DEV Community

Cover image for Be anonymous, create your own proxy server with AWS EC2

Be anonymous, create your own proxy server with AWS EC2

Viral Sangani on June 09, 2020

This post was originally posted on https://blog.viralsangani.me. Checkout this post at - https://blog.viralsangani.me/posts/be-anonymous-create-yo...
Collapse
 
artis3n profile image
Ari Kalfus

Just be aware of your specific threat model. Tying your "anonymity" VPN to your AWS credit card may not be what you want.

And your browser is still going to continue fingerprinting and websites will continue to use tracking cookies though a VPN. So all it is really doing is stopping your ISP from monetizing your traffic, which you get with a DNS over HTTPS provider without needing to spend money in the cloud, and is default in Firefox and I think just turned on in chrome as well.

Collapse
 
mrrcollins profile image
Ryan Collins

The other issue is your traffic isn't encrypted traveling to the proxy, which means your ISP still sees your requests for the various sites. I use Tinyproxy and an ssh tunnel:

ssh -L 8888:localhost:8888 users@vpn.vm

Then set up your browser to use a proxy on localhost:8888. Tinyproxy is set to only listen on the localhost. Using an SSH tunnel allows you to use the proxy no matter where you are.

Collapse
 
artis3n profile image
Ari Kalfus

Well, HTTPS traffic is still encrypted so your ISP won't see what traffic you mean to send, just that you are communicating with your VPN server in AWS because that is the only DNS traffic it see. So you're fine there, but again DNS over https is an easier and cheaper way to accomplish that.

Thread Thread
 
mrrcollins profile image
Ryan Collins • Edited

Your ISP won't be able to see the traffic, but they will know what sites you are visiting since those requests go across in plaintext. Here's an example line from Squid log when used as a proxy server:

1591682643.548 240341 10.70.13.198 TCP_TUNNEL/200 3208 CONNECT mail.google.com:443 - HIER_DIRECT/172.217.6.101 -
1591682682.345    679 10.70.5.74 TCP_TUNNEL/200 4438 CONNECT v10.events.data.microsoft.com:443 - HIER_DIRECT/52.114.75.78 -
1591682708.770    345 10.70.13.197 TCP_TUNNEL/200 4007 CONNECT settings-win.data.microsoft.com:443 - HIER_DIRECT/52.183.220.149 -

That's the traffic your ISP will see. Since you aren't encrypting traffic between you and the proxy, even DOH won't stop your ISP from seeing the sites you are visiting.

Your plan is solid, except for the connection to the proxy server. 😄

Thread Thread
 
artis3n profile image
Ari Kalfus

You should be encrypting traffic between yourself and the proxy! That's half of a proxy's point

Thread Thread
 
mrrcollins profile image
Ryan Collins

😄 We're on the same page, except you didn't put that part in the article. You're not encrypting anything between your browser and the proxy.

Thread Thread
 
artis3n profile image
Ari Kalfus

Not my article!

Thread Thread
 
mrrcollins profile image
Ryan Collins

Ah man, it must be getting late, LOL! Apparently I've failed at reading tonight and probably should go to bed. 😄

Thread Thread
 
viralsangani profile image
Viral Sangani

Sure, thanks for the suggestion, I will edit the part to encrypt the traffic between browser and proxy.

Collapse
 
ygoodmn profile image
ygoodmn

Just a note. All of AWS IP ranges are publicly available, and can be blacklisted for sites you go to. This is a fun project to try, but recommend better surfing habits (https only/duckduckgo)or using a local virtualized machine with A public DNS entry in resolv.conf. You do pay for bandwidth usage on AWS.

Collapse
 
iampaoloxd profile image
Paolo

wondering if this could work to bypass streaming site haha. and i think there is a missing step.

Collapse
 
viralsangani profile image
Viral Sangani

Which step?

Collapse
 
iampaoloxd profile image
Paolo

from pc to ec2 instance ? please correct me if i am wrong

Collapse
 
hagatorn profile image
Hagatorn

This is great but is an EC2 instance required? Can we use some routing/firewall/or API gateway to forward requests on demand?

Collapse
 
abhay07 profile image
Abhay Srivastav

Can i bypass streaming sites using ec2 proxy ?