CGI Bestand - Wat doen we ermee?

[Gast ĐiŝaŝteɍƵaƞƴ]

Hey allemaal,

Ik heb vandaag een proxy voor tpb van tpb gedownload en nu heb ik een CGI bestandje en heb geen flauw idee wat ermee te doen. Hier is wel de omschrijving wat ik ermee moet doen maar snap niet helemaal hoe:

Put nph-proxy.cgi on a secure Web server and call it

Hier is nog de website waar hij legaal te downloaden is (website van de maker)

Mvg

ĐiŝaŝteɍƵaƞƴ

[Wous]

Welke bestanden heb je nog meer verkregen? En wat staat er precies in de cgi?

[Gast ĐiŝaŝteɍƵaƞƴ]

Als ik de officieele download van de site pak alleen 1 readme file en die CGI file dan.

Hier de inhoud van de readme file:

========================================================================

CGIProxy 2.1.4 (released May 8, 2012)

HTTP/FTP Proxy in a CGI Script

© 1996, 1998-2012 by James Marshall, james@jmarshall.com

All rights reserved. Free for non-commercial use; commercial use

requires a license.

For the latest, see http://www.jmarshall.com/tools/cgiproxy/

========================================================================

This README contains:

1. INTRODUCTION

2. LEGAL DISCLAIMER

3. INSTALLATION

4. SSL SUPPORT

5. USAGE

6. HELP IMPROVE THIS PROXY BY TELLING ME

7. LIMITS AND BUGS

8. OPTIONS

9. CHANGES

------------------------------------------------------------------------

1. INTRODUCTION:

This CGI script acts as an HTTP, HTTPS, or FTP proxy. Through it, you can

retrieve any resource that is accessible from the server this runs on.

This is useful when your own access is limited, but you can reach a server

that in turn can reach others that you can't. By default, no user info

(except browser type) is sent to the target server, so you can set up your

own anonymous proxy.

Whenever an HTML resource is retrieved, it's modified so that all links

in it point back through the same proxy, including images, form submissions,

and everything else. JavaScript and Flash apps are similarly "proxified".

Once you're using the proxy, you can browse normally and (almost) forget

it's there.

Configurable options include text-only proxying (to save bandwidth),

selective cookie and script removal, simple ad filtering, access restriction

by server, custom encoding of target URLs and cookies, and more-- there are

more than 50 options so far (see the complete list of configuration options

below). It can run under mod_perl unchanged. It requires Perl 5.6.1 or later.

The original seed for this was a program I wrote for Rich Morin's

article in the June 1996 issue of Unix Review, online at

http://www.cfcl.com/tin/P/199606.shtml .

IMPORTANT NOTE ABOUT ANONYMOUS BROWSING:

CGIProxy was originally made for indirect browsing more than anonymity,

but since people are using it for anonymity, I've tried to make it as

anonymous as possible. Suggestions welcome. For best anonymity, browse

with JavaScript turned off, or configure CGIProxy to remove script

content (see the options below). Also, be aware that Flash or other

executable content may be able to reveal you to a server, though CGIProxy

tries to prevent that too. Please tell me if you find any way that

anonymity can be compromised when using CGIProxy.

------------------------------------------------------------------------

2. LEGAL DISCLAIMER:

Censorship is a controversial subject, and some governments and companies

have rules about what information you should have access to. If you use

my software to bypass rules that have been imposed on you, you assume all

legal risks and responsibilities involved. I'm providing the software as

a demonstration and teaching tool, and for when legitimate access is

needed to non-accessible servers. I won't encourage you to break any

rules, because I would get in trouble if I did. I can't prevent you from

using this software in illegitimate ways, but I believe the value of it in

its many uses is far too great to let a few miscreants ruin it for

everybody.

------------------------------------------------------------------------

3. INSTALLATION:

To run this, your server must support Non-Parsed Header (NPH) CGI scripts.

Most servers do, but not all. (Starting in version 1.3.2, there may be a

way to run this script without NPH support; see the $NOT_RUNNING_AS_NPH

option below and read the warnings where it is set in the source code.)

Quick answer: Put nph-proxy.cgi on a secure Web server and call it. Really,

that's all most people need to do. To add SSL support, see the "SSL SUPPORT:"

section below.

Longer answer:

1) Unpack the distribution.

2) Set any desired options in nph-proxy.cgi by editing the file. See all

the options below; the defaults are probably fine if you don't feel like

messing with it. If you have special server or network issues, like an

SSL server on a non-standard port or an HTTP or SSL proxy you must use,

then see the section "OPTIONS RELATED TO YOUR SERVER/NETWORK ENVIRONMENT".

SECURITY NOTE: If you're installing this on a firewall as a VPN-like

solution, then be sure to set @BANNED_NETWORKS to include ALL IP addresses

of the firewall machine, and all IP addresses or ranges of machines

inside the firewall that you don't want users of this script to access.

If you don't know Perl, you can guess how to set a value by emulating

the examples already in there. Variables starting with "$" hold single

values, and variables starting with "@" hold lists of values. Lines

beginning with "#" are comments and are ignored when the program runs.

As in most programming languages, 1 means true and 0 means false.

The reason all the options don't go in a separate configuration file

is because that would require the script to open and read that file

with every call, which would put a major load on the CPU.

3) Install the script like any other CGI script (set permissions and path

to the Perl interpreter). Be sure it's installed as an NPH script. In

Apache and related servers, do this by starting the filename with "nph-".

If you've never installed a CGI script before, then I recommend finding

a simple one somewhere to install first, so you can become familiar with

the process. Then install CGIProxy. Normally it's very easy to install.

To add SSL support (lets you access secure servers), see the section

"SSL SUPPORT:" below. You need to install a couple more packages. Once

these packages are installed, CGIProxy will automatically detect them and

support SSL. If the packages aren't present, then CGIProxy will still

work fine for everything else except access to secure servers. If you need

to use an SSL proxy, be sure to set $SSL_PROXY (and possibly $SSL_PROXY_AUTH).

Note that if you add SSL support, it is strongly recommended that you run CGIProxy

itself on a secure server. Otherwise, secure data will be compromised on the

link between the browser and CGIProxy! But you should be running CGIProxy

on a secure server anyway.

If you're not using Perl 5.9.4 or later, and you want gzip support (compression),

install the Perl module IO::Compress::Gzip if it's not already on your system.

Installation is similar to that of the Net::SSLeay module, described in the

"SSL SUPPORT:" section below.

If heavy use of this proxy strains your server's CPU, see "NOTES ON

PERFORMANCE" in the source code. By far, the single biggest gain can be made

by running this under mod_perl, if you're not doing so already. UPDATE: For a

while, mod_perl 2.x didn't support NPH scripts, which is required to use

CGIProxy. That's been fixed, and NPH scripts are now supported.

------------------------------------------------------------------------

4. SSL SUPPORT:

To retrieve pages from secure servers, you need to install two separate

packages on the server in addition to nph-proxy.cgi:

1) OpenSSL, a freely-available library of SSL and cryptography tools

2) Net::SSLeay, a Perl module to interface with OpenSSL

OpenSSL is already installed on many servers. You can usually tell which

version you have (if any) by entering "openssl version" at a Unix prompt.

The Net::SSLeay module is not as common, but you can check whether it's

installed and which version you have with:

perl -MNet::SSLeay -e 'print "$Net::SSLeay::VERSION\n"'

Either you get a version number, or it fails if Net::SSLeay isn't installed.

If you need to install either package, they're at, respectively:

http://www.openssl.org/

http://search.cpan.org/search?module=Net::SSLeay

Installing these packages is "beyond the scope of this README", but usually

they both install easily with no problems. If you don't have root access on

your server, you may need to change the default installation directory, maybe

by manually editing the PREFIX setting in Makefile or something like that.

Once these packages are correctly installed where nph-proxy.cgi can find

them, the script will automatically detect them and support SSL; no changes

to nph-proxy.cgi are needed. If you have to install Net::SSLeay somewhere

that's not on the standard Perl module path (i.e. @INC), then add a "use lib"

command near the start of nph-proxy.cgi to tell the script where to find

Net::SSLeay, e.g. "use lib 'path/to/your/modules'".

If you're installing on Windows, I'm told that you can install Net::SSLeay

from the PPM repository at uwinnipeg.ca by entering these three commands

in the PPM shell:

rep add uwinnipeg http://theoryx5.uwinnipeg.ca/cgi-bin/ppmserver?urn:/PPMServer58

search Net_SSLeay.pm

install Net_SSLeay.pm

Note that these two packages are completely unaffiliated with CGIProxy, and

may have their own terms of use.

If you need to use an SSL proxy e.g. to get through a firewall, then be sure

to set $SSL_PROXY and $SSL_PROXY_AUTH as needed.

IMPORTANT NOTE: It is HIGHLY RECOMMENDED that if you install SSL support

for CGIProxy, then CGIProxy itself should be running on a secure server

(i.e. accessed with a URL starting with "https://")! Otherwise, you open a

serious security hole: any secure data sent to or from a target server will

be transmitted insecurely between CGIProxy and the browser, undermining the

whole purpose of secure servers. But really, you should be running CGIProxy

on a secure server anyway.

------------------------------------------------------------------------

5. USAGE:

Call the script directly to start a browsing session. Once you've gotten

a page through the proxy, everything it links to will automatically go

through the proxy. You can bookmark pages you browse to, and your

bookmarks will go through the proxy as they did the first time.

------------------------------------------------------------------------

6. HELP IMPROVE THIS PROXY BY TELLING ME:

1) Any kind of links in HTML, JavaScript, CSS, or Flash that aren't being

converted, including non-standard tags or links.

2) Any method of introducing JavaScript or other executable content that's not

being filtered out.

3) Any file types that contain links that need to be converted, other than

what's handled now (I know about PDFs).

4) Any other ways you can find to compromise anonymity.

Please verify you're using the latest version of CGIProxy before emailing me.

------------------------------------------------------------------------

7. LIMITS AND BUGS:

ANONYMITY MAY NOT BE PERFECT!! In particular, there may be some holes where

unproxified JavaScript or Flash content can slip through. If you find any,

please tell me. For best anonymity, turn JavaScript and Flash off in your

browser (best), and/or configure CGIProxy to remove scripts.

If you browse to many sites with cookies, CGIProxy may drop some, causing

some sites to not work. If this happens, delete some or all of your existing

cookies (via the "Manage Cookies" screen) and try again.

I didn't follow the spec on HTTP proxies, and there are violations of the

protocol. Actually, this whole concept is a violation of the proxy model,

so I'm not too worried. If any protocol violations cause you problems,

please let me know.

Only HTTP/HTTPS and FTP are supported so far.

========================================================================

8. OPTIONS:

Here's a list of all the configuration options in CGIProxy, sorted into rough

categories. The default settings are in square [] brackets, and should work

fine for almost all situations. If you have special server or network

considerations, see the options in the category "OPTIONS RELATED TO YOUR

SERVER/NETWORK ENVIRONMENT". For more information on any option, see the

comments in the source code where it is set, in the user configuration section.

MAIN CONFIGURATION OPTIONS:

---------------------------

$TEXT_ONLY [0]

Allow only text resources through the proxy, to save bandwidth.

$REMOVE_COOKIES [0]

Ban all cookies to or from all servers. To allow and ban cookies by

specific servers, see @ALLOWED_COOKIE_SERVERS and @BANNED_COOKIE_SERVERS.

$REMOVE_SCRIPTS [0]

Prevent any script content from any server from reaching the browser.

This includes script statements within HTML pages, external script

files, etc. To allow and ban script content by specific servers,

see @ALLOWED_SCRIPT_SERVERS and @BANNED_SCRIPT_SERVERS. Anonymity is

unreliable if you don't either remove scripts, or browse with scripts

turned off in your browser.

$FILTER_ADS [0]

Remove ads from pages, based on the patterns in @BANNED_IMAGE_URL_PATTERNS.

Also ban ad-related cookies by setting $NO_COOKIE_WITH_IMAGE.

$HIDE_REFERER [0]

Don't tell servers which link you followed to get to their page. (Yes,

it's misspelled on purpose.)

$INSERT_ENTRY_FORM [1]

At the top of every page, include a small form that lets you enter

a new URL, change your options, or manage your cookies.

$ALLOW_USER_CONFIG [1]

Let users set their own $REMOVE_COOKIES, $REMOVE_SCRIPTS, $FILTER_ADS,

$HIDE_REFERER, and $INSERT_ENTRY_FORM, via checkboxes on the entry form.

sub proxy_encode {}, proxy_decode {}

(Requires minor programming.) You can customize the encoding of

destination URLs by modifying these routines. The default is a simple

unobscured URL, but sample obscuring code is included in the comments.

Note: If you're not removing scripts, then you also need to change

_proxy_jslib_proxy_encode() and _proxy_jslib_proxy_decode()-- see the

comments.

sub cookie_encode {}, cookie_decode {}

(Requires minor programming.) You can customize the encoding of cookies

sent to the user's machine by modifying these routines. The default is a

simple unobscured cookie, but sample obscuring code is included in the

comments.

Note: If you're not removing scripts, then you also need to change

_proxy_jslib_cookie_encode() and _proxy_jslib_cookie_decode()-- see the

comments.

@ALLOWED_SERVERS, @BANNED_SERVERS [empty]

Allow or ban specific servers from being accessed through the proxy, based

on their hostname. Each array is a list of patterns (regular expressions)

to match, not just single servers.

@BANNED_NETWORKS [('127', '192.168', '172', '10', '169.254', '244.0.0')]

Ban specific IP addresses or networks from being accessed through the

proxy. Recommended for security when this script is run on a firewall.

@ALLOWED_COOKIE_SERVERS, @BANNED_COOKIE_SERVERS [empty]

Allow or ban cookies from specific servers. Each array is a list of

patterns (regular expressions) to match, not just single servers.

@ALLOWED_SCRIPT_SERVERS, @BANNED_SCRIPT_SERVERS [empty]

Allow or ban script content from specific servers. Each array is a list

of patterns (regular expressions) to match, not just single servers.

@BANNED_IMAGE_URL_PATTERNS [sample list in source code]

If $FILTER_ADS is set, then ban images that match any pattern in this list.

$RETURN_EMPTY_GIF [0]

If an image is banned, then replace it with a 1x1 transparent GIF to

show blank space instead of a broken image icon.

$NO_COOKIE_WITH_IMAGE [0]

Ban all cookies that come with images or other non-text resources. Those

are usually just Web bugs, to track you for marketing purposes.

$QUIETLY_EXIT_PROXY_SESSION [0]

(NOT for use with anonymous browsing!!!) For VPN-like installations, let

the user browse directly from proxied pages to unproxied pages, with no

intermediate warning screens. See the comments for more info.

$PROXIFY_SCRIPTS [1]

Proxify all supported script content. Currently, only JavaScript is

supported.

$PROXIFY_SWF [1]

Support Flash apps, i.e. reroute all network accesses in them back through

this program.

$ENCODE_URL_INPUT [1]

When submitting a URL through either the start form or the top form,

encode it first by using proxy_encode().

