文件列表:

cgiproxy.2.1beta6\nph-proxy.cgi (407263, 2005-05-25)
cgiproxy.2.1beta6 (0, 2005-06-01)

======================================================================== CGIProxy 2.1beta6 (released May 24, 2005) HTTP/FTP Proxy in a CGI Script (c) 1996, 19***-2005 by James Marshall, james@jmarshall.com All rights reserved. Free for non-commercial use; commercial use requires a license. For the latest, see http://www.jmarshall.com/tools/cgiproxy/ NOTE: THIS IS BETA SOFTWARE!!! IT WORKS PRETTY WELL, BUT THERE ARE STILL BUGS. DO NOT USE THIS VERSION WHERE RELIABILITY IS CRITICAL! ======================================================================== This README contains: 1. INTRODUCTION 2. LEGAL DISCLAIMER 3. INSTALLATION 4. SSL SUPPORT 5. USAGE 6. HELP IMPROVE THIS PROXY BY TELLING ME 7. LIMITS AND BUGS 8. OPTIONS 9. CHANGES ------------------------------------------------------------------------ 1. INTRODUCTION: This CGI script acts as an HTTP or FTP proxy. Through it, you can can retrieve any resource that is accessible from the server this runs on. This is useful when your own access is limited, but you can reach a server that can in turn reach others that you can't. By default, no user info (except browser type) is sent to the target server, so you can set up your own anonymous proxy like The Anonymizer (http://www.anonymizer.com/). Whenever an HTML resource is retrieved, it's modified so that all links in it point back through the same proxy, including images, form submissions, and everything else. JavaScript is similarly "proxified". Once you're using the proxy, you can browse normally and (almost) forget it's there. Configurable options include cookie support, text-only proxying (to save bandwidth), simple ad filtering, script removal, custom encoding of target URLs, and more. See the complete list of configuration options below. Requires Perl 5.6.1 or later. The original seed for this was a program I wrote for Rich Morin's article in the June 1996 issue of Unix Review, online at http://www.cfcl.com/tin/P/199606.shtml . IMPORTANT NOTE ABOUT ANONYMOUS BROWSING: CGIProxy was originally made for indirect browsing more than anonymity, but since people are using it for anonymity, I've tried to make it as anonymous as possible. Suggestions welcome. For best anonymity, browse with JavaScript turned off, or configure CGIProxy to remove script content (see the options below). In fact, that's the only reliable way, in spite of what certain anonymity vendors claim. Anonymity is pretty good, but may not be bulletproof. For example, if even a single unproxified JavaScript statement can be run, your anonymity can be compromised. I've tried to handle or remove JS every place it can exist, but please tell me if I missed any. Also, browser plugins or other executable extensions may be able to reveal you to a server. ------------------------------------------------------------------------ 2. LEGAL DISCLAIMER: Censorship is a controversial subject, and some governments and companies have rules about what information you should have access to. If you use my software to bypass rules that have been imposed on you, you assume all legal risks and responsibilities involved. I'm providing the software as a demonstration and teaching tool, and for when legitimate access is needed to non-accessible servers. I won't encourage you to break any rules, because I would get in trouble if I did. I can't prevent you from using this software in illegitimate ways, but I believe the value of it in its many uses is far too great to let a few miscreants ruin it for everybody. ------------------------------------------------------------------------ 3. INSTALLATION: To run this, your server must support Non-Parsed Header (NPH) CGI scripts. Most servers do, but not all. (Starting in version 1.3.2, there may be a way to run this script without NPH support; see the $NOT_RUNNING_AS_NPH option below and read the warnings where it is set in the source code.) Quick answer: Put nph-proxy.cgi on a Web server and call it. Really, that's all most people need to do. To add SSL support, see the "SSL SUPPORT:" section below. Longer answer: 1) Unpack the distribution. 