Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

Naif Mehanna, Walter Rudametkin, Pierre Laperdrix, Antoine Vastel

TL;DR

The instability, vulnerabilities, and potential for malicious actions uncovered in the analysis lead us to strongly caution users against relying on free proxies.

Abstract

Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.

Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services

TL;DR

The instability, vulnerabilities, and potential for malicious actions uncovered in the analysis lead us to strongly caution users against relying on free proxies.

Abstract

Free-proxies have been widespread since the early days of the Web, helping users bypass geo-blocked content and conceal their IP addresses. Various proxy providers promise faster Internet or increased privacy while advertising their lists comprised of hundreds of readily available free proxies. However, while paid proxy services advertise the support of encrypted connections and high stability, free proxies often lack such guarantees, making them prone to malicious activities such as eavesdropping or modifying content. Furthermore, there is a market that encourages exploiting devices to install proxies. In this paper, we present a 30-month longitudinal study analyzing the stability, security, and potential manipulation of free web proxies that we collected from 11 providers. Our collection resulted in over 640,600 proxies, that we cumulatively tested daily. We find that only 34.5% of proxies were active at least once during our tests, showcasing the general instability of free proxies. Geographically, a majority of proxies originate from the US and China. Leveraging the Shodan search engine, we identified 4,452 distinct vulnerabilities on the proxies' IP addresses, including 1,755 vulnerabilities that allow unauthorized remote code execution and 2,036 that enable privilege escalation on the host device. Through the software analysis on the proxies' IP addresses, we find that 42,206 of them appear to run on MikroTik routers. Worryingly, we also discovered 16,923 proxies that manipulate content, indicating potential malicious intent by proxy owners. Ultimately, our research reveals that the use of free web proxies poses significant risks to users' privacy and security. The instability, vulnerabilities, and potential for malicious actions uncovered in our analysis lead us to strongly caution users against relying on free proxies.
Paper Structure (19 sections, 8 figures, 4 tables)

This paper contains 19 sections, 8 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and related work
  3. Proxies
  4. Shodan search engine
  5. Methodology
  6. Collecting the proxies
  7. Testing the proxies
  8. Collecting Shodan data
  9. Longitudinal study
  10. Characterization
  11. Security
  12. Discussion and limitations
  13. Discussion
  14. Motives to host free proxies
  15. Vulnerabilities in connected devices
  16. ...and 4 more sections

Figures (8)

  • Figure 1: Cumulated sum of unique proxies per provider. A proxy is considered unique when it is only detected on one aggregator and has never been observed before.
  • Figure 2: For each provider, the number of active and inactive proxies on the first test after collection.
  • Figure 3: Cumulative sum of HTTP (in blue) and SOCKS (in orange) proxies that are active on their first test.
  • Figure 4: In blue, out of $221,319$ proxies that were active at least once, the CDF of the number of tests before a proxy became active. After becoming inactive, $156,015$ proxies become active at least once more. In orange, the CDF of the maximum number of successive inactive tests before becoming active again.
  • Figure 5: CDF of the lifetime and uptime for each active proxy. The lifetime is the number of days between the first and last time the proxy was active. The uptime is the number of days the proxy was active.
  • ...and 3 more figures