and Canada were invited to participate in the bounty program.

‘Hack the Proxy’ was a critical approach that leveraged crowd-sourced talent for an outside-in view of the vulnerabilities. The Department of Defense awarded a total of $33,750 to the hackers for their efforts.

The goal was to find places where the external DoDIN (Department of Defense Information Network) touchpoints might be used by adversaries to surveil information that was internal to the network. Improving the abilities of conduct, validating capabilities, closing unknown vulnerabilities, and enforcing standard issues were resolved.

Hack the Proxy required general eligibility like:

1. Successfully registered as a participant through their security page.
2. Not reside in a country currently under U.S trade sanctions.
3. Up to 600 eligible applicants were invited to participate in the challenge.
4. U.S persons defined by the Internal Revenue Code Section 7701(a)(30) were eligible.
5. Special information on payment eligibility was provided upon acceptance into the challenge.

Interested in knowing more about cyber threats? Well.. head towards the blog section for more day-to-day risks. This was all about Hack the Proxy. This brings me back to the lastest post, Blockchain. We definitely have a human right to identity, commencing the moment we are born. The most surface level of identity consists of one’s first and last name, date of birth, nationality, etc. A blockchain is a public ledger of information collected through a network that sits on top of the Internet. The information is recorded that gives blockchain its groundbreaking potential. Find out more about Blockchain here !!