$USER_IP_ADDRESS_TEST ['']

This lets you call an external test to authorize the user. See comments

for more details.

$DESTINATION_SERVER_TEST ['']

This lets you call an external test to determine if the destination

server is allowed (as opposed to using @ALLOWED_SERVERS and

@BANNED_SERVERS). See comments for more details.

OPTIONS RELATED TO YOUR SERVER/NETWORK ENVIRONMENT:

----------------------------------------------------

To enable access to secure servers:

Install the separate packages OpenSSL and Net::SSLeay. If Net::SSLeay

is not in the standard Perl module path, then add a command like

"use lib 'path/to/your/modules'" to the script.

To enable compressed (gzip'd) content:

If you're not using Perl 5.9.4 or later, then install the IO::Compress::Gzip

Perl module. If IO::Compress::Gzip is not in the standard Perl module path,

then add a command like "use lib 'path/to/your/modules'" to the script.

$RUNNING_ON_SSL_SERVER ['']

Set this if the script is running on an SSL server (i.e. accessed with

an "https://" URL). Or, the default value of '' means to guess based on

the server port, which almost always works: the script assumes SSL if

and only if the server port is 443.

$NOT_RUNNING_AS_NPH [0]

Set this if the script is not running as an NPH script (not recommended;

see comments for possible dangers).

$HTTP_PROXY, $SSL_PROXY, $NO_PROXY [none]

If this script has to use an HTTP proxy (like a firewall), then set

$HTTP_PROXY to that proxy's host (and port if needed). Set $SSL_PROXY

similarly when using an SSL proxy. $NO_PROXY is a comma-separated list

of servers or domains that should be accessed directly, i.e. NOT through

the proxies in $HTTP_PROXY and $SSL_PROXY. Also see $USE_PASSIVE_FTP_MODE

below when using a firewall.

$PROXY_AUTH, $SSL_PROXY_AUTH [none]

If either or both of the proxies in $HTTP_PROXY and $SSL_PROXY require

authentication, then set these two variables respectively to the required

credentials.

@PROXY_GROUP [empty]

This is an experimental feature which may help with load balancing, or

may have other creative uses. Cookies won't work if you use this.

See the comments for further info.

INSERTING A STANDARD HEADER INTO EACH PAGE:

-------------------------------------------

$INSERT_HTML [none]

Insert your own block of HTML into the top of every page.

$INSERT_FILE [none]

Insert the contents of the named file into the top of every page. Can't

be used with $INSERT_HTML.

$ANONYMIZE_INSERTION [0]

If $INSERT_HTML or $INSERT_FILE is used, then anonymize that HTML along

with the rest of the page.

$FORM_AFTER_INSERTION [0]

If $INSERT_HTML or $INSERT_FILE is used, and $INSERT_ENTRY_FORM is set,

then put the URL entry form after the inserted HTML instead of before it.

$INSERTION_FRAME_HEIGHT [80 or 50, depending on $ALLOW_USER_CONFIG]

On pages with frames, make the top frame containing any insertions this

many pixels high.

MINOR OR SELDOM-USED OPTIONS:

-----------------------------

$SESSION_COOKIES_ONLY [0]

Force all cookies to expire when the current browser closes.

$MINIMIZE_CACHING [0]

Try to prevent the user's browser from caching, i.e. from storing anything

locally. Better privacy, but consumes more bandwidth and seems slower.

$USER_AGENT [none]

Tell servers you're using this browser instead of what you're really using.

@TRANSMIT_HTML_IN_PARTS_URLS [empty]

Transmit each part of certain HTML pages back to the user as they are

received, rather than wait for the whole page. This is set to a list of

patterns that match URLs for which you want this treatment.

$USE_PASSIVE_FTP_MODE [1]

When doing FTP transfers, use "passive mode" instead of "non-passive mode".

Passive mode tends to work better when this script runs behind a firewall,

but that varies by network.

$SHOW_FTP_WELCOME [1]

When showing FTP directories, always display the FTP welcome message,

instead of never displaying it.

$PROXIFY_COMMENTS [0]

Proxify the inside of HTML comments as if it's not inside comments.

$USE_POST_ON_START [1]

Use POST instead of GET when submitting the URL entry form.

$REMOVE_TITLES [0]

Remove titles from HTML pages.

$NO_BROWSE_THROUGH_SELF [0]

Prevent the script from calling itself.

$NO_LINK_TO_START [0]

Don't link to the start page from error pages.

$MAX_REQUEST_SIZE [4194304 = 4 Meg]

(Obscure.) The largest request that can be handled in certain rare

situations involving password-protected sites.

$ALLOW_UNPROXIFIED_SCRIPTS [0]

Allow scripts of unsupported type to pass through the proxy.

$COOKIE_PATH_FOLLOWS_SPEC [0]

When handling cookies with no path, treat it according to the cookie spec.

If not set, behave as browsers (erroneously) do, i.e. set the path to "/".

$RESPECT_THREE_DOT_RULE [0]

Restrict cookie domains as they should be, based on how many dots they

have. If not set, behave as browsers (erroneously) do, i.e. loosen

restrictions on cookie domains with two dots.

$PROXY_DIR ["$ENV{HOME}/.cgiproxy"]

(Currently unused.) The directory on the server where the program can

place files.

$ALLOW_RTMP_PROXY [0]

(Currently unused.) Allow the creation of an RTMP proxy process.

========================================================================

9. CH'CH'CH'CH'CHANGES:

-----------------------

2.1.4, released May 8, 2012:

----------------------------

Fixed a bug with chunked responses, making captcha work better.

Closed some privacy holes in JavaScript and Flash support.

Fixed some small bugs, making more pages work better.

Added "Delete all cookies" link to top of cookie management screen.

2.1.3, released April 27, 2012:

-------------------------------

Improved Flash support, including better support for online video. No delay

with YouTube anymore.

Improved support for Same-Origin Policy (browser security).

Other security fixes.

Other fixes and workarounds, making more pages work correctly.

2.1.2, released April 8, 2012:

------------------------------

Added "download" link to footer.

Fixed "SSL options" bug.

No longer fails in Windows because of getpwuid() call.

Various security fixes.

Various small fixes to make more pages work better.

Internal: rewrote _proxy_jslib_handle() and _proxy_jslib_assign() more cleanly,

using _proxy_jslib_instanceof() instead of the error-prone _proxy_jslib_object_type()

(which was removed). Still works around many browser bugs.

2.1.1, released January 19, 2012:

---------------------------------

$ENCODE_URL_INPUT is now on by default, and is fixed to work better in all

major browsers.

Link to CGIProxy home page in the footer is now proxified.

Now supports jQuery-based sites better.

Added support for a few non-standard HTTP request headers.

Works better with captcha.

$NO_COOKIE_WITH_IMAGE is now off by default, to support captcha.

Many small fixes and workarounds, including several privacy and security fixes.

2.1, released December 9, 2011:

-------------------------------

Flash 9 and later is now supported, which among other things means YouTube

works through CGIProxy again.

Changed flag segment of full URLs to something less obvious.

Now supports "data:" URIs.

Now supports ECMAScript (JavaScript) version 5.

Many fixes in JavaScript support and elsewhere.

No longer eats memory when connecting to secure servers.

$PROXIFY_SWF is now set by default.

Now uses the Encode module instead of the old utf8:: stuff.

Added two config options $PROXY_DIR and $ALLOW_RTMP_PROXY, though they're not

used yet.

2.1beta19, released December 25, 2008:

--------------------------------------

Fixed a couple of bugs with cookies, so they (including logins) should work

better.

Fixed so that Safari no longer chokes on StorageList handling.

Various other small fixes.

2.1beta18, released August 10, 2008:

------------------------------------

Certain pages were very slow in MSIE due to the way MSIE implements

Array.pop(), so a lot of code was rewritten to avoid using Array.pop(). Those

pages now function at normal speed in MSIE. Some pages see an improvement

of 10x or better.

proxify_js() is now about 5% faster due to reworking of $div_ok setting.

Now handles "application/xhtml+xml" content correctly.

$REMOVE_SCRIPTS and $HIDE_REFERER both now default to 0 (false).

Various small fixes, workarounds, and cleanup.

2.1beta17, released March 11, 2008:

-----------------------------------

Fixed a couple of bugs with SWF (Flash) support. In particular, <param> tags

are now proxified correctly when in certain <object>s, and thus youtube.com now

works when using MSIE.

2.1beta16, released March 3, 2008:

----------------------------------

Includes a ton of fixes and workarounds in JavaScript support, making more

sites work through it.

Includes a fair amount of performance improvement too.

Added experimental support for Shockwave Flash (SWF) apps. If you set

$PROXIFY_SWF=1, the script will proxify the SWF bytecode so that any

network accesses go back through the same script. It works with many but

not all Flash apps. Sometimes it can slow down a page, if the page has e.g.

lots of Flash ads.

Fixed port-handling in HTTP Basic authentication support.

Several other small bug fixes, cleanup, and comments.

2.1beta15, released October 26, 2006:

-------------------------------------

Fixed bug handling "javascript:" URLs that was causing some sites to fail.

Fixed bug in _proxy_jslib_cookie_encode() and _proxy_jslib_cookie_decode(),

in the commented-out rot-13 line. Cookies should now work when using rot-13.

"about:blank" pages no longer generate the "WARNING:" page.

In the start page, the URL entry field now initially has focus (only if JS

is running).

Added support for Element.getElementsByTagName to _proxy_jslib_handle()

(though it's done in the form of "Node.getElementsByTagName").

Now explicitly defaults the first argument of "Document.open()" to text/html.

This is supposed to happen anyway, but not all browsers do it correctly when

writing to a frame.

Proxification of top-level "return" statements should now work better in a

couple of ways.

Several more small fixes and cleanup, making more sites work.

2.1beta14, released October 16, 2006:

-------------------------------------

Better handling of "javascript:" URLs.

Now correctly handles "delete(...)" .

Various browser bugs/crashes are now trapped by try/catch blocks so they're

not fatal.

More erroneous HTML and JavaScript is now worked around.

Many more small fixes and workarounds.

2.1beta13, released September 12, 2006:

---------------------------------------

The $TRANSMIT_HTML_IN_PARTS config variable has been removed; now you only

need to set @TRANSMIT_HTML_IN_PARTS_URLS . Use of both was redundant.

Now correctly handles UTF-8 content.

Authorization cookies are now associated with the server and port, rather than

just the server.

Worked around MSIE bug that shifts centered content to the right.

Now works around more erroneous HTML, JavaScript, and browser behavior.

Other minor fixes.

2.1beta12, released June 6, 2006:

---------------------------------

Now optionally supports compression (gzip) of message bodies, if the

Compress::Zlib Perl module is installed. This also helps with certain server

bugs.

To help with pages that are returned in parts with long delays between those

parts, you can now use the $TRANSMIT_HTML_IN_PARTS and

@TRANSMIT_HTML_IN_PARTS_URLS options to have CGIProxy process and return each

piece of HTML as it receives it rather than wait for the whole page. This

helps with certain library database queries, for example.

Further improved CSS handling, including better display of the top form.

Improved handling of "nnn;" HTML entities.

Better updating of the top form when using frames.

When $TEXT_ONLY is set, there are no longer any wasteful attempts to get the

images (unless $RETURN_EMPTY_GIF is set). Also, $RETURN_EMPTY_GIF now defaults

to 0 .

Now handles JavaScript's deprecated with() statement.

Now handles Document.referrer .

Cookie values are now allowed to have spaces in them, even though that's

technically illegal; unfortunately, some sites require them to work. If this

causes any problems, please let me know.

Other minor fixes.

2.1beta11, released March 14, 2006:

-----------------------------------

Improved (though not yet perfect) CSS handling.

Now uses a different system to track which elements have been proxified.

(PLEASE tell me if you find any privacy holes, i.e. when the browser

makes a direct connection to the end server when it should be going though

CGIProxy.)

Fixed a hang when using MSIE and IIS.

HTML (e.g. innerHTML) is no longer doubly-proxified when using "+=".

Improved handling of nnn; -type entities.

No longer inserts "<!-- resource has been modified by proxy -->"; it was

becoming more trouble than it's worth.

Better handling of data retrieved through XMLHttpRequest.

Cleaner support of Document.domain .

Many other minor fixes, workarounds, and cleanup, mostly in JavaScript support.

2.1beta10, released December 6, 2005:

-------------------------------------

Now supports UTF-16 pages, if using Perl 5.8.0 or later.

Now supports query-only URLs.

Window.open with a relative URL is now handled correctly.

In JavaScript, (non-standard) octal numbers and characters are now handled.

Now allows (erroneous) commas in cookie values, created by at least one server.

Now allows (erroneous) line terminators in JavaScript string literals if

preceded by a "\", since browsers seem to allow it.

Many other minor fixes, mostly in JavaScript support.

2.1beta9, released October 27, 2005:

------------------------------------

Cleaned up URL handling in proxy_encode(), proxy_decode(), and their JS

counterparts. Those routines are now back to their old format in which

they contain only user-configurable statements. The "do not remove" code

has been moved into wrapper functions; anywhere proxy_encode() is called

should now call wrap_proxy_encode() instead, and the same is true for the

three other related routines.

@BANNED_NETWORKS now includes the whole 127.x.x.x subnet.

Cookies are now handled more like browsers handle them (though not as the

spec calls for), in a couple of ways.

In the JavaScript code, reworked handling of "delete", preincrement, and

predecrement. Those operators are now handled much better.

Other minor fixes.

2.1beta8, released August 23, 2005:

-----------------------------------

Now more properly encodes all "?", "#", and others in default proxy_encode().

This includes further working around aforementioned Apache bug with PATH_INFO.

Now supports Accept-Language: header in requests, which means that pages will

more often be returned in the expected language.

Added support for query-only URLs, i.e. those beginning with "?". Don't know

why this never came up before.

A couple fixes and workarounds in JavaScript support.

Other minor fixes.

2.1beta7, released June 28, 2005:

---------------------------------

Added a "Report a bug" link in the top form, which will hopefully result

in more bug reports.

Now supports (erroneous) JavaScript that contains the string "</script"

within it, as browsers do.

Worked around an Apache bug (fixed in 2.0.55) that causes problems when

PATH_INFO contains "//".

Fixed a few bugs in JavaScript handling.

Other minor fixes.

2.1beta6, released May 24, 2005:

--------------------------------

JavaScript is now supported, i.e. JavaScript is modified as necessary to

route all network accesses back through the script.

$PROXIFY_SCRIPTS is now on by default.

Unsupported scripts are now removed by default; to not remove them, use

$ALLOW_UNPROXIFIED_SCRIPTS.

Top form has been put into its own one-cell table, with a white background.

This makes it readable on many pages where it wasn't before.

Checkbox text in top form now uses <label> tags, to allow clicking on text.

Now can encode URLs before submitting them, if you set $ENCODE_URL_INPUT.

