PolarProxy 0.9 Released – Security Boulevard

PolarProxy 0.9

PolarProxy was previously designed to only run as a transparent TLS proxy.
But due to popular demand we’ve now extended PolarProxy to also include a SOCKS proxy and a HTTP CONNECT proxy.
PolarProxy automatically decrypts all proxied SSL and TLS traffic, regardless if the remote server is running on TCP 443 or some other port, as long as the traffic passes through PolarProxy.
As from now we also release a Windows build of PolarProxy, alongside the Linux x64, ARM and ARM64 builds.

SOCKS Proxy

Use the command line argument “–socks [port]” to start PolarProxy’s SOCKS proxy server.
This SOCKS proxy supports multiple versions of the SOCKS protocol, including
SOCKS 4,
SOCKS 4a,
SOCKS 5 and SOCKS 5h.

As an example, the command below starts a SOCKS server on TCP port 1080 and passes a copy of the decrypted traffic as a PCAP stream to tshark.

PolarProxy –socks 1080 -w – | tshark -r – -d tcp.port==443,http2
Note: The “-d tcp.port==443,http2” argument in the command above is used to tell tshark to parse traffic to port 443 as HTTP/2 instead of TLS. An alternative method would be to instead configure PolarProxy to output decrypted 443 traffic as if it was port 80, by supplying the “-p 443,80” argument to PolarProxy.

You can then use curl to run some HTTPS traffic through the SOCKS proxy:

curl –insecure –socks4 localhost https://www.netresec.com

After doing this you should be able to see the decrypted HTTP/2 traffic in tshark’s output.


HTTP CONNECT Proxy

We’ve also added a HTTP proxy to PolarProxy 0.9, but it only supports the
CONNECT request method.
This means that normal unencrypted HTTP requests, like GET or POST requests, will be rejected by PolarProxy.
Most web traffic is TLS encrypted nowadays anyway, so we don’t consider this limitation to be a big issue.

The HTTP CONNECT proxy service is activated with the “–httpconnect” argument.
Decrypted TLS traffic from PolarProxy’s HTTP CONNECT proxy can be forwarded to tshark just like in the SOCKS example, but the traffic from these proxies can also be accessed through PCAP-over-IP like this:

PolarProxy –httpconnect 8080 -p 443,80 –pcapoverip 57012

You can then connect to PolarProxy’s PCAP-over-IP service with [https://www.netresec.com/?page=NetworkMiner] NetworkMiner by clicking File, Receive PCAP over IP, select “Connect to IP/port”, enter “localhost” and click the “Start Receiving” button. You’ll now be able to see a real-time feed of all the traffic that PolarProxy decrypts. As an example, let’s download the PolarProxy logo over HTTPS to see if NetworkMiner can extract it from PolarProxy’s decrypted PCAP-overIP stream:

curl –insecure –proxy localhost:8080 https://www.netresec.com/images/PolarProxy_313x313.png

The PolarProxy logo immediately shows up in NetworkMiner’s images tab:

NetworkMiner reading PCAP-over-IP from PolarProxy

Port-Independent TLS Protocol Detection

When PolarProxy is running as a transparent TLS proxy all incoming traffic can be expected to be TLS.
But that’s not the case when, for example, PolarProxy is running as a SOCKS proxy.
We have therefore added port-independent TLS protocol detection for proxied traffic, so that TLS traffic can be detected and decrypted even when it runs on other ports than the standard 443, 465, 853, 990, 993, 995 and 5061 ones.

There is one crucial limitation to the automatic SSL/TLS protocol detection though, it doesn’t support explicit TLS traffic that relies on opportunistic encryption features like STARTTLS, which bootstraps TLS into an already established application layer session.

Allow Non-TLS Traffic

SOCKS and HTTP CONNECT proxies can both be used to transport other protocols than TLS.
PolarProxy blocks all non-TLS traffic by default, but this setting can be overridden with the “–allownontls” argument to allow any traffic to be proxied.
The allow non-TLS override has no effect on PolarProxy’s transparent proxy though, because it will need to see a valid
SNI field in order to know whereto the traffic should be forwarded.

Windows Build

There wasn’t much need for a Windows build of PolarProxy prior to the release of version 0.9, because the Windows firewall can’t be configured to redirect outgoing port 443 traffic to a local service.
However, now that PolarProxy also includes SOCKS and HTTP CONNECT services, the situation is completely different.
There are many ways to configure a Windows PC, as well as web browsers and other applications, to use a local proxy server.

You can use the Proxy settings window in Windows 10 and 11 to enable a local HTTP proxy like this:

Windows 10 Proxy Settings

Another option is to run “inetcpl.cpl” (Internet Options), open the “Connections” tab and click the “LAN settings” button to configure an HTTP proxy.

Windows Internet Options LAN Proxy Settings

You can, of course, also configure your browser to use a local SOCKS or HTTP proxy in Windows, just as you’d do on any other operating system.

