“Steganos Online Shield VPN” claims to enhance the user’s privacy online (<https://www.steganos.com/en/
Use of any feature (a) through (c) will enable a local HTTP proxy server based on Node.js (<http://nodejs.org/>) and <https://github.com/axiak/
When (a) and/or (b) are enabled, and (c) is not, the proxy will leak the hostname of the machine in a “Via” header like so: “Via: 1.1 foobar:8123 (Steganos Online Shield)” (where “foobar” is the local hostname).
The code is this <https://github.com/axiak/
When (c) is enabled, custom code in the proxy will replace the “User-Agent” header with a fixed value and replace the “Via” header with the empty string (not remove it altogether), thereby mitigating the information leak.
The machine’s hostname is usually strongly connected to the user’s identity (often containing their name). In addition to that, it is a strong distinguisher that will allow a correlation of HTTP requests as originating from the same machine (and thereby user, to some degree) even when these requests are not otherwise related in any way.
When reproducing, be careful that online services echoing back your HTTP request may or may not echo a “Via” header when one is in fact present.
Authored by Stefan Paletta
Email: stefanp@cabal1.net
Use of any feature (a) through (c) will enable a local HTTP proxy server based on Node.js (<http://nodejs.org/>) and <https://github.com/axiak/
When (a) and/or (b) are enabled, and (c) is not, the proxy will leak the hostname of the machine in a “Via” header like so: “Via: 1.1 foobar:8123 (Steganos Online Shield)” (where “foobar” is the local hostname).
The code is this <https://github.com/axiak/
When (c) is enabled, custom code in the proxy will replace the “User-Agent” header with a fixed value and replace the “Via” header with the empty string (not remove it altogether), thereby mitigating the information leak.
The machine’s hostname is usually strongly connected to the user’s identity (often containing their name). In addition to that, it is a strong distinguisher that will allow a correlation of HTTP requests as originating from the same machine (and thereby user, to some degree) even when these requests are not otherwise related in any way.
When reproducing, be careful that online services echoing back your HTTP request may or may not echo a “Via” header when one is in fact present.
Authored by Stefan Paletta
Email: stefanp@cabal1.net
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information