Now supports external tests for valid user IP address ($USER_IP_ADDRESS_TEST)

and valid destination server ($DESTINATION_SERVER_TEST). Both may be either

a command-line program, or a CGI script on a remote server. These features

were added at the request of (and paid for by) the International Broadcasting

Bureau.

No longer times out after 10 minutes, which will help with large files.

Added some more appropriate values to @BANNED_NETWORKS.

Cookies with no path specified now use a path of "/", even though that

violates the spec, because that's how browsers treat them. If you want

to follow the spec instead, you can set $COOKIE_PATH_FOLLOWS_SPEC.

Illegal cookie domains that contain only two dots but are not in one of

the seven main TLDs are now allowed by default, because that's how browsers

behave. You can follow the spec instead by setting $RESPECT_THREE_DOT_RULE.

Many other minor fixes, and workarounds for browser bugs and buggy sites.

2.0.1, released November 19, 2002:

----------------------------------

This release improves compatibility and installability in a few environments;

it doesn't really add new features. In particular:

An SSL proxy is now supported with the $SSL_PROXY option, analogous to

$HTTP_PROXY. Authentication for it is handled with $SSL_PROXY_AUTH,

analogous to $PROXY_AUTH.

The $RUNNING_ON_WINDOWS option is no longer needed, and so no longer exists--

relevant code now determines the OS automatically when needed, or is handled

another way.

Sockets now work correctly on BSDI and possibly other systems, where before

the script generated messages like "Address family not supported by protocol

family" and possibly others. It works now because socket address structures

are created with the general pack_sockaddr_in() and inet_aton() functions from

the Socket module, instead of the traditional hard-coded "pack('S n a4 x8')"

method. The new way is more "correct", given that we're already loading the

Socket module anyway. It should help for future IPv6 support too.

All page insertions, including the initial "<!-- resource ... -->" comment, are

now inserted *after* any initial <!doctype> declaration, to avoid confusing

MSIE 6.0, which does not allow comments before an initial <!doctype>. The

problem showed up as subtle errors in page elements (like fonts, etc.) when

using MSIE; some or all of these problems should go away now.

Cache behavior when using a caching HTTP proxy should be correct now, because

Pragma: and Cache-Control: headers (if available) are now passed through to

the outgoing request. Before, caches would not always refresh as expected,

so page reloads didn't always work.

Fixed a compilation error when using certain older versions of Perl.

2.0, released September 18, 2002:

---------------------------------

This is a MAJOR release, even though most of the changes are internal. Some

things about the 2.0 script are fundamentally different from the 1.x series.

Here's a list of changes, roughly categorized:

---- Visible new features and changes: ----

Now supports SSL, i.e. can retrieve pages on secure servers. For this to

work, the separate packages OpenSSL and Net::SSLeay must be installed. If

they are not installed, then CGIProxy still works but cannot download pages

from secure servers. Also, it is strongly recommended to run CGIProxy on a

secure server when SSL is supported, or else secure data will be compromised

on the link between the browser and CGIProxy.

The top entry form now has an "UP" link, which links to the parent directory of

the current URL. The idea comes from the (quite useful) button in Konqueror.

Handling of top insertions has been cleaned up-- FTP directory listings now

include the correct insertions, and other cleaner behavior.

---- New or changed config options: ----

$RUNNING_ON_SSL_SERVER is now a three-way option: If it's set to '', then

assume an SSL server if and only if port 443 is being used. Besides being a

good default, this lets you put the script where it can be served by both a

secure server and a non-secure server.

Perl 4 is no longer supported. CGIProxy should run fine with Perl 5.004 or

later. Better yet, upgrade to Perl 5.6.1 or later if you can-- future

versions of CGIProxy may require that for some features.

FTP requests now use passive (PASV) mode by default, though you can use

non-passive mode by setting $USE_PASSIVE_FTP_MODE=0.

$HTTP_PROXY and $NO_PROXY are now used instead of $ENV{'http_proxy'} and

$ENV{'no_proxy'}.

For VPN-like installations, there is now a $QUIETLY_EXIT_PROXY_SESSION option

that allows a smooth transition from browsing an intranet through the proxy

to browsing external sites directly, without getting intermediate warning

screens. It's not meant for any situation where anonymity is important. See

the comments where it is set for more details.

Set the new $SESSION_COOKIES_ONLY option to make all cookies expire when the

browser closes.

Set the new $MINIMIZE_CACHING option to minimize any caching that may be done

by the browser, by using appropriate HTTP response headers. Cacheability of

various responses has also been cleaned up in general.

If for some reason you want content (e.g. HTML) inside <!-- --> comments to

be proxified like the rest, set the new $PROXIFY_COMMENTS option.

Improved the sample list of ad servers in @BANNED_IMAGE_URL_PATTERNS.

Cleaner and slightly different handling of $INSERT_HTML and $INSERT_FILE;

see comments in user config section for details.

$FASTER_HTML_LESS_PRIVACY no longer exists, because it's no longer relevant

with the new HTML-parsing structure (see below).

---- For programmers: ----

SSL support was implemented as a package that implements a tied filehandle,

called "SSL_Handle". The idea came from the Net::SSLeay::Handle module,

which for a couple reasons wasn't suitable to use directly. The SSL_Handle

package may be useful in other SSL applications, though this version is not

a full implementation. It does buffer its input, though, which can make it

a much faster alternative to Net::SSLeay's ssl_read_until() routine.

The entire section of code that modifies an HTML response (roughly 20-25% of

the whole program) has been completely rewritten from scratch, and has a new

structure. It's MUCH cleaner and slightly smaller than before, and is now

encapsulated in the routine proxify_html(). It handles the heterogeneity of

HTML correctly, i.e. non-HTML content that can exist within HTML (like

scripts, stylesheets, comments, or SGML declarations) is correctly separated

out and handled according to type. Also, tags are fully parsed into

attributes and rebuilt if needed, instead of hacking it with long regular

expressions as before; this removes a family of potential bugs and a lot of

messy code. Overall, the results are more accurate, and the new structure is

much more solid, flexible, and extensible, and much easier to work with than

before; it should let us solve any new problems in the "right" way when they

arise. :)

Many other sections of code have been partially or entirely rewritten, and

behavior is generally cleaner.

Global variables are now handled much more cleanly, especially regarding

their persistence when using mod_perl. Variables are now (almost) completely

divided between UPPER_CASE constants which retain their values between runs,

and lower_case variables which are reset for each run. After the user config

section is a constant initialization section; both are run only during the

first run of the script, and are skipped for efficiency during subsequent

runs under mod_perl. The config and initialization sections have been

arranged more carefully than before, for clarity and other reasons. Several

variables have had their semantics clarified.

NOTE: If you modified the code in an earlier version and used certain config

variables, you should review the new code before inserting the same changes.

For example, a variable like $REMOVE_SCRIPTS should normally be replaced by

$e_remove_scripts; the former is the config setting that never changes

anymore, while the latter reflects the value used for this run of the program

(which the user might change via a checkbox). There are several similar

variables. Also, avoid modifying UPPER_CASE variables, because those will

retain their values between runs under mod_perl... unless that's what you

want.

---- Other stuff: ----

The HTTP client in CGIProxy now uses HTTP/1.1 if the browser uses HTTP/1.1.

Before, only certain HTTP/1.1 features like the Host: header were supported;

now, all required HTTP/1.1 client features are supported, so CGIProxy is

"conditionally compliant" with HTTP/1.1 regarding its client functions, as

per the HTTP spec. CGIProxy can't control all server functions, but for

those that it does (such as the Date: header), it complies with HTTP/1.1.

Improved detection of text vs. non-text when supporting $NO_COOKIE_WITH_IMAGE,

which makes some pages behave better.

Many changes to take advantage of Perl 5, such as "use strict", better

regular expressions, references, and cleaner code all over the place.

Various other bugs fixed, privacy holes closed, performance improvements, UI

improvements, code rearrangement, and cleanup.

1.5.1, released February 7, 2002:

---------------------------------

Headers are no longer split on commas, which among other things means that

cookies work again.

A couple other minor bug fixes.

1.5, released November 26, 2001:

--------------------------------

Many changes this time around, some major, some minor. The code is about

50% larger. Here's a list of changes, roughly categorized:

---- Most visible new features and changes: ----

A new cookie management screen lets the user view and selectively delete any

cookies being sent through the proxy.

On pages with frames, any insertion (such as the small URL entry form) is now

in its own top frame.

Cookies may now be encoded with the cookie_encode() and cookie_decode()

routines, similar in concept to proxy_encode() and proxy_decode().

---- Making more pages work: ----

Referrer information, required by some servers, is now optionally sent to

the server.

Certain pages with Flash or other embedded objects now work better.

HTTP URLs which include authentication in them (e.g. "username:password")

are now supported.

Links to "javascript:" URLs are handled in a more friendly way.

Inline frames (i.e. <iframe> tags) are now handled like frames with regard

to insertions.

---- New config options: ----

If you're running this on or inside a firewall, use @BANNED_NETWORKS to ban

access to single hosts and whole networks by IP address. This is more

reliable than banning by hostname.

Set $REMOVE_TITLES to remove titles from HTML pages.

Error pages now link to the starting page, unless $NO_LINK_TO_START is set.

---- For programmers: ----

There's now a simple framework for handling any arbitrary MIME types that

may need modification (e.g. changing embedded links); see proxify_block().

To add handling for a MIME type, add code in proxify_block() and add your

MIME type into @TYPES_TO_HANDLE (and @OTHER_TYPES_TO_REGISTER if needed).

Additionally, a framework to proxify script content is in place: All script

content will be routed through the MIME type handler if $PROXIFY_SCRIPTS is

set. You need to add your own code to proxify_block() for this to actually

do anything.

Parsing of the flag segment of PATH_INFO has been encapsulated into the

routines pack_flags() and unpack_flags().

---- Invisible, or bug fixes: ----

Style sheets are handled much better, including <style> elements, "style"

attributes, and external style sheets. CSS is explicitly handled, but the

framework is in place for other types.

Certain tags in HTML specify the expected MIME type of the resource they

link to; this is now handled better.

The list of script MIME types is now more complete.

Cookies with the "secure" clause are now supported, though it's never

actually used without SSL support.

Strengthened $NO_COOKIE_WITH_IMAGE support by requiring an appropriate Accept:

header, to guard against certain sneaky Web bugs like at zdnet.com.

The script's URL is now generated using the Host: header if available,

instead of SERVER_NAME; this tends to have better results.

Any resource with an unidentified MIME type is now treated as text/html,

like Netscape does. This is safest.

<a href> attributes containing character entities are now handled better when

proxy_encode()'ing is used.

FTP URLs with spaces in them are now handled better, in a couple of ways.

Various tags, attributes, and HTTP headers that require special treatment

are now handled more correctly.

Various regex fixes, other minor bug fixes, and cleanup.

1.4.1 and 1.4.1-SSL, released March 8, 2001:

--------------------------------------------

CPU load was decreased 15% with two simple changes that I should have thought

of long ago.

Fixed error with <meta> "refresh" tags that caused proxy to loop through

itself.

Fixed problem with user-chosen URL entry form.

1.4-SSL, released February 22, 2001:

------------------------------------

This is a special version that can retrieve pages from SSL servers. It

is based on version 1.4, and otherwise works pretty identically to that

release.

1.4, released February 10, 2001:

----------------------------------

You can now optionally insert a compact version of the initial entry form

into the top of every downloaded page, by setting $INSERT_ENTRY_FORM=1. The

form also displays the URL you're currently viewing. This is selectable by

the user like the three original user-selectable options. Frames are handled

correctly, i.e. it's not inserted in frames, because that would be really

ugly. That was the hard part.

You can also insert your own block of HTML if desired: specify it either as a

fixed string in $INSERT_HTML, or name a file to be inserted in $INSERT_FILE.

For consistency, the URL format was changed slightly-- the initial flags in

PATH_INFO are always there and are now five in number. So any bookmarks

saved through the proxy will have to be converted or recreated. If there's

enough demand, I can write a simple converter each time I change the URL

format.

The user-entered hostname is now always lowercased, since host names are

case-insensitive.

Fixed a minor bug in 1.3.2 having to do with PATH_INFO encoding.

1.3.2, released February 3, 2001:

---------------------------------

By popular demand, you can now restrict which servers the proxy can access,

like the online demo does. This is configured with the lists

@ALLOWED_SERVERS and @BANNED_SERVERS.

For FTP transfers, a "Content-Length:" header is now returned when

guessable. This lets some browsers show you the percentage progress.

Pseudo-headers created by <meta http-equiv> tags are now handled like real

HTTP headers. Internally, the handling of HTTP headers has been cleaned up.

If you absolutely, truly, can't run NPH scripts on your server, there is

now an option to run as best as possible as a normal non-NPH CGI script.

For this to work, your server MUST support the "Status:" CGI response

header. All servers are supposed to support it, but not all do.

There is now a $NO_BROWSE_THROUGH_SELF option which prevents the proxy from

calling itself, which is usually a mistake anyway.

Proxy authentication (the "Proxy-Authorization:" request header) is now

supported in a limited way, with $PROXY_AUTH.

Regexes have been improved to match tag attributes better, and a related

privacy hole was fixed.

URLs with spaces (which are a bad idea anyway) are now more likely to be

handled as expected.

1.3.1, released June 6, 2000:

-----------------------------

Script now runs correctly under mod_perl (requires at least Perl 5.004).

Script now runs correctly on an SSL server, if $RUNNING_ON_SSL_SERVER is set.

Main URL-conversion loop runs almost twice as fast (40% less CPU time), with

a fix I should have noticed a long time ago.

Login for HTTP Basic authentication is now submitted with POST instead of

GET, for better security.

Fixed privacy hole when servers didn't return Content-Type: header.

1.3, released April 8, 2000:

-----------------------------

Anonymity has been improved, especially regarding JavaScript or other

script content. Before it was an afterthought; now it's being implemented

as completely as possible. If you know any anonymity holes, please tell

me. I'm especially interested in knowing any MIME types that identify

scripts.

In particular:

. Much more JavaScript is filtered out than before. As far as I know, all

of it is removed: in <script> blocks, in style sheets, in HTML attributes,

wherever indicated by HTTP headers, and other places.

. By default, $REMOVE_SCRIPTS is set to true.

. A potential privacy hole from a bug in Internet Explorer is protected.

You can now select which servers to allow scripts from, by setting

@ALLOWED_SCRIPT_SERVERS and @BANNED_SCRIPT_SERVERS.

If several people share a proxy, they can customize their own settings if

you set $ALLOW_USER_CONFIG.

Large files and streaming media are now supported, by transmitting the

data from the server as it arrives, rather than receiving the whole

resource before sending it to the client. This works for both HTTP and

FTP.

HTTP Basic authentication is now supported. (I sure hope people use it,

because it's the most elaborate and convoluted hack of the whole program.)

There's an experimental load-balancing feature. If you set @PROXY_GROUP

to a set of URL's of cooperating proxies, they'll randomly distribute the

load among them. This may help or hinder privacy, and it may have other

uses too. Let me know if you find those uses.

