Show simple item record

A Large-scale Analysis of Content Modification by Open HTTP Proxies

dc.contributor.authorTsirantonakis, Giorgosen
dc.contributor.authorIlia, Panagiotisen
dc.contributor.authorIoannidis, Sotirisen
dc.contributor.authorAthanasopoulos, Eliasen
dc.contributor.authorPolychronakis, Michalisen
dc.creatorTsirantonakis, Giorgosen
dc.creatorIlia, Panagiotisen
dc.creatorIoannidis, Sotirisen
dc.creatorAthanasopoulos, Eliasen
dc.creatorPolychronakis, Michalisen
dc.date.accessioned2021-01-22T10:47:53Z
dc.date.available2021-01-22T10:47:53Z
dc.date.issued2018
dc.identifier.urihttp://gnosis.library.ucy.ac.cy/handle/7/62484
dc.description.abstractOpen HTTP proxies offer a quick and convenient solution for routing web traffic towards a destination. In contrast to more elaborate relaying systems, such as anonymity networks or VPN services, users can freely connect to an open HTTP proxy without the need to install any special software. Therefore, open HTTP proxies are an attractive option for bypassing IPbased filters and geo-location restrictions, circumventing content blocking and censorship, and in general, hiding the client’s IP address when accessing a web server. Nevertheless, the consequences of routing traffic through an untrusted third party can be severe, while the operating incentives of the thousands of publicly available HTTP proxies are questionable. In this paper, we present the results of a large-scale analysis of open HTTP proxies, focusing on determining the extent to which user traffic is manipulated while being relayed. We have designed a methodology for detecting proxies that, instead of passively relaying traffic, actively modify the relayed content. Beyond simple detection, our framework is capable of macroscopically attributing certain traffic modifications at the network level to well-defined malicious actions, such as ad injection, user fingerprinting, and redirection to malware landing pages. We have applied our methodology on a large set of publicly available HTTP proxies, which we monitored for a period of two months, and identified that 38% of them perform some form of content modification. The majority of these proxies can be considered benign, as they do not perform any harmful content modification. However, 5.15% of the tested proxies were found to perform modification or injection that can be considered as malicious or unwanted. Specifically, 47% of the malicious proxies injected ads, 39% injected code for collecting user information that can be used for tracking and fingerprinting, and 12% attempted to redirect the user to pages that contain malware. Our study reveals the true incentives of many of the publicly available web proxies. Our findings raise several concerns, as we uncover multiple cases where users can be severely affected by connecting to an open proxy. As a step towards protecting users against unwanted content modification, we built a service that leverages our methodology to automatically collect and probe public proxies, and generates a list of safe proxies that do not perform any content modification, on a daily basis.en
dc.sourceNDSSen
dc.source25th Network and Distributed System Security Symposiumen
dc.source.urihttps://www.semanticscholar.org/paper/A-Large-scale-Analysis-of-Content-Modification-by-Tsirantonakis-Ilia/7a032e7e263484d74cbd9e5a24752acba0821bdf
dc.titleA Large-scale Analysis of Content Modification by Open HTTP Proxiesen
dc.typeinfo:eu-repo/semantics/conferenceObject
dc.identifier.doi10.14722/ndss.2018.23244
dc.author.faculty002 Σχολή Θετικών και Εφαρμοσμένων Επιστημών / Faculty of Pure and Applied Sciences
dc.author.departmentΤμήμα Πληροφορικής / Department of Computer Science
dc.type.uhtypeConference Objecten
dc.contributor.orcidAthanasopoulos, Elias [0000-0002-8759-3261]
dc.gnosis.orcid0000-0002-8759-3261


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record