Well, we added an ACL system inside hidprox. It works quite nicely.
Syntax of the acl.conf file:
where level is the type of ban. Level can currently be either "ICMP", "proxy", or "all" (without the quotes). An ICMP ban bans the user from logging in, but the user can still use an existing proxy. A proxy ban bans the user from using an existing proxy, but allows the user to login. The all ban bans the user from login in and using an existing proxy.... read more
We're almost there. It works, yet it doesn't work.
We had to switch from ICMP to TCP for initial transactions (Windows didn't like my custom ICMP packets). It listens on port 80 (most firewalls allow port 80 (HTTP)) by default.
User-authentication isn't working, yet. The program segfaults when trying to load the userlist, for some strange reason.
The main proxy stalls on a pending recv(). I need the UNIX alarm() function to be ported to Windows. I'm researching on that currently, and if I don't find anything, I may have to come up with another solution...... read more
Hidprox 3.2.0 has been released. The proxy now uses pthreads. This improves speed at least 10%. It is not neccessary to upgrade to this version; however, it is recommended.
There is one thing that was forgotten. DEBUG is being defined when compiled. Edit the Makefile in the src directory, and remove "-DDEBUG", and it should work fine.
Due to some unfixable flaws in code, AES has been taken out. But don't worry, we switched to another secure protocol, CRAM-MD5. For information about the CRAM-MD5 protocol, look at rfc2195.
Hidprox 3.1.0 is NOT compatible with 3.0.0 and previous releases.
We are VERY excited to release hidprox 3.0.0. We have rewritten about 90% of the code. This version contains roughly 1800 lines, whereas 2.0.0 contained roughly 2600 lines.
The TCP communications between the client and the server is much more secure. The server doesn't send a random AES key to the client. Instead, the client asks the user for the AES key, and encrypts the username/password. The server will then try to decrypt the username/password according to all the AES keys in the database.... read more
Well, we are very excited and pleased to release this version of hidprox. We have added module (plugin) support. You can now write your own proxies, addins, and functions to hidprox at your desire (for information on how to do this, look at doc/plugins.txt).
We have tested it out in Linux extensively, and we are quite sure it's a Linux-related problem. About 50% of the time, it will not even try to load/run the plugins.... read more
Well, our module system (plugin system) works 100% in FreeBSD. However, in Linux, it doesn't not work. So, I'm trying to see what the problem is (been trying to figure that our for the past week).
Once it works in Linux, or once I feel it's time to release version 2.0.0, this new modular hidprox will be released. That can take anywhere from 1 day to 2 weeks.
Sorry for the delay and thanks for being patient,... read more
the hidprox-current branch (only available to developers) is now modularized.
This means, that if there's something that you want included, yet the developers haven't included it, you can code your own set of functions, compile, and put the compiled file into a directory, and your set!
It took 4 hours to do, and it's stable. Version 2.0.0 may be released within the next couple days, or in a week or so. We are bumping the version up to 2.0.0, because we feel hidprox is stable enough, and with modular code coming out, this is going to revolutionize hidprox.... read more
hidprox 0.4.3 was released today. hidprox is now cross-portable to Linux.
We now include functionality for max connections (fixing the DoS condition so that the admin doesn't have to remotely login). Check hidprox.conf for more info.
Thank you for your patience,
Due to MD5 hashes, we are now BSD-only. We are going to be working on importing other MD5 code (instead of relying on the system's library).
Work is being done to port hidprox to both Windows and Linux. But, for now, hidprox is BSD-only.
We are currently using FreeBSD 5.1-RELEASE to build hidprox.
Well, hidprox 0.4.2 has been released. It was a rushed release, since I'm on vacation currently (using the internet at a mall right now :))
Hidprox 0.4.2 contains a DoS condition bug fix, if the server admin takes the precaution. The server admin will need to set the admin port in the configuration file. The default is 7003, and there is no logging in, so make sure the port is only known by you (the admin).... read more
We have come up with one major bug fix. The bug can create a DoS by not cleaning up after itself.
The forked server does not kill itself (it can't). So, if you get many users connected at once, you may end up wasting your resources.
One way to fix this is to call kill(-1, SIGINT), which is what we did. The only thing, is that we only call the kill if we are jailed. Otherwise (if we're still root), we could end up killing ALL proccesses that root owns (ALL system proccesses).... read more
hidprox 0.4.1 is now out. We are exciting to see how this project has come along...
hidprox 0.4.1 now uses 256bit AES encryption. Before, we were using not-so-safe ICE encryption.
We were hoping for 256bit AES encryption for version 2.0.0, but things have been moving along better than planned.
We are now running a test server on an OC3 connection dedicated for hidprox (and other services as well :)).... read more
Hidprox 0.4.1 will be coming pretty soon. Changes will be:
1) bug fixes (all but HTTP downloading)
2) Encryption algorithm change (from ICE to 256-bit AES)
After this release, we will be researching on how to modulize hidprox. Meaning, if we haven't written a feature you would like, you could write that feature and just load it.
0.4.2 may be a while.
We are proud to release hidprox 0.4.0. The proxy works 100%. Read the release notes for further information on hidprox's new features.
We have come a long way with the help of many people. We thank all those who helped (the list is WAY too long to put here).
We also wish to thank all those who are patiently waiting for hidprox. The time is now...
Well, it took quite a while for this release to come out. We have been working on getting quite a few bug fixes and new features added in.
The server is MUCH less CPU-intensive. We implemented a doubly-linked list for usernames and their associated passwords. This way, the fork()'ed server doesn't have to open up the userfile each time. It instead searches through the doubly-linked list for the right username and password.... read more
My harddrive crashed while on vacation, so I'll be reinstalling FreeBSD tomorrow (today is Saturday).
Once I've got FreeBSD reinstalled, I think I've found my answer to the problems I'm having with cryptography. I was going to implement an encapsulation structure to hold encryption keys and the encrypted data, but I've decided that is insecure.
Instead, I'm going to implement my crypto key exchange a different way. The server will generate a new encryption key for each client. The client will create it's own key and send it off to the server.... read more
Version 0.2.1 has one bug fix. It also has some non-working code in it.
This version will NOT compile.
I'm working on getting cryptography to work. There's going to be almost a complete rewrite of the client code.
Layout for next versions:
Next version, 0.3.0, will have cryptography working.
Version 0.4.0 will proxy graphics and click-able links.
Version 0.5.0 will proxy FTP.
Version 0.6.0 will proxy IRC.... read more
Well, I'm not going to be able to incorporate 3DES. I don't want the NSA on my back for months on end.
Currently, I'm trying to find a different secure algorithm that I can use. I've been reading A TON of books on cryptography, googling for source code.
Well, we can now proxy pages. It doesn't proxy images, or links that you clicked. It proxies only pages that contain text.
This is a pre-beta release, and soon 3DES and full proxying will be added.
Roadmap for version 1.0.0:
-3DES cryptography between client and server
-client acts as a secondary server (main server still proxies, but client program encrypts/decrypts browsers data).
-forked server not to quit when unable to connect for bad hostnames/IP addresses.
Project hidprox is a set of programs that allows people to bypass firewalls and proxies.
Detailed information will soon be in the Documentation area.