For those who like to mess with the code, there are some neat new internal

mechanisms. Cookies have now been extended to handle multiple tasks (had

to for Basic authentication), and there's a new internally-handled URL

scheme "x-proxy" that lets you plug in whatever magic functionality you

want (had to for Basic authentication).

There is no longer a startproxy.cgi. It was swallowed by the main script.

It was becoming a vanishingly small percentage of the overall code.

More HTML tags are transformed, whichever non-standard tags people

reported to me (thanks!).

A couple of non-standard HTTP headers with URLs are now transformed

correctly.

If you're running on Windows, you can now set a configuration flag, and

CGIProxy will work around a couple problems on that platform.

$SUPPORT_COOKIES has been reversed, and renamed to $REMOVE_COOKIES. This

makes it more analogous to $REMOVE_SCRIPTS, and each have their

@ALLOWED... and @BANNED... server lists.

@BANNED_COOKIE_SERVERS and $NO_COOKIE_WITH_IMAGE have changed slightly--

they now take effect even when $FILTER_ADS isn't set. They're more

associated with the $REMOVE_COOKIES flag now.

The initial URL-entry form may now submit using POST instead of GET,

based on the setting of $USE_POST_ON_START. This is because some

filters apparently search outgoing URIs, but not POST request bodies.

FTP now follows symbolic links correctly, and another FTP bug or two were

fixed.

1.2, released September 11, 1999:

---------------------------------

The internal structure was rearranged in a big way, to support multiple

protocols more cleanly. Previously, HTTP was ingrained throughout; now

it's more modular.

FTP is now supported.

@ALLOWED_COOKIE_SERVERS lets you only accept cookies from certain servers.

@BANNED_COOKIE_SERVERS and @ALLOWED_COOKIE_SERVERS are now lists of Perl

patterns (regular expressions) to match, rather than literal host names.

This lets you allow or forbid whole sets of servers rather than listing

each server individually. For more information on Perl patterns, read the

Perl documentation. nph-proxy.cgi has a note in the user config section

that may help enough.

You can remove scripts from HTML pages by setting $REMOVE_SCRIPTS=1. This

helps with anonymity somewhat by removing some JavaScript (but not all!).

It also removes most popup ads.

The HEAD method is now supported more cleanly.

Rare net_path form of relative URL (i.e. like "//host.com/path/etc") is

now supported, for completeness and safety.

The default lists of cookie and ad servers are a bit better.

1.1, released March 9, 1999:

----------------------------

The whole format of the target URL in PATH_INFO was restructured. It can

be encoded however the user wishes. This gets around PATH_INFO clashes in

various servers, solving most problems regarding server incompatibilities

I've heard about.

Cookies are now optionally supported (but off by default).

Banner ads can be filtered out. Only a simple set of URL patterns are

filtered out by default, but it's easy to add more entries to

@BANNED_IMAGE_URL_PATTERNS.

Cookies from ad servers are filtered out (at least the main ones). Again,

the default list in @BANNED_COOKIE_SERVERS is simple, but you can easily

add more.

Binary files are no longer getting messed up on Windows.

More HTTP headers are fixed to point back through the proxy.

Under some conditions in 1.0, extra processes would hang around for hours

and drag the system. Alex Freed added a timeout to solve this for now. I

can't reproduce the problem, so any info is appreciated. [9-9-1999: It

may be a bug in older Apaches, fixed by upgrading to Apache 1.3.6 or

better. Julian Haight reports the same problem with other scripts on

Apache 1.3.3, but not with Apache 1.3.6.]

Internally: code was cleaned up, URL-parsing was improved, and relative

URL calculation was redone.

1.0, released August 3, 1998:

-----------------------------

Initial release.

========================================================================

Last Modified: May 8, 2012

http://www.jmarshall.com/tools/cgiproxy/

[Wous]

Hmm, niet de makkelijkste proxy om te installeren lijkt mij. Je mag de Readme wel even in een spoiler zetten trouwens; dan wordt de pagina niet zo lang

Ik raad je aan om dit script te gebruiken voor een TPB proxy, heb ik ook gebruikt, zeer makkelijk in gebruik.

[Gast ĐiŝaŝteɍƵaƞƴ]

Wous dat is niet het antwoord op mijn vraag he

[Wous]

Sorry, ik wou je alleen een iets makkelijkere manier aansporen

Zoals ik de Readme lees, moet je gewoon de .cgi openen in je webbrowser, dus dan heb je de volgende link; www.jouwproxy.nl/nph-proxy.cgi, probeer maar eens

[Gast ĐiŝaŝteɍƵaƞƴ]

Ja dan opent hij hem en krijg ik een tekst bestand met daarin een javascript (denk ik) verwerkt te zien.

[Wous]

Een screenshot zou handig zijn

[Gast ĐiŝaŝteɍƵaƞƴ]

Ik hoef geen screenshot te maken hoor want dan zie je vrij weinig

Heb hier ff het bovenste deel van de tekst in het bestand gekopieerd:

#!/usr/bin/perl

#

# CGIProxy 2.1.4

#

# nph-proxy.cgi-- CGIProxy 2.1: a proxy in the form of a CGI script.

# Retrieves the resource at any HTTP or FTP URL, updating embedded URLs

# in HTML and other resources to point back through this script. By

# default, no user info is sent to the server. Options include

# text-only proxying to save bandwidth, cookie filtering, ad filtering,

# script removal, user-defined encoding of the target URL, and more.

# Requires Perl 5.

#

# Copyright © 1996, 1998-2012 by James Marshall, james@jmarshall.com

# All rights reserved. Free for non-commercial use; commercial use

# requires a license.

#

# For the latest, see http://www.jmarshall...tools/cgiproxy/

#

#

# IMPORTANT NOTE ABOUT ANONYMOUS BROWSING:

# CGIProxy was originally made for indirect browsing more than

# anonymity, but since people are using it for anonymity, I've tried

# to make it as anonymous as possible. Suggestions welcome. For best

# anonymity, browse with JavaScript turned off. That said, please notify

# me if you find any privacy holes, even when using JavaScript.

# Anonymity is good, but may not be bulletproof. For example, if even

# a single unchecked JavaScript statement can be run, your anonymity

# can be compromised. I've tried to handle JS in every place it can

# exist, but please tell me if I missed any. Also, browser plugins

# or other executable extensions may be able to reveal you to a server.

# Also, be aware that this script doesn't modify PDF files or other

# third-party document formats that may contain linking ability, so

# you will lose your anonymity if you follow links in such files.

# If you find any other way your anonymity can be compromised, please let

# me know.

#

#

# CONFIGURATION:

#

# None required in most situations. On some servers, these might be

# required (all in the "user configuration" section):

# . If you're using another HTTP or SSL proxy, set $HTTP_PROXY,

# $SSL_PROXY, and $NO_PROXY as needed. If those proxies use

# authentication, set $PROXY_AUTH and $SSL_PROXY_AUTH accordingly.

# . If this is running on an SSL server that doesn't use port 443, set

# $RUNNING_ON_SSL_SERVER=1 (otherwise, the default of '' is fine).

#

# Options include:

# . Set $TEXT_ONLY, $REMOVE_COOKIES, $REMOVE_SCRIPTS, $FILTER_ADS,

# $HIDE_REFERER, and $INSERT_ENTRY_FORM as desired. Set

# $REMOVE_SCRIPTS if anonymity is important.

# . To let the user choose all of those settings (except $TEXT_ONLY),

# set $ALLOW_USER_CONFIG=1.

# . To change the encoding format of the URL, modify the

# proxy_encode() and proxy_decode() routines. The default

# routines are suitable for simple PATH_INFO compliance.

# . To encode cookies, modify the cookie_encode() and cookie_decode()

# routines.

# . You can restrict which servers this proxy will access, with

# @ALLOWED_SERVERS and @BANNED_SERVERS.

# . Similarly, you can specify allowed and denied server lists for

# both cookies and scripts.

# . For security, you can ban access to private IP ranges, with

# @BANNED_NETWORKS.

# . If filtering ads, you can customize this with a few settings.

# . To insert your own block of HTML into each page, set $INSERT_HTML

# or $INSERT_FILE.

# . As a last resort, if you really can't run this script as NPH,

# you can try to run it as non-NPH by setting $NOT_RUNNING_AS_NPH=1.

# BUT, read the notes and warnings above that line. Caveat surfor.

# . For crude load-balancing among a set of proxies, set @PROXY_GROUP.

# . Other config is possible; see the user configuration section.

# . If heavy use of this proxy puts a load on your server, see the

# "NOTES ON PERFORMANCE" section below.

#

# For more info, read the comments regarding any config options you set.

#

# This script MUST be installed as a non-parsed header (NPH) script.

# In Apache and many other servers, this is done by simply starting the

# filename with "nph-". It MAY be possible to fake it as a non-NPH

# script, MOST of the time, by using the $NOT_RUNNING_AS_NPH feature.

# This is not advised. See the comments by that option for warnings.

#

#

# TO USE:

# Start a browsing session by calling the script with no parameters.

# You can bookmark pages you browse to through the proxy, or link to

# the URLs that are generated.

#

#

# NOTES ON PERFORMANCE:

# Unfortunately, this has gotten slower through the versions, mostly

# because of optional new features. Configured equally, version 1.3

# takes 25% longer to run than 1.0 or 1.1 (based on *cough* highly

# abbreviated testing). Compiling takes about 50% longer.

# Leaving $REMOVE_SCRIPTS=1 adds 25-50% to the running time.

# Remember that we're talking about tenths of a second here. Most of

# the delay experienced by the user is from waiting on two network

# connections. These performance issues only matter if your server

# CPU is getting overloaded. Also, these only matter when retrieving

# HTML, because it's the HTML modification that takes all the time.

# If you can, use mod_perl. Starting with version 1.3.1, this should

# work under mod_perl, which requires Perl 5.004 or later. If you use

# mod_perl, be careful to install this as an NPH script, i.e. set the

# "PerlSendHeader Off" configuration directive. For more info, see the

# mod_perl documentation.

# If you use mod_perl and modify this script, see the note near the

# "reset 'a-z'" line below, regarding UPPER_CASE and lower_case

# variables.

#

#

# TO DO:

# What I want to hear about:

# . Any HTML tags not being converted here.

# . Any method of introducing JavaScript or other script, that's not

# being handled here.

# . Any script MIME types other than those already in @SCRIPT_MIME_TYPES.

# . Any MIME types other than text/html that have links that need to

# be converted.

# plug any other script holes (e.g. MSIE-proprietary, other MIME types?)

# This could use cleaner URL-encoding all over ($base_url, etc.)

# more error checking?

# find a simple encryption technique for proxy_encode()

# support more protocols, like mailto: or gopher:

# For ad filtering, add option to disable images from servers other than

# that of the containing HTML page? Is it worth it?

#

#

# BUGS:

# Anonymity may not not perfect. In particular, there may be some remaining

# JavaScript holes. Please let me know if you find any.

# Since ALL of your cookies are sent to this script (which then chooses

# the relevant ones), some cookies could conceivably be dropped if

# you accumulate a whole lot. I haven't seen this happen yet.

#

#

# I first wrote this in 1996 as an experiment to allow indirect browsing.

# The original seed was a program I wrote for Rich Morin's article

# in the June 1996 issue of Unix Review, online at

# http://www.cfcl.com/...P/199606.shtml.

#

# Confession: I didn't originally write this with the spec for HTTP

# proxies in mind, and there are probably some violations of the protocol

# (at least for proxies). This whole thing is one big violation of the

# proxy model anyway, so I hereby rationalize that the spec can be widely

# interpreted here. If there is demand, I can make it more conformant.

# The HTTP client and server components should be fine; it's just the

# special requirements for proxies that may not be followed.

#

#--------------------------------------------------------------------------

use strict ;

use warnings ;

no warnings qw(uninitialized) ; # use defaults all the time

use Socket ;

use Encode ;

use Getopt::Long ;

use Errno qw(EINTR) ;

use Fcntl qw(:flock) ;

use Net::Domain qw(hostfqdn) ;

use POSIX qw(:sys_wait_h setsid);

use Time::HiRes qw(gettimeofday tv_interval) ;

