-
secure web surfing
I was wondering how a person might go about creating a clone of something like anonymizer.com.
I have a lot of functions I have to do at work and I would greatly prefer if management did not know of the addresses for my webmail, etc. I would like to setup a password-protected, SSL-enabled anonymous proxy to surf through.
The reason I require my own and not use something already available is that for plaintext data, such as FTP logins/passwords, I simply cannot trust a 3rd-party site.
Does anyone have info on how this can be implemented on a linux server for cheap / free?
-
I've set these up before, in fact with a payment system to auto-verify and set up accounts for using it. Of course, that was a project I did for someone several years ago and it turned out well, and I can't use the code for someone else, but there wasn't much to it. In fact, I don't recall what company/site it was, but they offered just that same service.
Creating a script like that for web based HTTP/HTTPS, etc. isn't difficult. However, to use it for FTP or email, perhaps I didn't understand you? Have you considered using SSH w/ port forwarding, SSH (scp, rsync, etc.), SSL, PGP and so on for what you want to do when communicating with a remote service?
-
I would not worry about a 3rd party provider (such as anonymizer) stealing any of your information.
-
With all due respect, your suggestion of 'not worrying' doesn't address my question. I am not asking, 'Is it safe to use 3rd-party proxies'. I have already decided that isnt an option.
To clarify further, I really only need it for https, not FTP, email or other services. I am aware that I can simply use ssh forwarding, but the braindead administration will notice that I have run an 'unauthorized app' such as puTTY.
-
There is some nph-proxy script (or something like it and others that are similar) written in Perl and other languages, which you can set up on your local system or a remote server and surf pages for both SSL and on SSL pages, as well as have it support cookies, sessions and things like JavaScript--even tweaked where you can have it rip out banners, embedded and other data on a page not from the site itself and so on.
I don't know of any URL's off hand, but that sounds like it might work for your needs. Check with your hosting provider if it's okay, if you do it remotely and you don't own/run the host. You can also password protect the page/area via form or basic auth to ensure no one else but you can access it, regardless if it's remote or local (though sometimes pointless if it's local). Finally, it can be tweaked to use PGP, etc. and do so by jumping through other proxies, even in parts and "put back together" on the other end, but that's a little complicated to outline.