HillsCap Posted May 9, 2004 Share Posted May 9, 2004 Hi, all. You know from my other posts that I run the JackPot fake SMTP server/teergrube/honeypot. So far, I've dumped over 1.3 million emails in the past week alone using that. But I also have other tools in my LART arsenal... one of them being FriedSpam (http://www.FriedSpam.net/). But, me being like I am (always pushing the envelope and trying new ways of doing things), I don't use FriedSpam like most people do. Most people use FriedSpam to repeatedly download a web page from a spammer's website, using a direct connection from their machine to the spammer's website. Unfortunately, doing this reveals your IP address to the spammer, leaving you open to hacking and DDoS/DoS attacks. I've been through several myself. So, I went about finding a way to still use FriedSpam, while obfuscating my IP address. I found the solution in what is called an 'Anonymous Proxy Rotator'. Essentially, what an Anonymous Proxy Rotator does is allows your machine to connect through a constantly rotating list of anonymous proxies to download the web page from the spammer's website. Thus, the spammer never sees your IP address, and can't attack you. The program I use is called MultiProxy... it's an older program that hasn't been updated in a couple years, but it's rock-solid and never gives me any problems. The way I've got it set up for the IP chain is: IE <<Port 8081>> WebWasher <<Port 8082>> MultiProxy <<external proxy port>> external proxies <<>> FriedSpam.net <<>> spammer's website Essentially, I set it up in Control Panel >> Internet Options >> Connections tab >> LAN Settings >> Advanced, so that HTTP requests went to localhost, port 8081. This connects IE to WebWasher. In the Exceptions box, I put sites I regularly visit that I want to bypass the proxy. I then went into the WebWasher Preferences, and set the 'Local HTTP proxy port' to 8081. In WebWasher Preferences, under Proxy Engine >> Client, I set up HTTP 1 to use 127.0.0.1, port 8082, and again put the sites I regularly visit and want to bypass the proxy into the 'Do not use proxy servers for domains beginning with:' box. This connects WebWasher to MultiProxy. In the MultiProxy Options >> General Options tab, I set the 'Accept connections on port' setting to 8082. On the MultiProxy Options >> Advanced Options tab, I clicked 'Override local IP', and entered 127.0.0.1 as the Local IP, and clicked 'Override local host', and entered localhost at the Local Host. In the 'Allow connections from the following IP addresses only' box, I put 127.0.0.1. Now comes the hard part... acquiring, maintaining and updating your list of anonymous proxies. I went to http://www.StayInvisible.com/ and cut-and-pasted every proxy listed into NotePad. After cutting and pasting all the proxies (approximately 1300 of them) from all the pages, I saved the file to my Desktop. I then went into Excel, and imported the file, using spaces as the column delimiter. I used the Data >> Sort menu to sort the proxies by their level of anonymity, and removed all proxies listed as 'Transparent'. You DO NOT want to use transparent proxies, as they show your IP address. I then removed all columns of data except for the proxy IP address and the port number. I selected all of the remaining data, and pasted it into a new NotePad window, then did a Search-And-Replace, searching for a single space ( ), and replacing it with a colon (. This gave me my list in the required format to import into MultiProxy... namely: IP Address:Port which I saved to a plain .txt file on my Desktop. I went to the MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Import Proxy List, to import that file into MultiProxy. After doing that, I went to MultiProxy Options >> Proxy servers list tab >> Menu button >> Proxy List >> Test all proxies. After testing, the proxies that didn't pass the internal MultiProxy tests were marked with a red dot. The ones that did pass were marked with a green dot. I selected all the red-dot marked proxies, right clicked, and selected 'Delete' to get rid of the test failures. Next, I tested again a few times, just to be sure, deleting any red-dot marked proxies that showed up in the list. I then selected MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Export All, saving the resulting .txt file on my desktop. After that, I started another program I found called Proxy Clean, which contains a list of proxy servers controlled by various governmental and law enforcement agencies. I used this program to clean the exported proxies list. (If any of you needs the updated list of proxies controlled by governmental and law enforcement agencies, let me know and I'll send it to you. The list that comes with Proxy Clean is pretty sparse, so I did some research of my own on hacker sites and doing a lot of WHOIS' with Sam Spade to come up with an updated list.) After cleaning the list, I selected all the proxies in MultiProxy Options >> Proxy servers list tab and deleted them, then went to MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Import proxy list, importing the cleaned list. As a final step, I right-clicked on WebWasher, selected 'Use a proxy server' to send IE HTTP requests through the anonymous proxies, then surfed to Google, where I searched for the word 'porn'. I know what you're thinking, but I don't surf porn... we're using the search results as a final test of the anonymous proxies, for two very good reasons... 1) Some of these proxies will pass the internal MultiProxy tests, but will redirect you to sites of their own... so if the Google search results look normal, that proxy must be working as we want it to. 2) Some proxies will block certain content. By searching for the worst of that content, we'll trigger any blocking that might take place, so we can remove that proxy from our list. Now, I went into the MultiProxy Options >> Proxy servers list tab, and selected all but the first proxy, right clicked, and selected 'Disable'. This disabled all but the first proxy. I then clicked the 'Next' link in the Google search page to see if that proxy was working as I wanted. If it was, I disabled it, enabled the next one in the list, and repeated the process, clicking the 'Next' link in the Google search page again. If the proxy either blocked the content, or redirected me, I clicked that proxy, right-clicked, and selected 'Delete', removing that proxy from the list. If the proxy was too slow to be usable, I did the same. After completing that rather lengthy process, I had a large list of fast, anonymous proxies that didn't block content and didn't redirect me. Now, I was ready for FriedSpam.net... I just surfed to http://www.FriedSpam.net/, entered the list of spammer URLs that I wanted to 'fry', and hit the 'Start' button. I'm using it right now, as a matter of fact... Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.