# First block below is config variables, second block is sort-of config

# variables, third block is persistent constants, fourth block is would-be

# persistent constants (not set until needed), fifth block is constants for

# JavaScript processing (mostly regular expressions), and last block is

# variables.

# Removed $RE_JS_STRING_LITERAL to help with Perl's long-literal-string bug,

# but can replace it later if/when that is fixed. Added

# $RE_JS_STRING_LITERAL_START, $RE_JS_STRING_REMAINDER_1, and

# $RE_JS_STRING_REMAINDER_2 as part of the workaround.

use vars qw(

$TEXT_ONLY

$REMOVE_COOKIES $REMOVE_SCRIPTS $FILTER_ADS $HIDE_REFERER

$INSERT_ENTRY_FORM $ALLOW_USER_CONFIG

$ENCODE_DECODE_BLOCK_IN_JS

@ALLOWED_SERVERS @BANNED_SERVERS @BANNED_NETWORKS

$NO_COOKIE_WITH_IMAGE @ALLOWED_COOKIE_SERVERS @BANNED_COOKIE_SERVERS

@ALLOWED_SCRIPT_SERVERS @BANNED_SCRIPT_SERVERS

@BANNED_IMAGE_URL_PATTERNS $RETURN_EMPTY_GIF

$USER_IP_ADDRESS_TEST $DESTINATION_SERVER_TEST

$PROXY_DIR

$INSERT_HTML $INSERT_FILE $ANONYMIZE_INSERTION $FORM_AFTER_INSERTION

$INSERTION_FRAME_HEIGHT

$RUNNING_ON_SSL_SERVER $NOT_RUNNING_AS_NPH

$HTTP_PROXY $SSL_PROXY $NO_PROXY $PROXY_AUTH $SSL_PROXY_AUTH

$MINIMIZE_CACHING

$SESSION_COOKIES_ONLY $COOKIE_PATH_FOLLOWS_SPEC $RESPECT_THREE_DOT_RULE

@PROXY_GROUP

$USER_AGENT $USE_PASSIVE_FTP_MODE $SHOW_FTP_WELCOME

$PROXIFY_SCRIPTS $PROXIFY_SWF $ALLOW_RTMP_PROXY $ALLOW_UNPROXIFIED_SCRIPTS

$PROXIFY_COMMENTS

$USE_POST_ON_START $ENCODE_URL_INPUT

$REMOVE_TITLES $NO_BROWSE_THROUGH_SELF $NO_LINK_TO_START $MAX_REQUEST_SIZE

@TRANSMIT_HTML_IN_PARTS_URLS

$QUIETLY_EXIT_PROXY_SESSION

$OVERRIDE_SECURITY

@SCRIPT_MIME_TYPES @OTHER_TYPES_TO_REGISTER @TYPES_TO_HANDLE

$NON_TEXT_EXTENSIONS

$PROXY_VERSION

@MONTH @WEEKDAY %UN_MONTH

@BANNED_NETWORK_ADDRS

$USER_IP_ADDRESS_TEST_H $DESTINATION_SERVER_TEST_H

$RUNNING_ON_IIS

@NO_PROXY

$NO_CACHE_HEADERS

@ALL_TYPES %MIME_TYPE_ID $SCRIPT_TYPE_REGEX $TYPES_TO_HANDLE_REGEX

$THIS_HOST $ENV_SERVER_PORT $ENV_SCRIPT_NAME $THIS_SCRIPT_URL

$RTMP_SERVER_PORT

%ENV_UNCHANGING $HAS_INITED

$CUSTOM_INSERTION %IN_CUSTOM_INSERTION

$RE_JS_WHITE_SPACE $RE_JS_LINE_TERMINATOR $RE_JS_COMMENT

$RE_JS_IDENTIFIER_START $RE_JS_IDENTIFIER_PART $RE_JS_IDENTIFIER_NAME

$RE_JS_PUNCTUATOR $RE_JS_DIV_PUNCTUATOR

$RE_JS_NUMERIC_LITERAL $RE_JS_ESCAPE_SEQUENCE

$RE_JS_STRING_LITERAL

$RE_JS_STRING_LITERAL_START $RE_JS_STRING_REMAINDER_1 $RE_JS_STRING_REMAINDER_2

$RE_JS_REGULAR_EXPRESSION_LITERAL

$RE_JS_TOKEN $RE_JS_INPUT_ELEMENT_DIV $RE_JS_INPUT_ELEMENT_REG_EXP

$RE_JS_SKIP $RE_JS_SKIP_NO_LT

%RE_JS_SET_TRAPPED_PROPERTIES %RE_JS_SET_RESERVED_WORDS_NON_EXPRESSION

%RE_JS_SET_ALL_PUNCTUATORS

$JSLIB_BODY

$HTTP_VERSION $HTTP_1_X

$URL

$STDIN $STDOUT

$now

$packed_flags $encoded_URL $doing_insert_here $env_accept

$e_remove_cookies $e_remove_scripts $e_filter_ads $e_insert_entry_form

$e_hide_referer

$images_are_banned_here $scripts_are_banned_here $cookies_are_banned_here

$scheme $authority $path $host $port $username $password

$cookie_to_server %auth

$script_url $url_start $url_start_inframe $url_start_noframe

$is_in_frame $expected_type

$base_url $base_scheme $base_host $base_path $base_file $base_unframes

$default_style_type $default_script_type

$status $headers $body $charset $is_html $response_sent

%in_mini_start_form

$needs_jslib $does_write

$swflib $AVM2_BYTECODES

$debug ) ;

#--------------------------------------------------------------------------

# user configuration

#--------------------------------------------------------------------------

# [This isn't used yet (as of 2.1.4), but will be.]

# For certain purposes, CGIProxy may need to create files. This is where

# those will go. For example, use "/home/username/.cgiproxy", where "username"

# is replaced by your username.

# This must be an absolute path to the directory, i.e. a path starting with

# "/" or "\" (possibly after a drive letter and ":" if using Windows).

# Leading drive letters (e.g. for Windows) are allowed.

# The default of "$ENV{HOME}/.cgiproxy", on Unix machines, will use the directory

# ".cgiproxy" under your home directory. If it doesn't work, or if you're not

# using Unix, manually set $PROXY_DIR to an absolute path.

# Note that in Unix/Linux, using a directory on a mounted filesystem (which often

# includes home directories) may prevent that filesystem from being unmounted,

# which may bother your sysadmin. If so, try setting this to something starting

# with "/tmp/", like "/tmp/.yourname/".

# If you get "mkdir" permission errors, create the directory yourself with mkdir.

# You may also need to "chmod 777 directoryname" to make the directory writable

# by the Web server, but note that this makes it readable and writable by

# everybody. You might ask your webmaster if they provide a safe way for CGI

# scripts to read and write files in your directories.

$PROXY_DIR= "$ENV{HOME}/.cgiproxy" ;

# All initialization of unchanging values (except $PROXY_DIR) is now in this routine.

# (Ignore this if you don't know what it means.)

sub init {

# If set, then proxy traffic will be restricted to text data only, to save

# bandwidth (though it can still be circumvented with uuencode, etc.).

# To replace images with a 1x1 transparent GIF, set $RETURN_EMPTY_GIF below.

$TEXT_ONLY= 0 ; # set to 1 to allow only text data, 0 to allow all

# If set, then prevent all cookies from passing through the proxy. To allow

# cookies from some servers, set this to 0 and see @ALLOWED_COOKIE_SERVERS

# and @BANNED_COOKIE_SERVERS below. You can also prevent cookies with

# images by setting $NO_COOKIE_WITH_IMAGE below.

# Note that this only affects cookies from the target server. The proxy

# script sends its own cookies for other reasons too, like to support

# authentication. This flag does not stop these cookies from being sent.

$REMOVE_COOKIES= 0 ;

# If set, then remove as much scripting as possible. If anonymity is

# important, this is strongly recommended! Better yet, turn off script

# support in your browser.

# On the HTTP level:

# . prevent transmission of script MIME types (which only works if the server

# marks them as such, so a malicious server could get around this, but

# then the browser probably wouldn't execute the script).

# . remove Link: headers that link to a resource of a script MIME type.

# Within HTML resources:

# . remove <script>...</script> .

# . remove intrinsic event attributes from tags, i.e. attributes whose names

# begin with "on".

# . remove <style>...</style> where "type" attribute is a script MIME type.

# . remove various HTML tags that appear to link to a script MIME type.

# . remove script macros (aka Netscape-specific "JavaScript entities"),

# i.e. any attributes containing the string "&{" .

# . remove "JavaScript conditional comments".

# . remove MSIE-specific "dynamic properties".

# To allow scripts from some sites but not from others, set this to 0 and

# see @ALLOWED_SCRIPT_SERVERS and @BANNED_SCRIPT_SERVERS below.

# See @SCRIPT_MIME_TYPES below for a list of which MIME types are filtered out.

# I do NOT know for certain that this removes all script content! It removes

# all that I know of, but I don't have a definitive list of places scripts

# can exist. If you do, please send it to me. EVEN RUNNING A SINGLE

# JAVASCRIPT STATEMENT CAN COMPROMISE YOUR ANONYMITY! Just so you know.

# Richard Smith has a good test site for anonymizing proxies, at

# http://users.rcn.com...0/anon/test.htm

# Note that turning this on removes most popup ads!

$REMOVE_SCRIPTS= 0 ;

# If set, then filter out images that match one of @BANNED_IMAGE_URL_PATTERNS,

# below. Also removes cookies attached to images, as if $NO_COOKIE_WITH_IMAGE

# is set.

# To remove most popup advertisements, also set $REMOVE_SCRIPTS=1 above.

$FILTER_ADS= 0 ;

# If set, then don't send a Referer: [sic] header with each request

# (i.e. something that tells the server which page you're coming from

# that linked to it). This is a minor privacy issue, but a few sites

# won't send you pages or images if the Referer: is not what they're

# expecting. If a page is loading without images or a link seems to be

# refused, then try turning this off, and a correct Referer: header will

# be sent.

# This is only a problem in a VERY small percentage of sites, so few that

# I'm kinda hesitant to put this in the entry form. Other arrangements

# have their own problems, though.

$HIDE_REFERER= 0 ;

# If set, insert a compact version of the URL entry form at the top of each

# page. This will also display the URL currently being viewed.

# When viewing a page with frames, then a new top frame is created and the

# insertion goes there.

# If you want to customize the appearance of the form, modify the routine

# mini_start_form() near the end of the script.

# If you want to insert something other than this form, see $INSERT_HTML and

# $INSERT_FILE below.

# Users should realize that options changed via the form only take affect when

# the form is submitted by entering a new URL or pressing the "Go" button.

# Selecting an option, then following a link on the page, will not cause

# the option to take effect.

# Users should also realize that anything inserted into a page may throw

# off any precise layout. The insertion will also be subject to

# background colors and images, and any other page-wide settings.

$INSERT_ENTRY_FORM= 1 ;

# If set, then allow the user to control $REMOVE_COOKIES, $REMOVE_SCRIPTS,

# $FILTER_ADS, $HIDE_REFERER, and $INSERT_ENTRY_FORM. Note that they

# can't fine-tune any related options, such as the various @ALLOWED... and

# @BANNED... lists.

$ALLOW_USER_CONFIG= 1 ;

# If you want to encode the URLs of visited pages so that they don't show

# up within the full URL in your browser bar, then use proxy_encode() and

# proxy_decode(). These are Perl routines that transform the way the

# destination URL is included in the full URL. You can either use

# some combination of the example encodings below, or you can program your

# own routines. The encoded form of URLs should only contain characters

# that are legal in PATH_INFO. This varies by server, but using only

# printable chars and no "?" or "#" works on most servers. Don't let

# PATH_INFO contain the strings "./", "/.", "../", or "/..", or else it

# may get compressed like a pathname somewhere. Try not to make the

# resulting string too long, either.

# Of course, proxy_decode() must exactly undo whatever proxy_encode() does.

# Make proxy_encode() as fast as possible-- it's a bottleneck for the whole

# program. The speed of proxy_decode() is not as important.

# If you're not a Perl programmer, you can use the example encodings that are

# commented out, i.e. the lines beginning with "#". To use them, merely

# uncomment them, i.e. remove the "#" at the start of the line. If you

# uncomment a line in proxy_encode(), you MUST uncomment the corresponding

# line in proxy_decode() (note that "corresponding lines" in

# proxy_decode() are in reverse order of those in proxy_encode()). You

# can use one, two, or all three encodings at the same time, as long as

# the correct lines are uncommented.

# Starting in version 2.1beta9, don't call these functions directly. Rather,

# call wrap_proxy_encode() and wrap_proxy_decode() instead, which handle

# certain details that you shouldn't have to worry about in these functions.

# IMPORTANT: If you modify these routines, and if $PROXIFY_SCRIPTS is set

# below (on by default), then you MUST modify $ENCODE_DECODE_BLOCK_IN_JS

# below!! (You'll need to write corresponding routines in JavaScript to do

# the same as these routines in Perl, used when proxifying JavaScript.)

# Because of the simplified absolute URL resolution in full_url(), there may

# be ".." segments in the default encoding here, notably in the first path

# segment. Normally, that's just an HTML mistake, but please tell me if

# you see any privacy exploit with it.

# Note that a few sites have embedded applications (like applets or Shockwave)

# that expect to access URLs relative to the page's URL. This means they

# may not work if the encoded target URL can't be treated like a base URL,

# e.g. that it can't be appended with something like "../data/foo.data"

# to get that expected data file. In such cases, the default encoding below

# should let these sites work fine, as should any other encoding that can

# support URLs relative to it.

sub proxy_encode {

my($URL)= @_ ;

$URL=~ s#^([\w+.-]+)://#$1/# ; # http://xxx -> http/xxx

# $URL=~ s/(.)/ sprintf('%02x',ord($1)) /ge ; # each char -> 2-hex

# $URL=~ tr/a-zA-Z/n-za-mN-ZA-M/ ; # rot-13

return $URL ;

}

sub proxy_decode {

my($enc_URL)= @_ ;

# $enc_URL=~ tr/a-zA-Z/n-za-mN-ZA-M/ ; # rot-13

# $enc_URL=~ s/([\da-fA-F]{2})/ sprintf("%c",hex($1)) /ge ;

$enc_URL=~ s#^([\w+.-]+)/#$1://# ; # http/xxx -> http://xxx

return $enc_URL ;

}

# Encode cookies before they're sent back to the user.

# The return value must only contain characters that are legal in cookie

# names and values, i.e. only printable characters, and no ";", ",", "=",

# or white space.

# cookie_encode() is called twice for each cookie: once to encode the cookie

# name, and once to encode the cookie value. The two are then joined with

# "=" and sent to the user.

# cookie_decode() must exactly undo whatever cookie_encode() does.

# Also, cookie_encode() must always encode a given input string into the

# same output string. This is because browsers need the cookie name to

# identify and manage a cookie, so the name must be consistent.

# This is not a bottleneck like proxy_encode() is, so speed is not critical.

# IMPORTANT: If you modify these routines, and if $PROXIFY_SCRIPTS is set

# below (on by default), then you MUST modify $ENCODE_DECODE_BLOCK_IN_JS

# below!! (You'll need to write corresponding routines in JavaScript to do

# the same as these routines in Perl, used when proxifying JavaScript.)

sub cookie_encode {

my($cookie)= @_ ;

# $cookie=~ s/(.)/ sprintf('%02x',ord($1)) /ge ; # each char -> 2-hex

# $cookie=~ tr/a-zA-Z/n-za-mN-ZA-M/ ; # rot-13

$cookie=~ s/(\W)/ '%' . sprintf('%02x',ord($1)) /ge ; # simple URL-encoding

return $cookie ;

}

sub cookie_decode {

my($enc_cookie)= @_ ;

$enc_cookie=~ s/%([\da-fA-F]{2})/ pack('C', hex($1)) /ge ; # URL-decode

# $enc_cookie=~ tr/a-zA-Z/n-za-mN-ZA-M/ ; # rot-13

# $enc_cookie=~ s/([\da-fA-F]{2})/ sprintf("%c",hex($1)) /ge ;

return $enc_cookie ;

}

# If $PROXIFY_SCRIPTS is true, and if you modify the routines above that

# encode cookies and URLs, then you need to modify $ENCODE_DECODE_BLOCK_IN_JS

# here. Explanation: When proxifying JavaScript, a library of JavaScript

# functions is used. In that library are a few JavaScript routines that do

# the same as their Perl counterparts in this script. Four of those routines

# are proxy_encode(), proxy_decode(), cookie_encode(), and cookie_decode().

# Thus, unfortunately, when you write your own versions of those Perl routines

# (or modify what's already there), you also need to write (or modify) these

# corresponding JavaScript routines to do the same thing. Put the routines in

# this long variable $ENCODE_DECODE_BLOCK_IN_JS, and it will be included in

# the JavaScript library when needed. Prefix the function names with

# "_proxy_jslib_", as below.

# The commented examples in the JavaScript routines below correspond exactly to

# the commented examples in the Perl routines above. Thus, if you modify the

# Perl routines by merely uncommenting the examples, you can do the same in

# these JavaScript routines. (JavaScript comments begin with "//".)

# [if you don't know Perl: Note that everything up until the line "EOB" is one

# long string value, called a "here document". $ENCODE_DECODE_BLOCK_IN_JS is

# set to the whole thing.]

$ENCODE_DECODE_BLOCK_IN_JS= <<'EOB' ;

function _proxy_jslib_proxy_encode(URL) {

URL= URL.replace(/^([\w\+\.\-]+)\:\/\//, '$1/') ;

// URL= URL.replace(/(.)/g, function (s,p1) { return p1.charCodeAt(0).toString(16) } ) ;

// URL= URL.replace(/([a-mA-M])|[n-zN-Z]/g, function (s,p1) { return String.fromCharCode(s.charCodeAt(0)+(p1?13:-13)) }) ;

return URL ;

