
Make anonymous HTTP GET requests with proxies via Python - rootVIII
https://github.com/rootVIII/proxy_requests
======
gspetr
Anonymous to the target website at best.

No one should be expecting privacy if proxies are the only solution you rely
on.

[https://www.whonix.org/Comparison_Of_Tor_with_CGI_Proxies,_P...](https://www.whonix.org/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services)

"Conclusion

Proxies have a high susceptibility of misusing and stealing user data: Many
proxies (HTTP/HTTPS/SOCKS) are PCs hijacked by hackers or criminals, or
honeypots exclusively offered for the purpose of user observation. Even if
they were legitimate, a single operator can decide to enable logging.
Additionally, some proxies automatically give your IP address away to the
destination server.

Proxies offer, at best, only weak protection against destination website
logging, and they offer no protection from third party eavesdropping. Their
use is discouraged"

A good starting point if you wish to appreciate privacy more is:
[https://www.whonix.org/wiki/Security_Guide](https://www.whonix.org/wiki/Security_Guide)

Also look into Qubes OS:
[https://www.whonix.org/wiki/Qubes](https://www.whonix.org/wiki/Qubes)

~~~
everdev
What's the best way to browse the web anonymously?

~~~
3pt14159
Full anon is very hard. If you have to ask you're not going to be able to pull
it off. I did a contract once where my client had to deal with some really
scary people.

The steps I took were so extreme. Cash phone, burner computer, custom proxies,
relays, delays, fake data, fake traffic.

And you still never know.

Your adversary could have something you didn't even think of and you get owned
anyway.

If all you want to do is avoid tracking scripts from companies, however, use a
VM on another user account on your computer and write up a script to light up
a new DigitalOcean droplet automatically when you browser. Cycle the IP
frequently and use a bunch of different VMs with different browsers and OSes.
It's enough for 99.99%.

------
rootVIII
Fixed a slight bug... it should not ever leak your IP... And you do not lose
HTTPS with this module whatsoever

------
rahimnathwani
Uses the list of free proxies from here: [https://www.us-
proxy.org/](https://www.us-proxy.org/)

------
dogma1138
Anonymous to anyone but the operator of the proxy and you also lose HTTPS
so....

P.S. proxies do not completely mask DNS requests so timing analysis is still
possible for uncached requests.

And worse the payload returned can be used to unmask the user behind a proxy
e.g. redirect to uniqueid.myhost.com my honey pot does that to unmask requests
originating from TOR or from proxies and it’s quite successful.

~~~
Buge
You're saying people using Tor make unmasked DNS requests? Are these users
using some non-standard configuration? Because I'm pretty sure the Tor browser
protects against that.

~~~
crtasm
It does but anyone hitting a honey pot server most likely won't be doing it
within Tor browser. It's easy to send traffic via Tor's socks port but forget
about DNS lookups.

------
johndough
Note that several of those proxies leak the client ip through error pages,
even if they are marked "anonymous".

Additionally, some proxies don't even try to be anonymous and transmit the
client ip in the "X-Forward-For" http header field.

~~~
rootVIII
Bug fixed! It will not leak anymore

------
joewee
There was a good thread here about scraping and the use of paid proxy
services. Seems like free isn’t a solution for anything at scale.

------
wendy0x2
Cool!

The proxies from this list don't usually last that long, so you might have
connection problems.

~~~
andromedavision
What is the average shelf life of these free proxies in your estimation?

~~~
rootVIII
The page seems to be updated every 10 mins or so. Any time a request is made,
the newest procies are scraped:)

------
andromedavision
I was literally about to write this same program in nodejs for a client's
scraping project. Serendipity at its best.

Mine's a bit different though because I need to discard proxy server IPs that
are flagged by cloudflare on target sites and only be left with those that
work flawlessly. This should be done every couple of hours to ensure the
'freshness' of the proxy server IPs that I have.