2) Set any desired options in nph-proxy.cgi by editing the file. See all the options below; the defaults are probably fine if you don't feel like messing with it. If you have special server or network issues, like an SSL server on a non-standard port or an HTTP or SSL proxy you must use, then see the section "OPTIONS RELATED TO YOUR SERVER/NETWORK ENVIRONMENT". SECURITY NOTE: If you're installing this on a firewall as a VPN-like solution, then be sure to set @BANNED_NETWORKS to include ALL IP addresses of the firewall machine, and all IP addresses or ranges of machines inside the firewall that you don't want users of this script to access. If you don't know Perl, you can guess how to set a value by emulating the examples already in there. Variables starting with "$" hold single values, and variables starting with "@" hold lists of values. Lines beginning with "#" are comments and are ignored when the program runs. As in most programming languages, 1 means true and 0 means false. The reason all the options don't go in a separate configuration file is because that would require the script to open and read that file with every call, which would put a major load on the CPU. 3) Install the script like any other CGI script (set permissions and path to the Perl interpreter). Be sure it's installed as an NPH script. In Apache and related servers, do this by starting the filename with "nph-". If you've never installed a CGI script before, then I recommend finding a simple one somewhere to install first, so you can become familiar with the process. Then install CGIProxy. Normally it's very easy to install. If you prefer, Zoltan Milosevic has made an automatic installer for CGIProxy, at http://www.xav.com/cgi-sys/cgiwrap/xav/install.cgi?p=cgiproxy . Give it your server and account information, and it places the script for you. To add SSL support (lets you access secure servers), see the section "SSL SUPPORT:" below. You need to install a couple more packages. Once these packages are installed, CGIProxy will automatically detect them and support SSL. If the packages aren't present, then CGIProxy will still work fine for everything else except access to secure servers. If you need to use an SSL proxy, be sure to set $SSL_PROXY (and possibly $SSL_PROXY_AUTH). If heavy use of this proxy strains your server's CPU, see "NOTES ON PERFORMANCE" in the source code. ------------------------------------------------------------------------ 4. SSL SUPPORT: To retrieve pages from secure servers, you need to install two separate packages on the server in addition to nph-proxy.cgi: 1) OpenSSL, a freely-available library of SSL and cryptography tools 2) Net::SSLeay, a Perl module to interface with OpenSSL OpenSSL is already installed on many servers. You can usually tell which version you have (if any) by entering "openssl version" at a Unix prompt. The Net::SSLeay module is not as common, but you can check whether it's installed and which version you have with: perl -MNet::SSLeay -e 'print "$Net::SSLeay::VERSION\n"' Either you get a version number, or it fails if Net::SSLeay isn't installed. If you need to install either package, they're at, respectively: http://www.openssl.org/ http://symlabs.com/Net_SSLeay/ Installing these packages is "beyond the scope of this README", but usually they both install easily with no problems. If you don't have root access on your server, you may need to change the default installation directory, maybe by manually editing the PREFIX setting in Makefile or something like that. Once these packages are correctly installed where nph-proxy.cgi can find them, the script will automatically detect them and support SSL; no changes to nph-proxy.cgi are needed. If you have to install Net::SSLeay somewhere that's not on the standard Perl module path (i.e. @INC), then add a "use lib" command to nph-proxy.cgi to tell the script where to find Net::SSLeay, e.g. "use lib 'path/to/your/modules'". If you're installing on Windows, I'm told that you can install Net::SSLeay from the PPM repository at uwinnipeg.ca by entering these three commands in the PPM shell: rep add uwinnipeg http://theoryx5.uwinnipeg.ca/cgi-bin/ppmserver?urn:/PPMServer58 search Net_SSLeay.pm install Net_SSLeay.pm Note that these two packages are completely unaffiliated with CGIProxy, and may have their own terms of use. If you need to use an SSL proxy e.g. to get through a firewall, then be sure to set $SSL_PROXY and $SSL_PROXY_AUTH as needed. IMPORTANT NOTE: It is HIGHLY RECOMMENDED that if you install SSL support for CGIProxy, then CGIProxy itself should be running on a secure server (i.e. accessed with a URL starting with "https://")! Otherwise, you open a serious security hole: any secure data sent to or from a target server will be transmitted insecurely between CGIProxy and the browser, undermining the whole purpose of secure servers. ------------------------------------------------------------------------ 5. USAGE: Call the script directly to start a browsing session. Once you've gotten a page through the proxy, everything it links to will automatically go through the proxy. You can bookmark pages you browse to, and your bookmarks will go through the proxy as they did the first time. ------------------------------------------------------------------------ 6. HELP IMPROVE THIS PROXY BY TELLING ME: 1) Any HTML tags with URLs not being converted, including non-standard tags. 2) Any method of introducing JavaScript or other script content that's not being filtered out. 3) Any script MIME types not being filtered out. 4) Any file types other than HTML, JavaScript, and CSS that contain links that need to be converted. 