Table of Contents
A vulnerability has been identified in Glyph Proxy web-based. Glyph Proxy has a filter that prohibits users from browsing to local addresses to prevent users from attacking the local network/server that Glype is running on. The filter can be easily bypassed by using IP addresses in decimal format.
Glyph Proxy is a web-based proxy writing written in PHP. A web-based proxy script hosts a website that provides a proxy service to users through a web browser. A proxy service downloads requested web sides, modifies them to be compatible with the proxy and forwards them to the user. Web proxies commonly use for incognito browsing and avoiding censorship and other limits.
Glyph Proxywidely use to provide anonymous browsing setting to circumvent censorship and other restrictions. There have been over 838,000 Glype downloads since 2007. Thousands of web-based proxy sites are powered by Glype.
Glyph Proxy Local Address Override
Glyph Proxy uses the resulting code (regex) to filter internal/local addresses. It intends to prevent proxy users from attacking local/internal resources via Glype.
This regular expression can easily circumvent by using an IP address in decimal format, allowing an attacker to browse/attack the internal server/network Glype is running.
For example, if a Glype server is also running phpmyadmin or another admin panel on the localhost, browsing causes Glype to create a connection local to phpmyadmin, allowing remote access. Other internal web pages successively on the internal network can also be accessed.
Glyph Possible Solution
This workaround eliminates this workaround by resolving the hostname using PHP’s gethostbyname before using the regular expression.
glyph images set on white space. Internet data access, virtual connection, cyber security silhouette icons. Different types of VPS network structures. Virtual proxy servers white space dark glyph icons set. VPN services, internet routing technologies silhouette symbols. Internet connection via a secure server. They isolated vector illustration Isolated vector illustration. ZIP file contains: EPS, JPG. If you interest in custom design or want to make some customization to buy the product
According to a Swiss security researcher, a widely used proxy service designed to allow anonymous web surfing and bypass network administrators’ access bans on sites like Facebook often reveal sensitive information about its users.
Glyph is a small PHP code that routes website requests through other websites running its software, said the researcher, who runs the Swiss Security Blog and Zeus Tracker project.
The Latest Security Progresses with InfoWorld’s Security Central
For example, the Glyph code allows someone to access Facebook at work even if that site block since the traffic appears to be coming from the website running the proxy. Many companies are now blocking sites like Facebook.
Glyph code is free, and anyone can install it on their website. But Glyph often misconfigure, the researcher said. It allows someone running a Glyph proxy to trigger a log that shows the user’s Internet Protocol (IP) address, the requested site, and the time.
Many people who run a Glyph proxy have not disabled this logging feature and, worse, have directed it to the web, meaning URLs can be manipulated to display full logs.
The researcher checked around 20 Glyph proxy servers found 1700 log files and over a million unique IP addresses. “There are lots of these ‘insecure’ proxies out there,” he said via instant message on Friday.
Learn How IT can bind the power and promise of 5G in this FREE CIO
According to her research, top users include people in China. Some of the top sites visited with Glyph were Chinese porn sites, YouTube, and Facebook.
Further investigation revealed that many of the IP addresses making page requests were with government and military agencies around the world, although the researcher declined to specify which agencies.
In one case, the Researcher found a government user Visiting Facebook.
“The log files cover a link to a profile of a State Department official,” the researcher wrote. “When I check the contour, I found that this user appears to be an employee of the State Department’s security service.”
Depending on the privacy settings of an individual’s Facebook page, it’s possible to view personal details and get a complete picture of who that particular user knows.
“If this were an intelligence-gathering operation, you would now have the identity of a government or military employee, the name of their agency, all of their personal information that share online, as well as their entire social network,” he wrote. Jeffrey. Carr, CEO of GreyLogic, on his IntelFusion blog. “Things don’t get much better in the open source intelligence (OSINT) world.”
Even if some people hadn’t misconfigured Glyph logging features, they would still be able to see where all the users who logged in through its web server were going, the researcher said. People shouldn’t trust any random website running Glyph, he said.