Unix users
All of the proxyTools except localProxy run on any system with Perl and a
few modules instaled.
Unix/Linux users with the Tk modules installed are able to use localproxy
in the same manner as MS Windows users.
This document discusses use of localProxy when Tk is not available (probably
because the X-Windows toolkit is not present).
Installation
Same as for MS Windows users, but more manual.
Module installation might be assisted by the following notes.
At least the following are required:
Storable
XML::Parser (and expat)
Time::HiRes
Archive::Zip
Net::DNS
Archive::Zip needed unzip to pass it's installation tests which was not present
on NetBSD. Forcing the installation seems to work ok.
Startup
The back end (localProxy2.pl) is run directly (rather than from the localProxy.pl
GUI).
./localProxy2.pl -c User0 -x 3
will start the back end, building a system for configuration User0 (as specified
in config-User0.xml).
Control
The back end will accept any Perl command on port 10081. Note how
dangerous this is (see below).
No commands are needed normally, but are usually used to get information (running
configuration, currently known speeds etc.)
To see which commands make sense you will need to look at the code; essentially
anything which makes sense in the context of the 'eval' point in the code
is acceptable.
A few examples are:
getConfig()
will return a complete XML description of the built
(running) system.
$config->{10080}->{1}->{0}->{2}->{host}
will return
the host address and port being used by localProxy for the 10080 service (usually
the non-censoring HTTP proxy service), in commStrat 1 (the CONNECT strategy),
layer 0 (the directly connectable proxies in the chain), index number 2.
Similarly $config->{10080}->{1}->{0}->{2}->{host} = "a.new.proxy.net:8000"
would set a new value for this host.
$config->{10080}->{0}->{0}->{1}->{isEnabled} = 0
is an example of a command type commonly used from the GUI. It will disable
the non-censoring http proxy service, commStrat 0, layer 0, index 1 host.
Whole commStrats, and even services may be disabled dynamically by similar
commands.
sub hello {print "hello world\n"}; hello()
will create a new
subroutine named hello and execute it.
Security
An open port where the listening application obligingly executes any command
with the privileges of the user is obviously a security risk. LocalProxy makes
attempts to limit access by IP address. It makes the assumption that the
first connecting IP address is the valid master.
Usually localProxy is run from the GUI on localhost, and the GUI waits for
the control port to open, so the window of exposure is only a second or so.
The most insecure situation would be where the back end is being run on another
host, and no GUI is involved. In this case, the user should connect to the
control port (say via telnet, netcat etc.) ASAP (and check that he has been
accepted as the master).
The services offered by localProxy may be used by others as well. Perl is
not vulnerable to buffer overflows, and localProxy never executes any of this
data, but it does process it sometimes (regexes, for example) , and so may
be vulnerable in some way. Use by others may be desirable (to allow
friends to use your non-censoring HTTP proxy or Usenet News service, for example),
so in this case, a flag is provided to allow/disallow access from other addresses
(see the setting of 'serverAccessRestricted' in config-User0.xml, for example).