}

function _proxy_jslib_proxy_decode(enc_URL) {

// enc_URL= enc_URL.replace(/([a-mA-M])|[n-zN-Z]/g, function (s,p1) { return String.fromCharCode(s.charCodeAt(0)+(p1?13:-13)) }) ;

// enc_URL= enc_URL.replace(/([\da-fA-F]{2})/g, function (s,p1) { return String.fromCharCode(eval('0x'+p1)) } ) ;

enc_URL= enc_URL.replace(/^([\w\+\.\-]+)\//, '$1://') ;

return enc_URL ;

}

function _proxy_jslib_cookie_encode(cookie) {

// cookie= cookie.replace(/(.)/g, function (s,p1) { return p1.charCodeAt(0).toString(16) } ) ;

// cookie= cookie.replace(/([a-mA-M])|[n-zN-Z]/g, function (s,p1) { return String.fromCharCode(s.charCodeAt(0)+(p1?13:-13)) }) ;

cookie= cookie.replace(/(\W)/g, function (s,p1) { return '%'+p1.charCodeAt(0).toString(16) } ) ;

return cookie ;

}

function _proxy_jslib_cookie_decode(enc_cookie) {

enc_cookie= enc_cookie.replace(/%([\da-fA-F]{2})/g, function (s,p1) { return String.fromCharCode(eval('0x'+p1)) } ) ;

// enc_cookie= enc_cookie.replace(/([a-mA-M])|[n-zN-Z]/g, function (s,p1) { return String.fromCharCode(s.charCodeAt(0)+(p1?13:-13)) }) ;

// enc_cookie= enc_cookie.replace(/([\da-fA-F]{2})/g, function (s,p1) { return String.fromCharCode(eval('0x'+p1)) } ) ;

return enc_cookie ;

}

EOB

# Use @ALLOWED_SERVERS and @BANNED_SERVERS to restrict which servers a user

# can visit through this proxy. Any URL at a host matching a pattern in

# @BANNED_SERVERS will be forbidden. In addition, if @ALLOWED_SERVERS is

# not empty, then access is allowed *only* to servers that match a pattern

# in it. In other words, @BANNED_SERVERS means "ban these servers", and

# @ALLOWED_SERVERS (if not empty) means "allow only these servers". If a

# server matches both lists, it is banned.

# These are each a list of Perl 5 regular expressions (aka patterns or

# regexes), not literal host names. To turn a hostname into a pattern,

# replace every "." with "\.", add "^" to the beginning, and add "$" to the

# end. For example, 'www.example.com' becomes '^www\.example\.com$'. To

# match *every* host ending in something, leave out the "^". For example,

# '\.example\.com$' matches every host ending in ".example.com". For more

# details about Perl regular expressions, see the Perl documentation. (They

# may seem cryptic at first, but they're very powerful once you know how to

# use them.)

# Note: Use single quotes around each pattern, not double qoutes, unless you

# understand the difference between the two in Perl. Otherwise, characters

# like "$" and "\" may not be handled the way you expect.

@ALLOWED_SERVERS= () ;

@BANNED_SERVERS= () ;

# If @BANNED_NETWORKS is set, then forbid access to these hosts or networks.

# This is done by IP address, not name, so it provides more certain security

# than @BANNED_SERVERS above.

# Specify each element as a decimal IP address-- all four integers for a host,

# or one to three integers for a network. For example, '127.0.0.1' bans

# access to the local host, and '192.168' bans access to all IP addresses

# in the 192.168 network. Sorry, no banning yet for subnets other than

# 8, 16, or 24 bits.

# IF YOU'RE RUNNING THIS ON OR INSIDE A FIREWALL, THIS SETTING IS STRONGLY

# RECOMMENDED!! In particular, you should ban access to other machines

# inside the firewall that the firewall machine itself may have access to.

# Otherwise, external users will be able to access any internal hosts that

# the firewall can access. Even if that's what you intend, you should ban

# access to any hosts that you don't explicitly want to expose to outside

# users.

# In addition to the recommended defaults below, add all IP addresses of your

# server machine if you want to protect it like this.

# After you set this, YOU SHOULD TEST to verify that the proxy can't access

# the IP addresses you're banning!

# NOTE: According to RFC 1918, network address ranges reserved for private

# networks are 10.x.x.x, 192.168.x.x, and 172.16.x.x-172.31.x.x, i.e. with

# respective subnet masks of 8, 16, and 12 bits. Since we can't currently

# do a 12-bit mask, we'll exclude the entire 172 network here. If this

# causes a problem, let me know and I'll add subnet masks down to 1-bit

# resolution.

# Also included are 169.254.x.x (per RFC 3927) and 244.0.0.x (used for

# routing), as recommended by Waldo Jaquith.

# On some systems, 127.x.x.x all point to localhost, so disallow all of "127".

# This feature is simple now but may be more complete in future releases.

# How would you like this to be extended? What would be useful to you?

@BANNED_NETWORKS= ('127', '192.168', '172', '10', '169.254', '244.0.0') ;

# Settings to fine-tune cookie filtering, if cookies are not banned altogether

# (by user checkbox or $REMOVE_COOKIES above).

# Use @ALLOWED_COOKIE_SERVERS and @BANNED_COOKIE_SERVERS to restrict which

# servers can send cookies through this proxy. They work like

# @ALLOWED_SERVERS and @BANNED_SERVERS above, both in how their precedence

# works, and that they're lists of Perl 5 regular expressions. See the

# comments there for details.

# If non-empty, only allow cookies from servers matching one of these patterns.

# Comment this out to allow all cookies (subject to @BANNED_COOKIE_SERVERS).

#@ALLOWED_COOKIE_SERVERS= ('\bslashdot\.org$') ;

# Reject cookies from servers matching these patterns.

@BANNED_COOKIE_SERVERS= (

'\.doubleclick\.net$',

'\.preferences\.com$',

'\.imgis\.com$',

'\.adforce\.com$',

'\.focalink\.com$',

'\.flycast\.com$',

'\.avenuea\.com$',

'\.linkexchange\.com$',

'\.pathfinder\.com$',

'\.burstnet\.com$',

'\btripod\.com$',

'\bgeocities\.yahoo\.com$',

'\.mediaplex\.com$',

) ;

# Set this to reject cookies returned with images. This actually prevents

# cookies returned with any non-text resource.

# This helps prevent tracking by ad networks, but there are also some

# legitimate uses of attaching cookies to images, such as captcha, so

# by default this is off.

$NO_COOKIE_WITH_IMAGE= 0 ;

# Settings to fine-tune script filtering, if scripts are not banned altogether

# (by user checkbox or $REMOVE_SCRIPTS above).

# Use @ALLOWED_SCRIPT_SERVERS and @BANNED_SCRIPT_SERVERS to restrict which

# servers you'll allow scripts from. They work like @ALLOWED_SERVERS and

# @BANNED_SERVERS above, both in how their precedence works, and that

# they're lists of Perl 5 regular expressions. See the comments there for

# details.

@ALLOWED_SCRIPT_SERVERS= () ;

@BANNED_SCRIPT_SERVERS= () ;

# Various options to help filter ads and stop cookie-based privacy invasion.

# These are only effective if $FILTER_ADS is set above.

# @BANNED_IMAGE_URL_PATTERNS uses Perl patterns. If an image's URL

# matches one of the patterns, it will not be downloaded (typically for

# ad-filtering). For more information on Perl regular expressions, see

# the Perl documentation.

# Note that most popup ads will be removed if scripts are removed (see

# $REMOVE_SCRIPTS above).

# If ad-filtering is your primary motive, consider using one of the many

# proxies that specialize in that. The classic is from JunkBusters, at

# http://www.junkbusters.com .

# Reject images whose URL matches any of these patterns. This is just a

# sample list; add more depending on which sites you visit.

@BANNED_IMAGE_URL_PATTERNS= (

'ad\.doubleclick\.net/ad/',

'\b[a-z](\d+)?\.doubleclick\.net(:\d*)?/',

'\.imgis\.com\b',

'\.adforce\.com\b',

'\.avenuea\.com\b',

'\.go\.com(:\d*)?/ad/',

'\.eimg\.com\b',

'\bexcite\.netscape\.com(:\d*)?/.*/promo/',

'/excitenetscapepromos/',

'\.yimg\.com(:\d*)?.*/promo/',

'\bus\.yimg\.com/[a-z]/(\w\w)/\1',

'\bus\.yimg\.com/[a-z]/\d-/',

'\bpromotions\.yahoo\.com(:\d*)?/promotions/',

'\bcnn\.com(:\d*)?/ads/',

'ads\.msn\.com\b',

'\blinkexchange\.com\b',

'\badknowledge\.com\b',

'/SmartBanner/',

'\bdeja\.com/ads/',

'\bimage\.pathfinder\.com/sponsors',

'ads\.tripod\.com',

'ar\.atwola\.com/image/',

'\brealcities\.com/ads/',

'\bnytimes\.com/ad[sx]/',

'\busatoday\.com/sponsors/',

'\busatoday\.com/RealMedia/ads/',

'\bmsads\.net/ads/',

'\bmediaplex\.com/ads/',

'\batdmt\.com/[a-z]/',

'\bview\.atdmt\.com/',

'\bADSAdClient31\.dll\b',

) ;

# If set, replace banned images with 1x1 transparent GIF. This also replaces

# all images with the same if $TEXT_ONLY is set.

# Note that setting this makes the response a little slower, since the browser

# must still retrieve the empty GIF.

$RETURN_EMPTY_GIF= 0 ;

# To use an external program to decide whether or not a user at a given IP

# address may use this proxy (as opposed to using server configuration), set

# $USER_IP_ADDRESS_TEST to either the name of a command-line program that

# performs this test, or a queryable URL that performs this test (e.g. a CGI

# script).

# For a command-line program: The program should take a single argument, the

# IP address of the user. The output of the program is evaluated as a

# number, and if the number is non-zero then the IP address of the user is

# allowed; thus, the output is typically either "1" or "0". Note that

# depending on $ENV{PATH}, you may need to enter the path here explicitly.

# For a queryable URL: Specify the start of the URL here (must begin with

# "http://"), and the user's IP address will be appended. For example, the

# value here may contain a "?", thus putting the IP address in the

# QUERY_STRING; it could also be in PATH_INFO. The response body from the

# URL should be a number like for a command line program, above.

$USER_IP_ADDRESS_TEST= '' ;

# To use an external program to decide whether or not a destination server is

# allowed (as opposed to using @ALLOWED_SERVERS and @BANNED_SERVERS above),

# set $DESTINATION_SERVER_TEST to either the name of a command-line program

# that performs this test, or a queryable URL that performs this test (e.g. a

# CGI script).

# For a command-line program: The program should take a single argument, the

# destination server's name or IP address (depending on how the user enters

# it). The output of the program is evaluated as a number, and if the number

# is non-zero then the destination server is allowed; thus, the output is

# typically either "1" or "0". Note that depending on $ENV{PATH}, you may

# need to enter the path here explicitly.

# For a queryable URL: Specify the start of the URL here (must begin with

# "http://"), and the destination server's name or IP address will be

# appended. For example, the value here may contain a "?", thus putting the

# name or address in the QUERY_STRING; it could also be in PATH_INFO. The

# response body from the URL should be a number like for a command line

# program, above.

$DESTINATION_SERVER_TEST= '' ;

# If either $INSERT_HTML or $INSERT_FILE is set, then that HTML text or the

# contents of that named file (respectively) will be inserted into any HTML

# page retrieved through this proxy. $INSERT_HTML takes precedence over

# $INSERT_FILE.

# When viewing a page with frames, a new top frame is created and the

# insertions go there.

# NOTE: Any HTML you insert should not have relative URLs in it! The problem

# is that there is no appropriate base URL to resolve them with. So only use

# absolute URLs in your insertion. (If you use relative URLs anyway, then

# a) if $ANONYMIZE_INSERTION is set, they'll be resolved relative to this

# script's URL, which isn't great, or if $ANONYMIZE_INSERTION==0,

# they'll be unchanged and the browser will simply resolve them relative

# to the current page, which is usually worse.)

# The frame handling means that it's fairly easy for a surfer to bypass this

# insertion, by pretending in effect to be in a frame. There's not much we

# can do about that, since a page is retrieved the same way regardless of

# whether it's in a frame. This script uses a parameter in the URL to

# communicate to itself between calls, but the user can merely change that

# URL to make the script think it's retrieving a page for a frame. Also,

# many browsers let the user expand a frame's contents into a full window.

# [The warning in earlier versions about setting $INSERT_HTML to '' when using

# mod_perl and $INSERT_FILE no longer applies. It's all handled elsewhere.]

# As with $INSERT_ENTRY_FORM, note that any insertion may throw off any

# precise layout, and the insertion is subject to background colors and

# other page-wide settings.

#$INSERT_HTML= "<h1>This is an inserted header</h1><hr>" ;

#$INSERT_FILE= 'insert_file_name' ;

# If your insertion has links that you want anonymized along with the rest

# of the downloaded HTML, then set this to 1. Otherwise leave it at 0.

$ANONYMIZE_INSERTION= 0 ;

# If there's both a URL entry form and an insertion via $INSERT_HTML or

# $INSERT_FILE on the same page, the entry form normally goes at the top.

# Set this to put it after the other insertion.

$FORM_AFTER_INSERTION= 0 ;

# If the insertion is put in a top frame, then this is how many pixels high

# the frame is. If the default of 80 or 50 pixels is too big or too small

# for your insertion, change this. You can use percentage of screen height

# if you prefer, e.g. "20%". (Unfortunately, you can't just tell the

# browser to "make it as high as it needs to be", but at least the frame

# will be resizable by the user.)

# This affects insertions by $INSERT_ENTRY_FORM, $INSERT_HTML, and $INSERT_FILE.

# The default here usually works for the inserted entry form, which varies in

# size depending on $ALLOW_USER_CONFIG. It also varies by browser.

$INSERTION_FRAME_HEIGHT= $ALLOW_USER_CONFIG ? 80 : 50 ;

# Set this to 1 if the script is running on an SSL server, i.e. it is

# accessed through a URL starting with "https:"; set this to 0 if it's not

# running on an SSL server. This is needed to know how to route URLs back

# through the proxy. Regrettably, standard CGI does not yet provide a way

# for scripts to determine this without help.

# If this variable is set to '' or left undefined, then the program will

# guess: SSL is assumed if and only if SERVER_PORT is 443. This fails

# if SSL is used on another port, or (less commonly) a non-SSL server uses

# port 443, but usually it works. Besides being a good default, it lets

# you install the script where both a secure server and a non-secure server

# will serve it, and it will work correctly through either server.

# This has nothing to do with retrieving pages that are on SSL servers.

$RUNNING_ON_SSL_SERVER= '' ;

