VPN/Proxy Chain Archives | Forensic Blogs

December 16, 2020 by LCDI

My Experience on The VPN Comparison Team

By Miles Campbell

We were able to learn a lot from our research into the VPNs, but I also received a lot of great experience from my first semester at the Leahy Center.

As the semester came to a close, my team finished polishing up our presentation. We decided to use Google Slides to create our presentation. This allowed us to all work on it at the same time. Additionally, all of us would have access to it, even if no one else was online.

What I Gained From my Experience

For starters, I believe this project has helped me learn how to create a professional presentation. I learned that presenting research in this setting is far different than in school. The work we’re doing at the Leahy Center is important, which adds weight when you’re trying to present it. It makes it much more stressful to try and make something great, but it pushed me into doing really good quality work.

Since this is my first semester as an intern, I was also taking a class with Mark Zammuto. This class was connected to my internship, and for it I created another presentation, along with my teammates Derek Farrell and KCMalinda Hlordsz. We presented to the other first semester interns over Google Meets. This further built upon some of the experiences I had gotten from my Leahy Center presentation. It also allowed me to compare my work directly with other intern’s works.

Overall, my first semester here at the Leahy Center was a great experience for me. I learned skills that I wouldn’t have otherwise learned in a classroom alone. My team and the rest of the Leahy Center staff have been nothing but supportive of me and my learning. I look forward to working with the rest of the team in the future, and I hope all my colleagues have a happy holiday break!

Stay up to date with the Leahy Center by following us on LinkedIn, Twitter, Instagram, and Facebook!

The post My Experience on The VPN Comparison Team appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

December 7, 2017 by LCDI

VPN/Proxy Chain Update 3

Introduction

Hey everyone, it’s been a little bit since our last update. We hope you all had a great Thanksgiving. We’ve been continuing our work on our VPN/proxy chain project and have run into a few problems since our last update. Two members of our team have been working on the VPN element of our project. There has been difficulty connecting to the various other elements of our project.

VPN Difficulties

We wanted to mask the IP address of the client machine. The client would show that it connected to the VPN, but refused to mask the IP. As a result we changed almost everything at least once. We adjusted the config files for the VPN, changed settings on the clients, and tried to use different VPN solutions other than OpenVPN, but we were never able to fix our problem. At the end, we determined that the problem most likely lied in how we had to build our mini-network. By using the LCDI’s network, we dealt with issues that wouldn’t have appeared in another situation.

Solutions

As a result, we reflashed the Raspberry Pi with the PiVPN setup to receive a clean slate. Then, we reinstalled Raspbian Stretch. We proceeded with a regular install for an OpenVPN Server as if we weren’t even using the Raspberry Pi (we didn’t use PiVPN). PiVPN is meant for easy setup where a majority of the files are created for you through automation. By using a regular OpenVPN install we were able to change each individual file and configuration that we needed to change to reflect our network. This fix would work for anyone that’s not working inside a security intensive network. The problems we had was a result of us conducting our research in a network that is not optimized for standard network users. The prior research we followed will be listed in our final report and will most likely work on a rudimentary network setup.

Conclusion

The end of the semester is fast approaching and with it, the end of our project. We hope to have everything working, but if we don’t, we will give you all the information you’ll need to work something like this. Our final report should be coming out in a few weeks, so look forward to reading up on our total progress.

Thank you and have a great holiday season and rest of your year.

We welcome all feedback! Feel free to comment here or email us at lcdi@champlain.edu. You can also follow us on Facebook or Twitter for the most recent updates on projects, such as App Analysis, VPN Proxy Chain, and more!

The post VPN/Proxy Chain Update 3 appeared first on The Leahy Center for Digital Investigation.

November 9, 2017 by LCDI

VPN/Proxy Chain Update 2

Introduction

Happy (belated) Halloween from the VPN/Proxychain team! We’ve been working hard here at the LCDI, and as a result, our proxies are working! We divided tasks and worked separately, but also kept in each other in the loop to how each task was going. Two team members worked on configuring each proxy, and one team member created an Apache web page to view the IP addresses that were viewing the page.

Setting up the Proxies

To set up the proxies, we used an Ubuntu virtual machine to host the Proxychain tool. Then, we installed and configured Dante, a SOCKS5 proxy server, onto the two Raspberry Pis that we’re using as proxies.