5) Any other ways you can find to compromise anonymity. Please verify you're using the latest version of CGIProxy before emailing me. ------------------------------------------------------------------------ 7. LIMITS AND BUGS: THIS IS BETA SOFTWARE!! ANONYMITY MAY NOT BE PERFECT!! In particular, there may be some holes where unproxified JavaScript can slip through. If you find any, please tell me. For best anonymity, turn JavaScript off in your browser (best), and/or configure CGIProxy to remove scripts. If you browse to many sites with cookies, CGIProxy may drop some, but I haven't seen this happen yet. To save CPU time, I took some shortcuts with URL-handling. I doubt these will ever affect anything, but tell me if you have problems. (The shortcuts are listed in the source code.) I didn't follow the spec on HTTP proxies, and there are violations of the protocol. Actually, this whole concept is a violation of the proxy model, so I'm not too worried. If any protocol violations cause you problems, please let me know. Only HTTP and FTP are supported so far. ======================================================================== 8. OPTIONS: Here's a list of all the configuration options in CGIProxy, sorted into rough categories. The default settings are in square [] brackets, and should work fine for almost all situations. If you have special server or network considerations, see the options in the category "OPTIONS RELATED TO YOUR SERVER/NETWORK ENVIRONMENT". For more information on any option, see the comments in the source code where it is set, in the user configuration section. MAIN CONFIGURATION OPTIONS: --------------------------- $TEXT_ONLY [0] Allow only text resources through the proxy, to save bandwidth. $REMOVE_COOKIES [0] Ban all cookies to or from all servers. To allow and ban cookies by specific servers, see @ALLOWED_COOKIE_SERVERS and @BANNED_COOKIE_SERVERS. $REMOVE_SCRIPTS [1] Prevent any script content from any server from reaching the browser. This includes script statements within HTML pages, external script files, etc. To allow and ban script content by specific servers, see @ALLOWED_SCRIPT_SERVERS and @BANNED_SCRIPT_SERVERS. Anonymity is unreliable if you don't either remove scripts, or browse with scripts turned off in your browser. $FILTER_ADS [0] Remove ads from pages, based on the patterns in @BANNED_IMAGE_URL_PATTERNS. Also ban ad-related cookies by setting $NO_COOKIE_WITH_IMAGE. $HIDE_REFERER [1] Don't tell servers which link you followed to get to their page. (Yes, it's misspelled on purpose.) $INSERT_ENTRY_FORM [1] At the top of every page, include a small form that lets you enter a new URL, change your options, or manage your cookies. $ALLOW_USER_CONFIG [1] Let users set their own $REMOVE_COOKIES, $REMOVE_SCRIPTS, $FILTER_ADS, $HIDE_REFERER, and $INSERT_ENTRY_FORM, via checkboxes on the entry form. sub proxy_encode {}, proxy_decode {} (Requires minor programming.) You can customize the encoding of destination URLs by modifying these routines. The default is a simple unobscured URL, but sample obscuring code is included in the comments. Note: If you're not removing scripts, then you also need to change _proxy_jslib_proxy_encode() and _proxy_jslib_proxy_decode()-- see the comments. sub cookie_encode {}, cookie_decode {} (Requires minor programming.) You can customize the encoding of cookies sent to the user's machine by modifying these routines. The default is a simple unobscured cookie, but sample obscuring code is included in the comments. Note: If you're not removing scripts, then you also need to change _proxy_jslib_cookie_encode() and _proxy_jslib_cookie_decode()-- see the comments. @ALLOWED_SERVERS, @BANNED_SERVERS [empty] Allow or ban specific servers from being accessed through the proxy, based on their hostname. Each array is a list of patterns (regular expressions) to match, not just single servers. @BANNED_NETWORKS [('127.0.0.1', '192.168', '172', '10', '169.254', '244.0.0')] Ban specific IP addresses or networks from being accessed through the proxy. Recommended for security when this script is run on a firewall. @ALLOWED_COOKIE_SERVERS, @BANNED_COOKIE_SERVERS [empty] Allow or ban cookies from specific servers. Each array is a list of patterns (regular expressions) to match, not just single