Just a Question

Is there anyway to bypass a website that has a whitelist of Proxys capable of going onto the site? Like entering the site without having to use one of the proxys on the whitelist? Just curious is all.

I dont believe thats possible. Because im assuming the server would just not respond to any packets from a improper IP address, the only way to contact it would be to spoof your IP on the packets, but in that case you still cant do much because the server would be responding to the wrong person.

Man in the middle attack when one of the website's visitors is using public access internet would be your best option, I think. Whitelists are … tricky.

The other method would be attacking underlying services instead of trying to circumvent security measures.

Edit: Oh, attacking people/computers who -have- access could be pretty useful too.

spyware wrote: Man in the middle attack when one of the website's visitors is using public access internet would be your best option, I think. Whitelists are … tricky.

The other method would be attacking underlying services instead of trying to circumvent security measures.

yeah I was thinking man in the middle attack, but I didn't know if it was possible to do a man in the middle attack if your outside one of the targets LAN

spyware wrote: Man in the middle attack when one of the website's visitors is using public access internet would be your best option,

Wait, I'm not making sense here. The whitelist won't have public access internet IP's in it. Disregard the public internet thing, you'd need to execute a MitM in someone's private, whitelisted LAN.

What if the implement on the site was just a quick fix type of thing? Could there be errors that could be exploited? The proxys that are on the whitelist are cell phone proxys only. They seriously dont want people on computers to play there game lol.

Froger wrote: What if the implement on the site was just a quick fix type of thing? Could there be errors that could be exploited? The proxys that are on the whitelist are cell phone proxys only. They seriously dont want people on computers to play there game lol.

If you are able to connect with your cellphone, go ahead and analyse the traffic. I think it's possible to emulate being a cellphone with a computer. You can always try tethering 3G from your phone to your laptop.

Tethering would work. I was just wondering if it were possible to trick the server into thinking that my current proxy is my phones proxy is all.

spyware wrote: [quote]spyware wrote: Man in the middle attack when one of the website's visitors is using public access internet would be your best option,

Wait, I'm not making sense here. The whitelist won't have public access internet IP's in it. Disregard the public internet thing, you'd need to execute a MitM in someone's private, whitelisted LAN.[/quote]

whitelisted lan? you'd need to know what ip's are there, with lan's, you can usually spoof it easily. if you have problems with two computers with same ip (which is usually not realy a problem), just use auditing software to boot the other person's computer, then spoof your mac address to their's and bam, you're showing up as them. you can then run a proxy sever if it was a proxy server on the network who's ip you stole, but mainly, do this, and you've got your access to the page. allow proxy in the same manner to avoid suspicion from other users.

Is it a public game for on cellular devices? Or still private etc.

Its a public game. At the moment only Boost, Verizon, and At&t can get on till they add other providers to the whitelist. The whitelist is still fairly new.