#readwise # Introduction to Networking - Proxies  ## Metadata - Author: [[Hack The Box]] - Full Title: Introduction to Networking - Proxies ## Summary A proxy is a device or service that mediates connections between clients and servers. It can be a forward proxy, which filters outgoing requests, or a reverse proxy, which filters incoming requests. Proxies operate mainly at Layer 7 of the OSI Model and can be transparent or non-transparent. Misconceptions about proxies often arise, with many confusing them with VPNs or believing any IP change indicates a proxy. ## Highlights Web Browsers like Internet Explorer, Edge, or Chrome all obey the "System Proxy" settings by default. If the malware utilizes WinSock (Native Windows API), it will likely be proxy aware without any additional code. Firefox does not use `WinSock` and instead uses `libcurl`, which enables it to use the same code on any operating system. This means that the malware would need to look for Firefox and pull the proxy settings, which malware is highly unlikely to do. ([View Highlight](https://read.readwise.io/read/01jnjv7a81tgr0fthwncyyk7d6)) --- proxies will almost always operate at Layer 7 of the OSI Model. There are many types of proxy services, but the key ones are: - `Dedicated Proxy` / `Forward Proxy` - `Reverse Proxy` - `Transparent Proxy` ([View Highlight](https://read.readwise.io/read/01jnewzssqbpan2htnde81wtbs)) --- ### Dedicated Proxy / Forward Proxy The `Forward Proxy`, is what most people imagine a proxy to be. A Forward Proxy is when a client makes a request to a computer, and that computer carries out the request. For example, in a corporate network, sensitive computers may not have direct access to the Internet. To access a website, they must go through a proxy (or web filter). This can be an incredibly powerful line of defense against malware, as not only does it need to bypass the web filter (easy), but it would also need to be `proxy aware` or use a non-traditional C2 (a way for malware to receive tasking information). ([View Highlight](https://read.readwise.io/read/01jnex55zbbg6mhstmv4nmqqzw)) --- ### Reverse Proxy As you may have guessed, a `reverse proxy`, is the reverse of a `Forward Proxy`. Instead of being designed to filter outgoing requests, it filters incoming ones. The most common goal with a `Reverse Proxy`, is to listen on an address and forward it to a closed-off network. Many organizations use CloudFlare as they have a robust network that can withstand most DDOS Attacks. By using Cloudflare, organizations have a way to filter the amount (and type) of traffic that gets sent to their webservers. ([View Highlight](https://read.readwise.io/read/01jnex962cbc8sq67gcjgc9zef)) --- ### (Non-) Transparent Proxy All these proxy services act either `transparently` or `non-transparently`. With a `transparent proxy`, the client doesn't know about its existence. The transparent proxy intercepts the client's communication requests to the Internet and acts as a substitute instance. To the outside, the transparent proxy, like the non-transparent proxy, acts as a communication partner. If it is a `non-transparent proxy`, we must be informed about its existence. For this purpose, we and the software we want to use are given a special proxy configuration that ensures that traffic to the Internet is first addressed to the proxy. If this configuration does not exist, we cannot communicate via the proxy. However, since the proxy usually provides the only communication path to other networks, communication to the Internet is generally cut off without a corresponding proxy configuration. ([View Highlight](https://read.readwise.io/read/01jnexb0d31hbc43mvkv74jj54)) ---