# If your server doesn't support NPH scripts, then set this variable to true

# and try running the script as a normal non-NPH script. HOWEVER, this

# won't work as well as running it as NPH; there may be bugs, maybe some

# privacy holes, and results may not be consistent. It's a hack.

# Try to install the script as NPH before you use this option, because

# this may not work. NPH is supported on almost all servers, and it's

# usually very easy to install a script as NPH (on Apache, for example,

# you just need to name the script something starting with "nph-").

# One example of a problem is that Location: headers may get messed up,

# because they mean different things in an NPH and a non-NPH script.

# You have been warned.

# For this to work, your server MUST support the "Status:" CGI response

# header.

$NOT_RUNNING_AS_NPH= 0 ;

# Set HTTP and SSL proxies if needed. Also see $USE_PASSIVE_FTP_MODE below.

# The format of the first two variables is "host:port", with the port being

# optional. The format of $NO_PROXY is a comma-separated list of hostnames

# or domains: any request for a hostname that ends in one of the strings in

# $NO_PROXY will not use the HTTP or SSL proxy; e.g. use ".mycompany.com" to

# avoid using the proxies to access any host in the mycompany.com domain.

# The environment variables in the examples below are appropriate defaults,

# if they are available. Note that earlier versions of this script used

# the environment variables directly, instead of the $HTTP_PROXY and

# $NO_PROXY variables we use now.

# Sometimes you can use the same proxy (like Squid) for both SSL and normal

# HTTP, in which case $HTTP_PROXY and $SSL_PROXY will be the same.

# $NO_PROXY applies to both SSL and normal HTTP proxying, which is usually

# appropriate. If there's demand to differentiate those, it wouldn't be

# hard to make a separate $SSL_NO_PROXY option.

#$HTTP_PROXY= $ENV{'http_proxy'} ;

#$SSL_PROXY= 'firewall.example.com:3128' ;

#$NO_PROXY= $ENV{'no_proxy'} ;

# If your HTTP and SSL proxies require authentication, this script supports

# that in a limited way: you can have a single username/password pair per

# proxy to authenticate with, regardless of realm. In other words, multiple

# realms aren't supported for proxy authentication (though they are for

# normal server authentication, elsewhere).

# Set $PROXY_AUTH and $SSL_PROXY_AUTH either in the form of "username:password",

# or to the actual base64 string that gets sent in the Proxy-Authorization:

# header. Often the two variables will be the same, when the same proxy is

# used for both SSL and normal HTTP.

#$PROXY_AUTH= 'Aladdin:open sesame' ;

#$SSL_PROXY_AUTH= $PROXY_AUTH ;

# Here's an experimental feature that may or may not be useful. It's trivial

# to add, so I added it. It was inspired in part by Mike Reiter's and Avi

# Rubin's "Crowds", at http://www.research....rojects/crowds/ .

# Let me know if you find a use for it.

# The idea is that you have a number of mutually-trusting, cooperating

# proxies that you list in @PROXY_GROUP(). If that is set, then instead

# of rerouting all URLs back through this proxy, the script will choose

# one of these proxies at random to reroute all URLs through, for each

# run. This could be used to balance the load among several proxies, for

# example. Under certain conditions it could conceivably help privacy by

# making it harder to track a user's session, but under certain other

# conditions it could make it easier, depending on how many people,

# proxies, and proxy servers are involved. For each page, both its

# included images and followed links will go through the same proxy, so a

# clever target server could determine which proxy servers are in each

# group.

# proxy_encode() and proxy_decode() must be the same for all proxies in the

# group. Same goes for pack_flags() and unpack_flags() if you modified them,

# and probably certain other routines and configuration options.

# Cookies and Basic authentication can't be supported with this, sorry, since

# cookies can only be sent back to the proxy that created them.

# Set this to a list of absolute URLs of proxies, ending with "nph-proxy.cgi"

# (or whatever you named the script). Be sure to include the URL of this

# proxy, or it will never redirect back through here. Each proxy in the

# group should have the same @PROXY_GROUP.

# Alternately, you could set each proxy's @PROXY_GROUP differently for more

# creative configuration, such as to balance the load unevenly, or to send

# users through a "round-robin" cycle of proxies.

#@PROXY_GROUP= ('http://www.example.com/~grommit/proxy/nph-proxy.cgi',

# 'http://www.fnord.mil/langley/bavaria/atlantis/nph-proxy.cgi',

# 'http://www.nothinghere.gov/No/Such/Agency/nph-proxy.cgi',

# ) ;

# Normally, your browser stores all pages you download in your computer's

# hard drive and memory, in the "cache". This saves a lot of time and

# bandwidth the next time you view the page (especially with images, which

# are bigger and may be shared among several pages). However, in some

# situations you may not want the pages you've visited to be stored. If

# $MINIMIZE_CACHING is set, then this proxy will try its best to prevent any

# caching of anything retrieved through it.

# NOTE: This cannot guarantee that no caching will happen. All we can do is

# instruct the browser not to cache anything. A faulty or malicious browser

# could cache things anyway if it chose to.

# NOTE: This has nothing to do with your browser's "history list", which may

# also store a list of URLs you've visited.

# NOTE: If you use this, you will use a lot more bandwidth than without it,

# and pages will seemingly load slower, because if a browser can't cache

# anything locally then it has to load everything across the network every

# time it needs something.

$MINIMIZE_CACHING= 0 ;

# Normally, each cookie includes an expiration time/date, and the cookie stays

# in effect until then, even after you exit your browser and restart it

# (which normally means the cookie is stored on the hard drive). Any cookie

# that has no explicit expiration date is a "session cookie", and stays in

# effect only as long as the browser is running, and presumably is forgotten

# after that. If you set $SESSION_COOKIES_ONLY=1, then *all* cookies that

# pass through this proxy will be changed to session cookies. This is useful

# at a public terminal, or wherever you don't want your cookies to remain

# after you exit the browser.

# NOTE: The clock on the server where this runs must be correct for this

# option to work right! It doesn't have to be exact, but don't have it off

# by hours or anything like that. The problem is that we must not alter any

# cookies set to expire in the past, because that's how sites delete cookies.

# If a cookie is being deleted, we DON'T want to turn it into a session

# cookie. So this script will not alter any cookies set to expire before the

# current time according to the system clock.

$SESSION_COOKIES_ONLY= 0 ;

# Cookies have a URL path associated with them; it determines which URLs on a

# server will receive the cookie in requests. If the path is not specified

# when the cookie is created, then the path is supposed to default to the

# path of the URL that the cookie was retrieved with, according to the

# cookie specification from Netscape. Unfortunately, most browsers seem

# to ignore the spec and instead give cookies a default path of "/", i.e.

# "send this cookie with all requests to this server". So, *sigh*, this

# script uses "/" as the default path also. If you want this script to

# follow the specification instead, then set this variable to true.

$COOKIE_PATH_FOLLOWS_SPEC= 0 ;

# Technically, cookies must have a domain containing at least two dots if the

# TLD is one of the main non-national TLD's (.com, .net, etc.), and three

# dots otherwise. This is to prevent malicious servers from setting cookies

# for e.g. the entire ".co.uk" domain. Unfortunately, this prescribed

# behavior does not accommodate domains like ".google.de". Thus, browsers

# seem to not require three dots, and thus, this script will do the same by

# default. Set $RESPECT_THREE_DOT_RULE if you want the strictly correct

# behavior instead.

$RESPECT_THREE_DOT_RULE= 0 ;

# Set $USER_AGENT to something generic like this if you want to be extra

# careful. Conceivably, revealing which browser you're using may be a

# slight privacy or security risk.

# However, note that some URLs serve different pages depending on which

# browser you're using, so some pages will change if you set this.

# This defaults to the user's HTTP_USER_AGENT.

#$USER_AGENT= 'Mozilla/4.05 [en] (X11; I; Linux 2.0.34 i586)' ;

# FTP transfers can happen in either passive or non-passive mode. Passive

# mode works better if the client (this script) is behind a firewall. Some

# people consider passive mode to be more secure, too. But in certain

# network configurations, if this script has trouble connecting to FTP

# servers, you can turn this off to try non-passive mode.

# See http://cr.yp.to/ftp/security.html for a discussion of security issues

# regarding passive and non-passive FTP.

$USE_PASSIVE_FTP_MODE= 1 ;

# Unlike a normal browser which can keep an FTP session open between requests,

# this script must make a new connection with each request. Thus, the

# FTP welcome message (e.g. the README file) will be received every time;

# there's no way for this script to know if you've been here before. Set

# $SHOW_FTP_WELCOME to true to always show the welcome message, or false

# to never show it.

$SHOW_FTP_WELCOME= 1 ;

# If set, then modify script content (like JavaScript) as well as possible

# such that network accesses go through this proxy script. If not set, then

# allow script content to pass unmodified, assuming it's not being removed.

# Currently, JavaScript is the only script content that's proxified.

# If this is set, and if you modify proxy_encode() and proxy_decode(), then

# you MUST modify the JavaScript routines in $ENCODE_DECODE_BLOCK_IN_JS also.

# NOTE: This proxification of script content may not be perfect. It's pretty

# good, but it may be possible to construct malicious JavaScript that reveals

# your identity to the server. The purpose of this feature is more to allow

# scripts to function through the proxy, than to provide bulletproof

# anonymity.

# The best advice remains: FOR BEST ANONYMITY, BROWSE WITH SCRIPTS TURNED OFF.

$PROXIFY_SCRIPTS= 1 ;

# If set, then modify ShockWave Flash resources as well as possible such that

# network accesses go through this proxy script. If not set, then allow

# SWF resources to pass unmodified.

# NOTE: This is still experimental, and the modified SWF apps are sometimes

# much slower than the unproxified SWF apps. If this is turned on, then

# Web pages with SWF may run much more slowly and possibly bog down

# your browser, even if the rest of the page is fast. Remember that SWF

# apps are pretty common in ads and other places in the page that we tend

# to ignore.

$PROXIFY_SWF= 1 ;

# To support video in Flash 9+, this program spawns a specialized RTMP proxy

# daemon that listens on a port (1935 if possible) and dies after 10 minutes

# of no connections. This is useful, but some sysadmins may not like it.

# If you want to prevent the daemon, set $ALLOW_RTMP_PROXY=0 . Note that

# Flash 9+ video won't always work if you do so.

# As of release 2.1, the RTMP proxy isn't used yet, so turn it off.

$ALLOW_RTMP_PROXY= 0 ;

# Though JavaScript is by far the most common kind of script, there are other

# kinds too, such as Microsoft's VBScript. This program proxifies JavaScript

# content, but not other script content, which means those other scripts

# could open privacy holes. Thus, the default behavior of this program is

# to remove those other scripts. Set this variable to true if you'd rather

# let those scripts through.

# How this works with $REMOVE_SCRIPTS and the "remove scripts" user checkbox:

# If $ALLOW_UNPROXIFIED_SCRIPTS is false, then unsupported scripts will

# always be removed. If it is true, then it is subject to those other

# settings, just like supported script types are.

# For now, this also controls whether unproxified SWF (Flash) apps are allowed

# through the proxy. This means that by default, SWF apps are removed

# from pages. This is the safest, but may leave some pages looking

# incomplete. If you want to display SWF apps, then you need to set either

# $PROXIFY_SWF or $ALLOW_UNPROXIFIED_SCRIPTS . This arrangement can change

# if there is demand.

$ALLOW_UNPROXIFIED_SCRIPTS= 0 ;

# Comments may contain HTML in them, which shouldn't be rendered but may be

# relevant in some other way. Set this flag if you want the contents of

# comments to be proxified like the rest of the page, i.e. proxify URLs,

# stylesheets, scripts, etc.

$PROXIFY_COMMENTS= 0 ;

# Apparently, some censoring filters search outgoing request URIs, but not

# POST request bodies. Set this to make the initial input form submit

# using POST instead of GET.

$USE_POST_ON_START= 1 ;

# If this is set, then the URL the user enters in the start form or the top

# form will be encoded by _proxy_jslib_proxy_encode() before it's submitted.

# This can keep the URL the user visits private.

# Note that if you set this, you need to modify proxy_encode() above (along

# with proxy_decode() and the two analogous JavaScript routines) if you

# want the URL to actually be encoded to something non-obvious.

$ENCODE_URL_INPUT= 1 ;

# Apparently, some censoring filters look at titles on HTML pages. Set this

# to remove HTML page titles.

# Note that this does NOT remove titles that are generated by script content,

# since those would have no effect on a filter.

$REMOVE_TITLES= 0 ;

# If set, this option prevents a user from calling the proxy through the

# proxy itself, i.e. looping. It's normally a mistake on the user's part,

# and a waste of resources.

# This isn't foolproof; it just catches the obvious mistakes. It's probably

# pretty easy for a malicious user to make the script call itself, or s/he

# can always use two proxies to call each other in a loop. This doesn't

# account for IP addresses or multiple hostnames for the same server.

$NO_BROWSE_THROUGH_SELF= 0 ;

# Set this to leave out the "Restart" link at the bottom of error pages, etc.

# In some situations this could make it harder for search engines to find the

# start page.

$NO_LINK_TO_START= 0 ;

# For the obscure case when a POST must be repeated because of user

# authentication, this is the max size of the request body that this

# script will store locally. If CONTENT_LENGTH is bigger than this,

# the body's not saved at all-- the first POST will be correct, but

# the second will not happen at all (since a partial POST is worse than

# nothing).

$MAX_REQUEST_SIZE= 4194304 ; # that's 4 Meg to you and me

# When handling HTML resources, CGIProxy downloads the entire resource before

# modifying it and returning it to the client. However, some operations

# (such as time-intensive queries) return the first part of a page while

# still generating the last part. On such pages, the user might like to

# see that first part without waiting for the entire response, which they

# would normally have to do when using CGIProxy. So, if this option is set,

# then CGIProxy will return proxified HTML parts as soon as it receives them

# from the server. This is less efficient; for example, it means that every

# page will have the JavaScript library inserted, even if it's not needed

# (though that wouldn't be too bad since the library is normally cached

# anyway). So, we want to do this only for certain pages and not for all.

# Thus, set this to a list of patterns that match URLs you want to handle

# this way. The patterns work like @ALLOWED_SERVERS and @BANNED_SERVERS

# above, in that they're lists of Perl 5 regular expressions. See the

# comments there for details.

# The sample webfeat.org pattern is appropriate for libraries who use the

# WebFeat service.

#@TRANSMIT_HTML_IN_PARTS_URLS= (

# '^https?://search3\.webfeat\.org/cgi-bin/WebFeat\.dll',

# ) ;

# Normally, if a user tries to access a banned server or use an unsupported

# scheme (protocol), this script will alert the user with a warning page, and

# either allow the user to click through to the URL unprotected (i.e. without

# using the proxy), or ban access altogether. However, in some VPN-like

# installations, it may more desirable to let users follow links from

# protected pages (e.g. within an intranet) that lead to unprotected,

# unproxified pages (e.g. pages outside of the intranet), with no breaks in

# the browsing experience. (This example assumes the proxy owner intends it

# to be used for browsing only the intranet and not the Internet at large.)

# Set $QUIETLY_EXIT_PROXY_SESSION to skip any warning message and let the

# user surf directly to unproxified pages from proxified pages. Note that

# this somewhat changes the meaning of @ALLOWED_SERVERS and @BANNED_SERVERS--

# they're not allowed or banned per se, it's just whether this proxy is

# willing to handle their traffic. @BANNED_NETWORKS is unaffected, however,

# since the IP ranges it contains often make no sense outside of the LAN.

# WARNING: DO *NOT* SET THIS FLAG IF ANONYMITY IS IMPORTANT AT ALL!!! IT IS

# NOT MEANT FOR THAT KIND OF INSTALLATION. IF THIS IS SET, THEN USERS WILL

# SURF INTO UNPROXIFIED, UNANONYMIZED PAGES WITH NO WARNING, AND THEIR

# PRIVACY WILL BE COMPROMISED; THEY MAY NOT EVEN NOTICE FOR A LONG TIME.

# THIS IS EXACTLY WHAT ANONYMIZING PROXIES ARE CREATED TO AVOID.

$QUIETLY_EXIT_PROXY_SESSION= 0 ;

