Comment by AdmiralAsshat
3 years ago
> nothing stopping a web proxy operator from sniffing all user credentials passing through them, and modifying PHPRoxy to do this is trivial
That's why you go through seven proxies.
3 years ago
> nothing stopping a web proxy operator from sniffing all user credentials passing through them, and modifying PHPRoxy to do this is trivial
That's why you go through seven proxies.
no, that's why you tunnel through seven proxies, each being used with different sets of credentials/encryption keys, all disposable. The last tunnel is not the main data channel, but the channel you use to coordinate command and control, and then you use a botnet to distribute pieces of your real communications.
web proxies aren't traditional proxies. They have a web interface and issue requests on behalf of the user server side, so all of the user's data flows through the user interface and the server side in plain text (though protected by the HTTPS of the web proxy itself). This is fine if you 100% trust the web proxy, but a malicious web proxy operator could easily look at all your data.
Uh, I hope you realize that that does not stop or even slow down credential sniffing.
https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies