How To Install Paros Proxy In Ubuntu
Sep 06, 2013 Installing and running Paros on Ubuntu 13.04. Paros is a”Java based HTTP/HTTPS proxy for assessing web application vulnerability”. It seems like a good tool not only to learn about web security, but also web development in general since you can step through each request, watch how assets reach the browser, and even edit.
Squid is a popular proxy and caching server application. It primarily serves as a forward proxy, but can also be used as a reverse proxy. Squid provides many features and is often used on enterprise-level networks.
This tutorial will show you how to setup a simple HTTP proxy with authentication using Squid. Steps listed in this tutorial were tested on Ubuntu 15.04 and 15.10.
WARNING: You must be very careful when creating proxies. Hackers frequently scan the public internet for open proxies use them for malicious activities. Most hosting companies will suspend your instances if you receive too many complaints, so ensure that you use sufficient authentication, such as a strong password.
- Jul 17, 2011 - I'm not sure if this is in the right categories but anyway. I am trying to get paros proxy running for a security class that i am taking.
- Aug 14, 2013 - A Java based HTTP/HTTPS proxy for assessing web application. For x64 platform) and just don't want to install x32 specially for a single utility.
This tutorial assumes that you are using a freshly created VPS with no installed packages.
Installation
First, ensure that the apt-get
package library is up-to-date by running the command below. This will ensure that the latest packages have been installed.
Once this has completed, it is time to install the squid
application and htpasswd
. Run the following command using sudo
to install both packages.
After the Squid install completes, I suggest that you create a copy of the original config file created during the install as it is a helpful reference and allows you to rollback any changes.
Next, create the files needed by Squid to store the credentials of the proxy accounts.
Configuration
Open the squid config file for editing using a text editor, such as nano
.
Add the following lines to the file so that authenticated users can connect to the proxy.
In addition, to hide the IP of the person connecting to the proxy from being shown in HTTP headers, add the following lines under the ones above.
Your Squid config file should now look something like this:
Save and close the file.
To create users on your proxy, execute the following command, replacing youruser
with your desired user name. It will request the password twice.
You may create additional users in the same manner.
Restart the Squid service.
Using your proxy
Now that Squid is setup, you can use it as a forwarding proxy. Configure the 'internet settings' of your web browser to use your proxy, including the user name and password that you generated earlier. To verify that the proxy is working, visit an IP address detection site, like this one.
Upon success, you will notice a Vultr IP address being reported. Here is a screenshot from my demo server:
Squid is a most popular caching and forwarding HTTP web proxy server used my wide range of companies to cache web pages from a web server to improve web server speed, reduce response times and reduce network bandwidth usage.
Read Also: How to Create an HTTP Proxy Using Squid on CentOS 7
In this article, we will explain how to install a squid proxy server on Ubuntu and Debian distributions and use it as an HTTP proxy server.
How to Install Squid on Ubuntu
Before we begin, you should know that Squid server doesn’t have any requirements, but the amount of RAM utilization may differ based on the clients browsing the internet via the proxy server.
Squid package is available to install from the base Ubuntu repository, but before that make sure to update your packages by running.
Once your packages are up to date, you can proceed further to install squid and start and enable it on system startup using following commands.
At this point your Squid web proxy should already be running and you can verify the status of the service with.
Sample Output
Following are the some important squid file locations you should be aware of:
- Squid configuration file: /etc/squid/squid.conf
- Squid Access log: /var/log/squid/access.log
- Squid Cache log: /var/log/squid/cache.log
The default configuration file contains some configuration directives that needs to be configured to affect the behavior of the Squid.
Now open this file for editing using Vi editor and make changes as shown below.
Now, you may search about the following lines and change them as requested, in the Vi editor, you may search about those lines by hitting the ‘ESC’ and typing “/” key to writing the specific lines to look for.
- http_port : This is the default port for the HTTP proxy server, by default it is 3128, you may change it to any other port that you want, you may also add the “transparent” tag to the end of the line like http_port 8888 transparent to make Squid proxy act like a transparent proxy if you want.
- http_access deny all : This line won’t let anybody to access the HTTP proxy server, that’s why you need to change it to http_access allow all to start using your Squid proxy server.
- visible_hostname : This directive is used to set the specific hostname to a squid server. You can give any hostname to squid.
After making above changes, you may restart the Squid proxy server using the command.
Configuring Squid as an HTTP Proxy on Ubuntu
In this squid configuration section, we will explain you how to configure squid as an HTTP proxy using only the client IP address for authentication.
Add Squid ACLs
If you wish to allow only one IP address to access the internet through your new proxy server, you will need to define new acl (access control list) in the configuration file.
The acl rule you should add is:
Where XX.XX.XX.XX
is the IP address of client machine. This acl should be added in the beginning of the ACL’s section as shown in the following screenshot.
It is always a good practice to define a comment next to ACL which will describe who uses this IP address, for example.
Paros Proxy Windows
You will need to restart Squid service to take the new changes into effect.
Open Ports in Squid Proxy
By default, only certain ports are allowed in the squid configuration, if you wish to add more just define them in the configuration file as shown.
Where XXX
is the port number that you wish to allow. Again it is a good practive to define a comment next to acl that will describe what the port is going to be used for.
Add Ports in Squid Proxy
For the changes to take effect, you will need to restart squid once more.
Squid Proxy Client Authentication
To allow users to authenticate before using the proxy, you need to enable basic http authentication in the configuration file, but before that you need to install apache2-utils package using following command.
Now create a file called “passwd” that will later store the username for the authentication. Squid runs with user “proxy” so the file should be owned by that user.
Now we will create a new user called “tecmint” and setup its password.
Now to enable basic http authentication open the configuration file.
After the ports ACLs add the following lines:
Save the file and restart squid so that the new changes can take effect:
Block Websites on Squid Proxy
To block access to unwanted websites, first create a file called “blacklisted_sites.acl” that will store the blacklisted sites in it. Vector puzzle template.
Now add the websites that you wish to block access, for example.
The proceeding dot informs squid to block all references to that sites including www.badsite1, subsite.badsite1.com etc.
Now open Squid’s configuration file.
How To Use Paros Proxy
Just after the above ACLs add the following two lines:
Block Websites in Squid
Now save the file and restart squid:
Block Specific Keyword with Squid
To block a list of keywords, first create a file called “blockkeywords.lst” that will store the blacklisted keywords in it.
Now add the keywords that you wish to block access, for example.
Now open Squid’s configuration file and add the following rule.
Now save the file and restart squid:
Once everything configured accurately, you can now configure your local client web browser or operating system’s network settings to use your newly configured squid HTTP proxy.
Configure Client to Use Squid Proxy
Now to test that your proxy server is working or not, you may open Firefox and go to Edit –> Preferences –> Advanced –> Network –> Settings and select “Manual proxy configuration” and enter your proxy server IP address and Port to be used for all connection as it follows.
Once you fill all the required proxy details, you will be able to surf the Web using your Squid proxy server, you may do the same thing in any other browser or program you want.
To make sure that you are surfing the web using your proxy server, you may visit http://www.ipaddresslocation.org/, in the right top corner you must see the same IP address as your server IP address.
For more additional configuration settings, you may check official squid documentation. If you have any questions or comments, please add them in the comment section below.