Building Small Proxy using Micro Proxy

Home / Building Small Proxy using Micro Proxy

Building Small Proxy using Micro Proxy

December 9, 2015 | Article | No Comments

On other occasion, we have discussed about how to use Squid and building an Anonymous Server. In this article, we would build a similar thing but in smaller size. We would build a small proxy server using micro proxy as our tools.

In this article, I use:

  1. Ubuntu Server 11.10
  2. micro proxy
  3. xinetd

Although it use Ubuntu Server as example, the method covered here is a generic one, which can be applied to other UNIX Operating System, and other Linux distribution as well.

Obtaining the Material

Focusing to the theme of this article, we will use Micro Proxy or micro_proxy. Micro proxy is a small UNIX-based HTTP/HTTPS proxy that runs from inetd. The application can be freely obtained here.  In this article I use the latest version, which can be downloaded here.

Before we proceed, let me state this. This micro_proxy is a very small UNIX HTTP/HTTPS proxy. In term of performance, it is poor compared to Squid or other proxy tools. But for a low-traffic sites, it’s quite adequate. This server also offer all basic features of an HTTP/HTTPS proxy, including IPv6 forwarding.

xinetd, or eXtended InterNET Daemon, is an open-source daemon which runs on many UNIX system and manages internet-based connectivity. It offer a more secure extension to or version of inetd, the Internet Daemon. xinetd performs the same function as inetd does: starts program that provide internet service. Instead of having such servers tarted at system initialization time, and be dormant until a connection request arrives, xinetd is the only daemon process start and will listen on all service ports for the services listen in its configurations file. When incoming request come in, xinetd will then starts the appropriate server.

xinetd is freely available on its website here. Now download the latest version, here.

Installation

Now extract the package. You should get four files: Makefile, micro_proxy.8, micro_proxy.c, and README file.

Reading the README file, we got some information. If we use a System V like machine ( this will include old linux system), then edit the Makefile and uncomment the SYSV_LIBS line. However our server is not using System V, therefore we will ignore this.

Now just invoke make and make install to install the tool.

Next do installation of xinetd. We can accomplish this by extract, compile, and install the xinetrd. Once we finish, we will then get two package installed: xinetd, and micro_proxy.

Configuration

Set Micro Proxy to run via xinetd. Below is the sample configuration I use for micro_proxy:

service microproxy
{
   disable = no
   bind = 127.0.0.1
   socket_type = stream
   protocol = tcp
   user = root
   wait = no
   server = /usr/sbin/micro_proxy
}
service microproxyssl
{
   disable = no
   bind = 127.0.0.1
   socket_type = stream
   protocol = tcp
   user = root
   wait = no
   server = /usr/sbin/micro_proxy
}

Now edit /etc/services file and add following entries:

microproxy 2280/tcp
microproxyssl 2243/tcp

Both port are bound to microproxy and whenever connection arrives to those ports, microproxy will be executed.

Notice that in this article I use port 2280 for HTTP and 2243 as HTTPS. There is no limitation for what port you can choose. But for simplicity, I will use both ports for the rest of this article.

Now restart xinetd to force micro_proxy (if have been loaded) to reloaded. To make xinetd takes effect, make sure /etc/services is accessible by inetd.

Make sure micro_proxy is run. You can use any method to do so. These three methods can be used to check (either use one or all, but make sure you have appropriate tools installed).

lsof -i -nN -P | grep 2280
netstat -vatn
nmap localhost

Micro Proxy use SSL for operation. Therefore we need to establish a tunnel and direct all connection through the tunnel. Now, invoke following to terminal. This command works for Linux and UNIX. If you use Windows, you should check a SSH tunnel program. You can use PuTTY or KiTTY to accomplish this. A link to download KiTTY can be found here.

ssh -L 5000:127.0.0.1:2280 -L 5043:127.0.0.1:2243 [email protected]

In above snippet, server.name refers to our actual server’s hostname. If you use different port than used in this article, adjust it on ssh command.

To use, point proxy to our machine. In short, use 127.0.0.1 as proxy address and port 5000 for HTTP connection and port 5043 for HTTPS connections. Well, this is because we have create an SSH tunnel to our proxy out there.

Firewall

If you have IPtables installed on your machine, you will need to instruct your firewall to allow traffic through ports we have configured. This assume you have enough privileges to do so. Now, let’s open firewall baricade by invoking following rules to IPTables:

iptables -A INPUT -p tcp -i eth0 –dport 2280 -j ACCEPT

Now, we should be able to go through network.

,

About Author

about author

xathrya

A man who is obsessed to low level technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial