Panopticon - A System for a Network of Trusted Proxy Servers
Abstract
CERTs and other organizations often have the need to access websites from different angles, which could include to modify the user agent of the browser, supported plugins and alike, of which most can be easily manipulated. A very important parameter is the source IP address, which obviously cannot be changed easily to reflect for instance an IP of another country. This tool is helping to setup different views on websites, based on a darknet of proxy servers provided by trusted volunteers around the world.
What is it:
Panopticon is a server application which acts as a stack of proxy servers from which the user can quickly select different exit points (parent proxies).
Why?
Reverse engineers and incident analysts from time to time have to come from different IP addresses to see if a server application on the Internet changes behaviour based on source IP address, e.g. Ransomware or malware distributing servers.
Who can use it:
Trusted partners are welcome to use this service as long as they can collaborate by adding a proxy on their side.
What you need:
- A browser which is configured to use a local proxy (default: localhost:8123).
- SSH client with public key authentication and port forwarding connecting to Panopticon server
What it looks like:
Client SSH client
|
| SSH authentication/forwarding
|
Panopticon Proxy
/ | \
/ | \
/ | \
PP.1 PP.2 PP.n Parent proxies
How it works:
Panopticon is a server side proxy switching application. A basic user interface enables the user to switch between several configurations.
To use it, you need to configure your Browser to connect to a local proxy server (default: localhost:8123) and an SSH client which is instructed to connect to our server with port forwarding enabled. This is usually done in a command line like the following:
ssh -C -l USERNAME panopticon.circl.lu -L:8123:localhost:YOURPORT
(RSA key fingerprint is ab:17:07:89:b7:57:d3:2e:b3:ae:e7:0b:3f:4b:c0:b3)
You can get a username from CIRCL, and authentication is granted on basis of public key authentication. The SSH public key needs to be sent to info@circl.lu.
The port YOURPORT is fixed per user. The correct configuration will always be shown after the connect and should have been communicated in the initial mail.
How you can contribute:
Set up a Parent proxy and allow access from the IP of panopticon.circl.lu (168.63.211.47).
A very basic proxy configuration for polipo is shown below, only proxyAddress needs to be adjusted to your IP address:
proxyAddress = "w.x.y.z"
maxAge = 0
maxExpiresAge = 0
dontCacheRedirects = true
serverMaxSlots = 32
serverSlots = 8
serverSlots1 = 16
dnsMaxTimeout = 30s
dnsNegativeTtl = 1m
serverTimeout = 1m
serverIdleTimeout = 1m
disableConfiguration = true
diskCacheRoot=""
Contact CIRCL about the IP address, the network name and your organisation name in order to create a configuration file.
FAQ
Frequently asked questions about the panopticon project.
Panopticon is not designed for speed
Indeed, compared to your usual browsing experience, panopticon is really slow. Adding different layers of proxies, distributed over large numbers of hops has its costs. Nevertheless, to check the behavior of a website is clearly achievable.
Can panopticon be used for mass scanning?
While we don’t prevent this, panopticon is not built for such a task. Assuming that you need low latency and good bandwidth for such a scan, panopticon’s focus is on stability, flexibility and security rather than speed.
Privacy
Privacy of your requests is not guaranteed. Every contributing member who’s proxy is being selected can look at the requests and the traffic. But the group is only incorporating trusted partners.