Remote controlling client behind proxy

[Mortac]

I'm trying to learn a few things about proxy servers and have a question I haven't been able to find the answer to:

Is it possible to gain remote control over a client computer behind a proxy server if you use a trojan (i.e. the trojan on the client initiates communication with the outside computer), or is it still impossible because there's no way for the outside computer to reach the client because of the proxy? Or does it simply just depend on how the proxy is configured and/or which kind of proxy it is?

Really would like an answer to this one if anyone would be so kind to enlighten me.

 

[Thyme]

It really depends on how the proxy is setup. Let's take the case where all packets are dropped except through the proxy. Let's say the trojan is not directed at the client so it has no pre-existing knowledge about the victim's network. If the trojan writer anticipated a proxy, it'd be fairly easy to have it detect IE's proxy settings, for example. If the proxy detects the trojan, then it will reject the packets and the victim will be safe. I don't know how good proxies are at that, but I doubt they would be able to detect many if at all.

Of course, if the proxy is setup to not require non-HTTP or non-port 80 connections to go through the proxy, then the trojan can easily get through.

My guess is a trojan could fairly easily outsmart any proxy system. As always, potential victims need to be vigilant to prevent the trojan from executing on the system in the first place.

 

[Garion]

Most proxy servers are designed to protect internal clients from the Big Bad Internet (tm). They also help increase performance through caching and add a bunch of other cool things.

There are several things to keep in mind about proxies.

• Most proxies are HTTP / HTTPS only (save those that support SOCKS). This means that anything that wants to travers a proxy needs to talk HTTP or HTTPS. Fortunately, it's not hard to tunnel any kind of TCP session through HTTPS so there's a lot of apps that get out via proxies this way.
• A lot of proxies require authentication. This means that most apps that can use a proxy can't get out without knowing the users' credentials to pass to the proxy. The exception to this are proxies which use NTLM - Windows integrated login. If the apps are written right and use the IE API's they can simply hook into IE/Windows auth and get through the proxy nicely. (Note: I haven't seen any nasty code that has figured this out yet. Most bad apps get blocked by my proxies since they don't understand authentication or have the right credentials)
• Proxy connections are initiated only from the inside out. This makes it a little more challenging. Not a lot, but a little. A trojan would have to "phone home" to some sort of controller on the Internet so it knows when to go active and to start a remote control session. Most script-kiddie hacking tools aren't smart enough to do this, thankfully.

If you want to know more about proxies, feel free to ask questions here and I'll answer them. IRL, I'm an architect and engineer who mostly works on proxies and load balancers.

All this being said, very few things are impossible. It's just a matter of knowing the environment you're developing for and how the pieces all work together. Proxies are designed to help machines get to the Internet. If you are smart enough to manipulate this, it's all doable.

- G