servers. @ALLOWED_SCRIPT_SERVERS, @BANNED_SCRIPT_SERVERS [empty] Allow or ban script content from specific servers. Each array is a list of patterns (regular expressions) to match, not just single servers. @BANNED_IMAGE_URL_PATTERNS [sample list in source code] If $FILTER_ADS is set, then ban images that match any pattern in this list. $RETURN_EMPTY_GIF [1] If an image is banned, then replace it with a 1x1 transparent GIF to show blank space instead of a broken image icon. $NO_COOKIE_WITH_IMAGE [1] Ban all cookies that come with images or other non-text resources. Those are usually just Web bugs, to track you for marketing purposes. $QUIETLY_EXIT_PROXY_SESSION [0] (NOT for use with anonymous browsing!!!) For VPN-like installations, let the user browse directly from proxied pages to unproxied pages, with no intermediate warning screens. See the comments for more info. $PROXIFY_SCRIPTS [1] Proxify all supported script content. Currently, only JavaScript is supported. $ENCODE_URL_INPUT [0] When submitting a URL through either the start form or the top form, encode it first by using proxy_encode(). $USER_IP_ADDRESS_TEST [''] This lets you call an external test to authorize the user. See comments for more details. $DESTINATION_SERVER_TEST [''] This lets you call an external test to determine if the destination server is allowed (as opposed to using @ALLOWED_SERVERS and @BANNED_SERVERS). See comments for more details. OPTIONS RELATED TO YOUR SERVER/NETWORK ENVIRONMENT: ---------------------------------------------------- To enable access to secure servers: Install the separate packages OpenSSL and Net::SSLeay. If Net::SSLeay is not in the standard Perl module path, then add a command like "use lib 'path/to/your/modules'" to the script. $RUNNING_ON_SSL_SERVER [''] Set this if the script is running on an SSL server (i.e. accessed with an "https://" URL). Or, the default value of '' means to guess based on the server port, which almost always works: the script assumes SSL if and only if the server port is 443. $NOT_RUNNING_AS_NPH [0] Set this if the script is not running as an NPH script (not recommended; see comments for possible dangers). $HTTP_PROXY, $SSL_PROXY, $NO_PROXY [none] If this script has to use an HTTP proxy (like a firewall), then set $HTTP_PROXY to that proxy's host (and port if needed). Set $SSL_PROXY similarly when using an SSL proxy. $NO_PROXY is a comma-separated list of servers or domains that should be accessed directly, i.e. NOT through the proxies in $HTTP_PROXY and $SSL_PROXY. Also see $USE_PASSIVE_FTP_MODE below when using a firewall. $PROXY_AUTH, $SSL_PROXY_AUTH [none] If either or both of the proxies in $HTTP_PROXY and $SSL_PROXY require authentication, then set these two variables respectively to the required credentials. @PROXY_GROUP [empty] This is an experimental feature which may help with load balancing, or may have other creative uses. Cookies won't work if you use this. See the comments for further info. INSERTING A STANDARD HEADER INTO EACH PAGE: ------------------------------------------- $INSERT_HTML [none] Insert your own block of HTML into the top of every page. $INSERT_FILE [none] Insert the contents of the named file into the top of every page. Can't be used with $INSERT_HTML. $ANONYMIZE_INSERTION [0] If $INSERT_HTML or $INSERT_FILE is used, then anonymize that HTML along with the rest of the page. $FORM_AFTER_INSERTION [0] If $INSERT_HTML or $INSERT_FILE is used, and $INSERT_ENTRY_FORM is set, then put the URL entry form after the inserted HTML instead of before it. $INSERTION_FRAME_HEIGHT [80 or 50, depending on $ALLOW_USER_CONFIG] On pages with frames, make the top frame containing any insertions this many pixels high. MINOR OR SELDOM-USED OPTIONS: ----------------------------- $SESSION_COOKIES_ONLY [0] Force all cookies to expire when the current browser closes. $MINIMIZE_CACHING [0] Try to prevent the user's browser from caching, i.e. from storing anything locally. Better privacy, but consumes more bandwidth and seems slower. $USER_AGENT [none] Tell servers you're using this browser instead of what you're really using. $USE_PASSIVE_FTP_MODE [1] When doing FTP transfers, use "passive mode" instead of "non-passive mode". Passive mode tends to work better when this script runs behind a firewall, but that varies by network. $SHOW_FTP_WELCOME [1] When showing FTP directories, always display the FTP welcome message, instead of never displaying it. $PROXIFY_COMMENTS [0] Proxify the inside of HTML comments as if it's not inside comments. $USE_POST_ON_START [1] Use POST instead of GET when submitting the URL entry form. $REMOVE_TITLES [0] Remove titles from HTML pages. $NO_BROWSE_THROU ... ...

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：