A proxy or proxy server is an intermediary server, system, or other device that is positioned between a user's device and the rest of the internet. A proxy can also be positioned between a server or group of servers and the rest of the internet. A proxy can hide your IP address, block access to specific websites, and make it safe to browse dangerous or unknown parts of the internet.
Where a user's device would normally connect to a remote server or website directly, a proxy would connect to a remote server or website in place of a user's device. A proxy has a different IP address from a user's device, which masks the user's IP address, concealing the user's true identity.
A proxy can inspect, filter, and deny outgoing web requests based on configured rules, such as domain names, IP addresses, keywords, or content categories. When a user tries to access a blocked site through a proxy, the proxy would refuse to forward the request, often returning an error page instead. A proxy can also block access to all traffic except for sites on a pre-approved list or whitelist.
Proxies offer many privacy benefits for end-users, but can also benefit criminals and other malicious individuals. Below are some ways criminals can use proxies to conduct illicit activities:
- Criminals can use proxy servers to mask their true IP addresses and locations, allowing them to conduct illicit activities while appearing as legitimate users.
- Criminals can use proxies to bypass geogrpahical restrictions, evade anti-fraud systems, and commit large-scale financial crimes and cyberattacks.
- Criminals use residential proxies to match a victim's geographic location to log into a victim's bank, social media, or e-commerce accounts using stolen credentials, making unauthorized access appear legitimate to security systems.
- Criminals use proxies to mask their true location while they make unauthorized purchases with a victim's stolen financial information, evading fraud detection mechanisms.
- Criminals can use rotating proxies to cycle through thousands of IP addresses, bypassing rate limits while testing stolen username/password combinations.
Types of Proxies
Residential Proxies
Residential proxies are proxies that use IP addresses assigned by an internet service provider (ISP) to consumers, making traffic appear to come from legitimate home users.
Datacenter Proxies
Datacenter proxies are proxies that provide IP addresses from data centers (rather than ISPs). Datacenter proxies offer high speeds and cost-efficiency for bulk operations such as web scraping, market research, and SEO monitoring.
Rotating Proxies
Rotating proxies are proxies that automatically assign a new IP address from a large pool via a central gateway for every request or at set intervals. Requests through rotating proxies can reach the target server or website with a new IP address on each request, allowing users to bypass rate limits, avoid IP bans, or scrape data continuously without interruption.
Sticky Proxies / Session Proxies
Sticky proxies or Session proxies are proxies that maintain a single IP address for a set period of time or session. Once the time is up or the session ends, a sticky proxy is automatically assigned a new IP address, offering a balance between stability and rotation.
Static Proxies
Static proxies are proxies that provide a single, fixed IP address for all requests through the proxy.
Transparent (Level 3) Proxies
Transparent (Level 3) proxies are proxies that do not hide a user's true IP address and do not strip HTTP headers that identify themselves as proxies. Transparent (Level 3) proxies are used primarily for caching, network filtering, and user authentication (such as on public Wi-Fi networks).
Anonymous (Level 2) Proxies
Anonymous (Level 2) proxies are proxies that mask a user's true IP address address but do not strip HTTP headers that identify themselves as proxies. Anonymous (Level 2) proxies offer moderate privacy, suitable for bypassing geo-restrictions and basic web scraping, but are easily identified and sometimes blocked by websites compared to Elite / High Anonymity (Level 1) proxies.
Elite / High Anonymity (Level 1) Proxies
Elite / High Anonymity (Level 1) proxies are proxies that offer the highest level of privacy by masking a user's IP address and removing all proxy-identifying headers (e.g. Via, X-Forwarded-For) from requests, causing their traffic to appear as a normal user directly visiting a site. Elite / High Anonymity (Level 1) proxies can be residential, making them even harder to detect.
IoT Proxy
An IoT (Internet of Things) proxy is a proxy that is positioned between IoT devices (sensors, IP cameras, smart home appliances) and the rest of the internet, predominantly cloud services. IoT proxies act as a bridge between IoT protocols such as CoAP or MQTT and web-based protocols (HTTP/HTTPS), allowing a diverse set of devices to communicate with the internet.
Forward Proxy
A forward proxy is a proxy that is positioned between client devices and the internet, acting on behalf of clients to manage outbound requests, enhance security, and provide anonymity.
Reverse Proxy
A reverse proxy is a proxy that is positioned in front of web servers that handles client requests, enhancing security, performance, and reliability. Common uses for reverse proxies include caching, load balancing, SSL termination, and protection against DDoS attacks.
Proxies and Fraud
Proxies pose significant challenges for government institutions, banks, and other organizations that are targets for fraud. For example, residential proxies have been used to facilitate billions of dollars in fraudulent unemployment insurance claims by allowing malicious users to appear as legitimate users while creating numerous fake accounts. Criminals have also used proxies, particularly residential and IoT-based proxies, to faciliate large-scale identity theft, account takeovers, and automated credential stuffing while evading detection.
Conclusion
Proxies are servers that act as intermediaries between user devices or other servers and the rest of the internet. Proxies offer many benefits for end-users, but can also cause problems for government institutions, banks, and other organizations that need to fight fraud. The proxy landscape is constantly changing, with new proxies coming online every day, making proxy detection one of the hardest and most challenging problems to solve.