I just want to know how can a hacker setup a reverse proxy in front of website (say www.xyz.com) to steal user information. A simple example will be more than enough. If user types www.xyz.com in web browser then is it possible that the request goes through the reverse proxy set up by a hacker or it will be like phishing attack where the address in web browser should be different from the real website.
A:
A reverse proxy is used to add features to a web server like load balancing, security, and caching.
For a hacker to take advantage of this they would need to trick the user into going to a different address from your real one (phishing) and then using the reverse proxy to make it look like they hit the real site.
With a locally installed application or virus it's possible to change the hosts file or intercept dns requests to redirect traffic to the real address, but that is far rarer than phishing.
http://en.wikipedia.org/wiki/Reverse_proxy
A reverse proxy is a proxy server that is installed on a server network or on network equipment. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.
A reverse proxy dispatches in-bound network traffic to a set of servers, presenting a single interface to the caller. For example, a reverse proxy could be used for load balancing a cluster of web servers. In contrast, a forward proxy acts as a proxy for out-bound traffic. For example, an ISP may use a proxy to forward HTTP traffic from its clients to external web servers on the Internet; it may also cache the results to improve performance.
Sam
2010-10-19 18:06:41
A:
No, more likely is that the hacker sets up a reverse proxy at www.xuz.com (misspelled www.xyz.com.) To set up a reverse proxy at www.xyz.com the hacker needs to either:
- Change dns-entries for xyz.com
or
- Gain access to the ip address to www.xyz.com
That's more unlikely as it's quite hard to do that.
Onkelborg
2010-10-19 18:06:44
So if it is more likely a phishing attack then I am OK with that as it comes on the responsibility of user also. I thought there is any other trick where the browser shows the address of real website but traffic goes through hacker's reverse proxy. This is only possible if DNS settings are changed and there is no other way. Thanks for the answer.
kumar
2010-10-19 18:22:28
Yes, kind of. Se Sam's answer also, the client can be manipulated, but that's not something anything on the web can do, that's caused by a virus or similar. And then reverse proxies isn't the big problem anymore..
Onkelborg
2010-10-19 19:18:24