# WARNING:

# EXCEPT UNDER RARE CIRCUMSTANCES, ANY PROXY WHICH HANDLES SSL REQUESTS

# SHOULD *ONLY* RUN ON AN SSL SERVER!!! OTHERWISE, YOU'RE RETRIEVING

# PROTECTED PAGES BUT SENDING THEM BACK TO THE USER UNPROTECTED. THIS

# COULD EXPOSE ANY INFORMATION IN THOSE PAGES, OR ANY INFORMATION THE

# USER SUBMITS TO A SECURE SERVER. THIS COULD HAVE SERIOUS CONSEQUENCES,

# EVEN LEGAL CONSEQUENCES. IT UNDERMINES THE WHOLE PURPOSE OF SECURE

# SERVERS.

# THE *ONLY* EXCEPTION IS WHEN YOU HAVE *COMPLETE* TRUST OF THE LINK

# BETWEEN THE BROWSER AND THE SERVER THAT RUNS THE SSL-HANDLING PROXY,

# SUCH AS ON A CLOSED LAN, OR IF THE PROXY RUNS ON THE SAME MACHINE AS

# THE BROWSER.

# IF YOU ARE ABSOLUTELY SURE THAT YOU TRUST THE USER-TO-PROXY LINK, YOU

# CAN OVERRIDE THE AUTOMATIC SECURITY MEASURE BY SETTING THE FLAG BELOW.

# CONSIDER THE CONSEQUENCES VERY CAREFULLY BEFORE YOU RUN THIS SSL-ACCESSING

# PROXY ON AN INSECURE SERVER!!!

$OVERRIDE_SECURITY= 0 ;

# Stuff below here you probably shouldn't modify unless you're messing with

# the code.

# This lists all MIME types that could identify a script, and which will be

# filtered out as well as possible if removing scripts: HTTP responses with

# Content-Type: set to one of these will be nixed, certain HTML which links

# to one of these types will be removed, style sheets with a type here will

# be removed, and other odds and ends.

# These are used in matching, so can't contain special regex characters.

# This list is also used for the the $PROXIFY_SCRIPTS function.

# This list contains all script MIME types I know of, but I can't guarantee

# it's a complete list. It's largely taken from the examples at

# http://www.robinlion...l4/scripts.html

# That page describes only the first four below as valid.

# The page at ftp://ftp.isi.edu/in...pes/media-types

# lists all media (MIME) types registered with the IANA, but unfortunately

# many script types (especially proprietary ones) have not registered with

# them, and that list doesn't specify which types are script content anyway.

@SCRIPT_MIME_TYPES= ('application/x-javascript', 'application/x-ecmascript',

'application/x-vbscript', 'application/x-perlscript',

'application/javascript', 'application/ecmascript',

'text/javascript', 'text/ecmascript', 'text/jscript',

'text/livescript', 'text/vbscript', 'text/vbs',

'text/perlscript', 'text/tcl',

'text/x-scriptlet', 'text/scriptlet',

'application/hta', 'application/x-shockwave-flash',

) ;

# All MIME types in @SCRIPT_MIME_TYPES and @OTHER_TYPES_TO_REGISTER will be

# "registered". Registration helps the script remember which MIME type is

# expected by a page when downloading embedded URLs, e.g. style sheets. Any

# MIME types that need special treatment should be listed here if they're not

# already in @SCRIPT_MIME_TYPES.

# If you write a handler for a new MIME type in proxify_block(), and that type

# isn't already listed in @SCRIPT_MIME_TYPES, then add it here.

# The Perl code in this program supports up to 64 registered MIME types, but

# the JS _proxy_jslib_pack_flags() and _proxy_jslib_unpack_flags() routines

# only support 26. Thus, fix the JS code if there's ever more than 26 types.

# "x-proxy/xhr" is a special case-- it's used to support the JavaScript class

# XMLHttpRequest . Data downloaded through that should not be proxified,

# even if it's HTML data; it's proxified later when it's added to a document.

# Using the "x-proxy/xhr" type is part of avoiding that first proxification.

@OTHER_TYPES_TO_REGISTER= ('text/css', 'x-proxy/xhr') ;

# These are MIME types that we *may* try to rewrite in proxify_block(), e.g.

# to send all URLs back through this script. If a type isn't on this list,

# then we know for certain it should be sent back to the user unchanged,

# which saves time.

# If you write a handler for a new MIME type in proxify_block(), then add the

# type here.

# NOT all the types here are actually supported at this time!

# text/html is not on this list because currently it's handled specially.

@TYPES_TO_HANDLE= ('text/css',

'application/x-javascript', 'application/x-ecmascript',

'application/javascript', 'application/ecmascript',

'text/javascript', 'text/ecmascript',

'text/livescript', 'text/jscript',

'application/x-shockwave-flash',

) ;

# This is a list of all file extensions that will be disallowed if

# $TEXT_ONLY is set. It's an inexact science. If you want to ban

# other file extensions, you can add more to this list. Note that

# removing extensions from this list won't necessarily allow those

# files through, since there are other ways $TEXT_ONLY is implemented,

# such as only allowing MIME types of text/* .

# The format of this list is one long string, with the extensions

# separated by "|". This is because the string is actually used as

# a regular expression. Don't worry if you don't know what that means.

# Extensions are roughly taken from Netscape's "Helper Preferences" screen

# (but that was in 1996). A more complete list might be made from a

# mime.types file.

$NON_TEXT_EXTENSIONS=

'gif|jpeg|jpe|jpg|tiff|tif|png|bmp|xbm' # images

. '|mp2|mp3|wav|aif|aiff|au|snd' # audios

. '|avi|qt|mov|mpeg|mpg|mpe' # videos

. '|gz|Z|exe|gtar|tar|zip|sit|hqx|pdf' # applications

. '|ram|rm|ra|swf' ; # others

$PROXY_VERSION= '2.1.4' ;

#--------------------------------------------------------------------------

# End of normal user configuration.

# Now, set or adjust all globals that remain constant for all runs.

#--------------------------------------------------------------------------

# First, set various constants.

# These are used in rfc1123_date() and date_is_after().

@MONTH= qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec) ;

@WEEKDAY= qw(Sun Mon Tue Wed Thu Fri Sat Sun) ;

%UN_MONTH= map { lc($MONTH[$_]), $_ } 0..$#MONTH ; # look up by month name

# Create the sets of regular expressions we'll need if we proxify scripts.

# So far, the only script type we proxify is JavaScript.

&set_RE_JS if $PROXIFY_SCRIPTS ;

# Next, make copies of any constant environment variables, and fix as needed.

# SERVER_PORT and SCRIPT_NAME will be constant, and are used in several places.

# Besides, we need SCRIPT_NAME fixed before setting $THIS_SCRIPT_URL.

# SCRIPT_NAME should have a leading slash, but the old CGI "standard" from

# NCSA was unclear on that, so some servers didn't give it a leading

# slash. Here we ensure it has a leading slash.

# Exception: If SCRIPT_NAME is empty, then we're using a daemon, so leave it empty.

# Apache has a bug where SCRIPT_NAME is wrong if the PATH_INFO has "//" in it;

# it's set to the script name plus all of PATH_INFO up until its final "//".

# To work around this, truncate SCRIPT_NAME at the first place it matches $0.

# PATH_INFO is also changed to collapse all multiple slashes into a single

# slash, which is not worked around here. This bug should be fixed in

# Apache 2.0.55 and later.

# Some servers provide $0 as a complete path rather than just the filename,

# so extract the filename.

$ENV{SCRIPT_NAME}=~ s#^/?#/# if $ENV{SCRIPT_NAME} ne '' ;

if ($ENV{SERVER_SOFTWARE}=~ /^Apache\b/i) {

my($zero)= $0=~ m#([^/]*)$# ;

($ENV{SCRIPT_NAME})= $ENV{SCRIPT_NAME}=~ /^(.*?\Q$zero\E)/ if $zero ne '' ;

}

$ENV_SERVER_PORT= $ENV{SERVER_PORT} ;

$ENV_SCRIPT_NAME= $ENV{SCRIPT_NAME} ;

# Next, adjust config variables as needed, or create any needed constants from

# them.

# Create @BANNED_NETWORK_ADDRS from @BANNED_NETWORKS.

# No error checking; assumes the proxy owner set @BANNED_NETWORKS correctly.

@BANNED_NETWORK_ADDRS= () ;

for (@BANNED_NETWORKS) {

push(@BANNED_NETWORK_ADDRS, pack('C*', /(\d+)/g)) ;

}

# For the external tests, create hashes of parsed URLs if the tests are CGI calls.

# Note that the socket names must each be unique!

@{$USER_IP_ADDRESS_TEST_H}{qw(host port path socket open)}=

(lc($1), ($2 eq '' ? 80 : $2), $3, 'S_USERTEST', 0)

if ($USER_IP_ADDRESS_TEST=~ m#http://([^/?:]*):?(\d*)(.*)#i) ;

@{$DESTINATION_SERVER_TEST_H}{qw(host port path socket open)}=

(lc($1), ($2 eq '' ? 80 : $2), $3, 'S_DESTTEST', 0)

if ($DESTINATION_SERVER_TEST=~ m#http://([^/?:]*):?(\d*)(.*)#i) ;

# Require a full path in $PROXY_DIR.

# jsm-- add this in again when $PROXY_DIR is used.

#&HTMLdie("Must use full directory path in \$PROXY_DIR setting.")

# $PROXY_DIR!~ m#^([a-zA-Z] ?[/\\]# ;

# If $RUNNING_ON_SSL_SERVER is '', then guess based on SERVER_PORT.

$RUNNING_ON_SSL_SERVER= ($ENV_SERVER_PORT==443) if $RUNNING_ON_SSL_SERVER eq '' ;

# Or, if we're a daemon, then it's always true.

$RUNNING_ON_SSL_SERVER= 1 if $ENV{_DAEMON} ;

# Set this constant based on whether the server is IIS, because we have to

# test it later for every run to work around a bug in IIS. A constant here

# saves time when using mod_perl.

$RUNNING_ON_IIS= ($ENV{'SERVER_SOFTWARE'}=~ /IIS/) ;

# Create @NO_PROXY from $NO_PROXY for efficiency.

@NO_PROXY= split(/\s*,\s*/, $NO_PROXY) ;

# Base64-encode $PROXY_AUTH and $SSL_PROXY_AUTH if they're not encoded already.

$PROXY_AUTH= &base64($PROXY_AUTH) if $PROXY_AUTH=~ /:/ ;

$SSL_PROXY_AUTH= &base64($SSL_PROXY_AUTH) if $SSL_PROXY_AUTH=~ /:/ ;

# Guarantee URLs in @PROXY_GROUP have no trailing slash.

foreach (@PROXY_GROUP) { s#/$## }

# Create $NO_CACHE_HEADERS depending on $MINIMIZE_CACHING setting; it is placed

# in every response. Note that in all the "here documents" we use for error

# messages, it has to go on the same line as another header to avoid a blank

# line in the response.

$NO_CACHE_HEADERS= $MINIMIZE_CACHING

? "Cache-Control: no-cache\015\012Pragma: no-cache\015\012"

: '' ;

# Canonicalize all MIME types to lowercase.

for (@SCRIPT_MIME_TYPES) { $_= lc }

for (@OTHER_TYPES_TO_REGISTER) { $_= lc }

# Create @ALL_TYPES and %MIME_TYPE_ID, which are inverses of each other.

# This is useful e.g. to identify the MIME type expected in a given download,

# in a one-character flag. That's why we limit this to 64 types for now.

# $ALL_TYPES[0] is '', so we can test e.g. "if $MIME_TYPE_ID{$id} ..." .

@ALL_TYPES= ('', @SCRIPT_MIME_TYPES, @OTHER_TYPES_TO_REGISTER) ;

&HTMLdie("Too many MIME types to register.") if @ALL_TYPES > 64 ;

@MIME_TYPE_ID{@ALL_TYPES}= 0..$#ALL_TYPES ;

# Regex that matches a script MIME type.

$SCRIPT_TYPE_REGEX= '(' . join("|", @SCRIPT_MIME_TYPES) . ')' ;

# Regex that tells us whether we handle a given MIME type.

$TYPES_TO_HANDLE_REGEX= '(' . join("|", @TYPES_TO_HANDLE) . ')' ;

# Only need to run this routine once

$HAS_INITED= 1 ;

# End of initialization of constants.

} # sub init {

#--------------------------------------------------------------------------

# Global constants are now set. Now do any initialization that is

# required for every run.

#--------------------------------------------------------------------------

PS. als je erdoor heen scrolled kom je soms wat smileys tegen

[Wous]

Dit is de inhoud van her cgi bestand, waarop heb je de cgi staan? Hij heeft namelijk wel een met 'Perl' geïnstalleerde webserver nodig.

[Gast ĐiŝaŝteɍƵaƞƴ]

Hij staat gewoon op mijn computer en dat wat jij nu zecht was eigenlijk mijn vraag. Maar waar moet ik hem op zetten?

[Wous]

Ah, mijn fout. Ik dacht dat je het al op een web-server had staan

Wanneer je deze proxy op jouw pc/server wil laten runnen, kun je xampp gebruiken, xampp is heel makkelijk te installeren, en alle benodigde addons zitten er al bij, waaronder Perl.

Wanneer je Xampp geïnstalleerd hebt start je apache dmv de xampp-control.exe, daarna plaats je de cgi in het mapje 'htdocs', in een map genaamd bijvoorbeeld 'proxy', daar kopieer je dus je cgi naartoe, en dan open je de cgi dmv het volgende in te vullen in jouw adresbalk in je browser:

localhost/proxy/nph-proxy.cgi

[Piraatje]

Vergeten jullie alsjeblieft de VPN verbinding niet? Je internet provider zoals Ziggo of KPN kan door gebruik van de VPN niet zien wat er gebeurd op je internet verbinding en ben je volledig anoniem voor iedereen. Een vereiste tegenwoordig.... We een uitgebreide handleiding geschreven met informatie. 

Deze vindt je hier:   https://www.duken.nl/forums/handleidingen/downloaden/vpn-verbinding-en-anoniem-downloaden-r35/