Dante:

In order for us to use the proxy without opening up a shell (SSHing/opening PuTTy) we had to put the server onto the Raspberry Pis. It’s possible to use any Pi as a server with a simple OpenSSH server installed, but it requires an extra user step of creating the tunnel and does not lend itself well to the concept of a proxy “chain.” The solution was to install a dedicated proxy server software package. We chose Dante as our SOCKS5 proxy server. With this software installed we no longer have to open a tunnel connection. We only have to set up whatever service we’d like to proxy with the IP of our proxies. Then, we installed Dante onto two of the Pis and changed a few parts of the configuration file. We added the ip and network mask of our Pis into the client pass and socks pass methods in the configuration file. Based on this configuration, when the Dante server is brought up, the Pi will become a proxy. Then, we were able to pass the connection to the other Pi, thus creating a proxy chain.

Testing the Proxies

After setting up the Pis, we used the service Proxifier as a proxy client on a Ubuntu client machine. We set up Proxifier to use our established proxy, and when we tested it, it worked! Our web page’s logs shows that the IP address it saw changed from the Windows virtual machine to the Pis’! Here’s a photo of our Apache web page’s logs that show the change:

Proxy

After making sure that success was consistent, we began to check and see how the proxy responded if one of the Pis was unplugged, and then if both of the Pis were unplugged. By adding settings in Proxifier, we settled on leaving the Proxychain on a “load balancing” configuration. This is so if one of the Pis goes down, the other will take over as the proxy, and the machine using the proxy will use the second Pi’s IP address. If both go down, the machine will stop connecting to the page. The machine will also stop connecting if load balancing isn’t set and the first Pi in the chain disconnects. This is a positive outcome, because it shows that if the proxies stop working, the user is not tricked into thinking their connection is still secure.

Proxychains

One of the most well-known proxy chaining tool available on Linux is a tool called Proxychains. Proxychains exists to “proxify” applications that don’t have built in proxy settings. On the Ubuntu client VM we installed Proxychains through the terminal. There are several chaining options within Proxychains. We used Dynamic Chaining, a safer option because it guarantees that all proxies in the chain work. It also guarantees that if any proxies in the chain are dead or pulled the chain will skip them. We then had to add the IP addresses of our proxy servers to the configuration file. The default setting connect you through Tor. All we did was input the types of servers we were using(SOCKS5), the IP addresses of our proxies, and which port they were communicating on.

Proxy

To test the Proxychain’s dynamic chaining system, we setup Proxychains running through the Dante servers on both Pi’s to connect to our Apache test server. We started unplugging the Pi’s power individually and together to see if it would crash or continue to connect through the losses of proxies. The results were encouraging.

When one Pi lost connection, Proxychains was still able to connect by switching to the other proxy to conceal the IP address while connecting to the Apache server. When the connection to both proxies were lost, Proxychains was unable to connect to the Apache server. As long as there is a functioning proxy, Proxychains will be able to connect. But, by itself our setup of Proxychains will fail to connect.

Foxy Proxy

We also investigated the usage of the plugin FoxyProxy as an alternative to some of the other tools we were investigating. The Foxyproxy tool can be added on the Mozilla Firefox. Disclaimer: Foxyproxy is not a proxy chaining tool. It is a proxy use tool that is more in-depth and easier of use than the standard network proxy settings of Firefox.

To install Foxyproxy, the Firefox browser needs to be installed. Then, search Foxyproxy on your internet browser and add it to your browser through a download and executable. Foxyproxy can utilize the pre-setup proxies in our network. Once the proxy IPs are added, the application will be up and running. We plan on testing this plugins failsafe procedures.

Conclusion

Our proxies are all set and most everything on their end seems to be working great! Next, is getting the VPN to the same place inter terms of functionality and testing its failsafe procedures. Once both the proxies and the VPN are up and running on their own, our goal is to combine them. This is to see if everything still works the way it’s supposed to. Also to see how unplugging the combination of any of the three Pis affects the IP addresses seen by the Apache web page.

The post VPN/Proxy Chain Update 2 appeared first on The Leahy Center for Digital Investigation.