But don’t forget to configure your OS and/or browser to trust your PolarProxy instance’s root CA certificate first, as explained in the “Trusting the PolarProxy root CA” section of our
PolarProxy documentation.

The Windows version of PolarProxy is a .NET framework-dependent application, which requires the
.NET 6 runtime to be installed.
The PolarProxy releases for other platforms (Linux x64, ARM and ARM64) are all self-contained applications, which include the .NET runtime.

Facebook Share on Facebook  Twitter Tweet  Reddit Submit to reddit.com

*** This is a Security Bloggers Network syndicated blog from NETRESEC Network Security Blog authored by Erik Hjelmvik. Read the original post at: https://www.netresec.com/?page=Blog&month=2022-01&post=PolarProxy-0-9-Released

Source of this news: https://securityboulevard.com/2022/01/polarproxy-0-9-released/

Related posts:

5 Use Cases for Residential Proxies - The Apopka Voice
Photo by Petter Lagson on Unsplash By Efrat Vulfsons Proxies mask your real IP address with that of a proxy server’s IP address. However, proxies are of different types based on the location of proxy...
Should you have a proxy server to perfom at online casino? - KnowTechie
Although gambling is established in almost all countries just about, and millions of people, if not more, enjoy it, it is still reckoned to be illegal in many countries and affirms. It is considere...
Web Scraping Explained: Why Proxies Are Needed for Scraping - News & Features
Web scraping is essentially the process of extracting data from websites. All the job of extracting data on a website is carried out by a piece of code that is called a “scraper”.According to a repor...
Best VPN for iPhone and iPad 2021 - ZDNet
Image: Daniel Romero via Unsplash My iPhone offers pretty good connectivity, but tends to be hamstrung by the limits imposed by my cellular carrier. Even though I have an unlimited data plan, using ...
How to use a VPN on PS4 or PS5 - The Loadout
As gaming consoles become more advanced, we find ourselves using them for more things beyond simple gaming. With built-in browsers and apps allowing us to do most things that we might also do on a ga...
How to fix the Windows 11 proxy error - WindowsReport.com
by Farhad Pashaei Author He has spent the last seven years tinkering with laptops, smartphones, printers, and projectors, as well as writing reviews about them. When he isn't writing, yo...
iOS 15: How to Hide Your primary IP Address From Trackers over Safari - MacRumors
20+ New iOS 16, iPadOS 16, and watchOS being unfaithful Features and Improvements Rumored to Arrive at WWDC 2022 The Girl Developers Conference (WWDC), Apple's annual developer and software-o...
International Action Targets Emotet Crimeware – Krebs on Security - Krebs on Security
Authorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more tha...
Real-time Analytics News for Week Ending November 13 - RTInsights
In this week’s real-time analytics news: NVIDIA made multiple announcements at its GPU Technology Conference, UiPath introed new features, and more. Keeping pace with news and developments in the ...
Injection makers pressed by lawmakers, investors to speed mundial access to shots - Shoot Call
Hassan asked David Kessler, haead science officer for the Light colored House’s coronavirus response squad, what steps Congress could take to make sure drugmakers price vaccines and boosters in a...
How can i Access Blocked Websites almost everywhere and for Free - BollyInside
This lesson is about the How to Find out Blocked Websites anywhere for Free. We will try our best so that you will understand this guide. I hope you enjoy this blog How to Access Blocked Online...
To know how to configure proxy in Chrome for Android - BollyInside
This guide is about the How to maintain proxy in Firefox for Android. We will try our best in order that people understand this guide. I hope you cherish this blog How to configure proxy inside...
Why Dedicated Proxies Should Be On Your Proxy List - Shout Out UK
Dedicated proxies are private proxies assigned for exclusive use by one user or device at a time. All proxies serve the main purpose of hiding the identity of a user by masking his IP address. They a...
ESET says new Linux infections found, but infection vector unknown - iTWire
Researchers of one's Slovakian security firm ESET claim to have discovered a new virus attack family that targets platforms that run Linux but have not discovered how the malware dégo?tant such ...
Bing or google quietly committed to Silenced No longer be protections for all employees quick Protoc...
Matt cutts employees who have signed concealment clauses can easily still talk with reference to assault, harassment, discrimination along with retaliation they experience with my job, the comp...
How To Prevent Spying On Your Devices- Protect With VPN - iLounge
The world is advancing and so are the ways to breach your security. It is easy to hack or control your devices through hacking tools. Hacking tools are constantly evolving, so the strategies used to ...
Newest Payment Data Stealing Adware and spyware Hides in Nginx Function on Linux Servers simple The ...
E-commerce platforms on the U. S., Germany, and furthermore France have come under some sort of from a new form of malware where it targets Nginx servers so that they can masquerade its presenc...
Is Apple's Mail Privacy Protection A Death Knell For Newsletters? - Analytics India Magazine
Last week, Apple introduced Mail Privacy Protection in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8. The new privacy feature will limit the amount of data an email sender can collect about you.&n...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30