Shining a light on dark places: A comprehensive analysis of open proxy ecosystem

Abstract

Open proxies provide free relay services and are widely used to anonymously browse the Internet, avoid geographic restrictions, and circumvent censorship. To shed light on the ecosystem of open proxies and characterize the behaviors of open proxies, we conduct a large-scale, comprehensive study on over 436 thousand identified proxies, including 104 thousand responsive proxies in nine months. We characterize open proxies based on active and passive measurements and examine their network and geographic distributions, performance, and deployment. In particular, to obtain a more in-depth and broader understanding of open proxies, we analyze two particular groups of open proxies — cloud-based proxies and long-term proxies. To process and analyze the enormous amount of responses, we design a lightweight method that classifies and labels the proxies based on DOM structure which defines the logical structure of Web documents. We identify that 7.17% of responsive proxies modify the page content, and 76.42% of those proxies perform malicious actions. Furthermore, we parse the contents to extract information to identify the owners of proxies and track their activities for deploying malicious proxies. To this end, we reveal that some owners regularly change the proxy deployment to avoid being blocked and deploy more proxies to expand their malicious attacks.