Proxy Server

Learning resources: https://learn-anything.xyz/network-science/computer-networking/proxy-server

Forward vs Reverse Proxy

Forward proxy:

• proxy traffic on behalf of client. Can be used to bypass firewall restrictions, e.g. facebook.com is blocked at school so use proxy server to bypass.
• Example: client <-> proxy-server.com <-> facebook.com

Reverse proxy:

• proxy traffic on behalf of server. Can be used for load balancing, high availability, etc.
• Example: client <-> facebook.com <-> reverse proxy server <-> internal server pool

Reverse Proxy Server

Legitimate uses:

• https://en.wikipedia.org/wiki/Proxy_server#Reverse_proxies
• https://www.youtube.com/watch?v=2fL8Otb9mTE
• multiple hostnames/domain names on one IP address can point to multiple web servers and only open up minimum ports (e.g. 80 and 443). All traffic is funneled through reverse proxy server
  • Go to relevant part of CBT Nuggets video: https://youtu.be/2fL8Otb9mTE?t=480
  • https://first.com <-> 1.2.3.4 <-> reverse proxy server <-> first-web-server.local
  • https://second.com <-> 1.2.3.4 <-> reverse proxy server <-> second-web-server.local
  • https://third.com <-> 1.2.3.4 <-> reverse proxy server <-> third-web-server.local

Phishing:

Can also be used for more advanced phishing attacks (e.g. can defeat TOTP 2FA): https://github.com/kgretzky/evilginx2

• victim <-> office365-phishing.com <-> reverse proxy server <-> office.com
• Attacker controls reverse proxy server and so can see all traffic. Can be automated to pull authentication token, session cookie, etc from legitimate (proxied) login and give that to the attacker.
• Mitigations:
  1. Don't fall for the phishing attack
  2. Use U2F / FIDO (e.g. Yubikey)