Welcome to our website! We’re so glad you’re here
If you’re here to test how various proxies modify HTTP headers, you can click the “Header Testing” link up top.
If you have no idea what HTTP or a proxy is, we’re not quite sure how you found the site but we’re still glad you’re here! If you’re interested, you can learn more about HTTP, proxies, phishing, or AitM Toolkits!
About Us
We are a team of researchers at Brigham Young University studying malicious AitM proxy detection methods. By visiting the links under the “Header Testing” tab you’re helping us a ton in our research.
If you want to learn more about what we’re doing, read on!
The Problem
If you have no experience with internet infrastructure, HTTP requests and responses, web proxies, or phishing, read the links up above ^^ to get caught up.
The development of the AitM transparent proxy phishing toolkit has totally changed the phishing landscape. Attackers can easily set up incredibly high fidelity fake “websites” by just relaying HTTP requests back and forth between the client and the server, while sniffing out usernames, passwords, and session cookies in the middle.
These proxies are difficult to sniff out, and thanks to packaged toolkits are incredibly easy for attackers to set up. They’ve spread like a wildfire throughout the internet.
The Solution (or at least, A Solution)
Our research focuses on how web servers hosting legitimate services such as Facebook or Outlook can detect and block requests that are being relayed by these transparent proxies.
We’ve discovered that each proxy makes slight modifications to the headers of each HTTP request. For example, they might change capitalization or ordering. By determining what “normal” requests look like and identifying the specific changes that malicious proxies are making, we believe we can create a detection method to aid defenders in the ward against phishing.
Want to Help?
All you have to do is visit the “Header Testing” page and click through each of the links to visit our server through various proxies. That’s it!
You’ll notice how the page looks the same each time, while the URL you’re accessing is different. That’s because each proxy is simply forwarding your HTTP request onto the web server then forwarding responses back to you. It’s pretty cool! At least, we think it is… but we’re also nerds about this stuff!