Tag: video

Proxy and Web Authentication Methods - Cookies

When HTTP authentication is required by a web server, then this authentication takes place for every single request. So for every single request that the web server receives it must decode the message, find the username and passwords then verify these with the ones in it’s user database (if this is the method being used). Naturally this takes a lot of effort and the most obvious result is that of speed, the connection will slow down to allow all this processing.

There are other methods to circumvent this difficulty with HTTP and the most popular is probably the ‘cookie’. What will likely happen is that if a request is received with no authentication credentials and without a cookie then the user receives a 401 request - (401 - is authentication required). The client browser functioning in normal mode, and not the privacy enabled sessions like incognito in Chrome will remember which servers require authentication and which won’t. This enables the client to send the authentication credentials automatically, thereby saving the inconvenience of another 401 response.

Of course there are other authentication methods, for example the securID cards have passwords that change each time, in this case there is no alternative but for the user to enter his password on each request. One of the most common solutions for preventing this is by passing a cookie after a successful authentication request. Any subsequent requests the cookie can be forwarded, most servers will accept this file as a valid authentication credentials.

The information must be secure in the cookie, typically encoded and then verified with an MD5 signature. This stops the cookie being altered or modified in transit, the other information that would be normally included in the file would be

  • User ID
  • IP Address of Origin
  • Cookie Expiration Time
  • Cookie Signature/Fingerprint

Part of this data will be encrypted and other parts like the expiration and IP address will usually be in clear. This clear text data and the MD5 portion of the file can be used to verify the cookie’s validity along with a random string that is generated and passed when the cookie is originally created.

This transparent pass through is important in many applications, a well configured proxy must be able to handle these requests easily. Unfortunately normal cookies cause issues for use with proxies as they are designed to be exchanged between client and server end points. Take for instance this instance where you use a proxy to watch UK TV abroad as in this video -

Using such services might mean that your IP address changes during the connection, which will effectively invalidate the cookie. This means that either the session is disconnected or re-authentication must occur. If the proxy can handle these connections properly then the cookie will remain valid - it can be quite difficult to configure though.

Using Smart DNS to Bypass Geo Blocks

For many years, the rather unfortunate practice of restricting access based on your location has been growing in the online world. In fact any decent web site will now heavily control what you can or can’t see depending on your location. The driver is of course profit, licenses are often granted on a per country basis allowing organisations to maximise their profits by charging different amounts in different places. Those of us who hoped that the internet would become one big global market are set for disappointment.

It was probably to be expected companies have done this for years, charging top dollar in the richer countries whilst lowering their prices in less affluent areas. In fact this forms the very basic laws of economics, check out price discrimination for more reading about this topic. Fortunately though, the technology to apply these restrictions is not very sophisticated at the moment. Basically the website looks up your IP address when you connects and then looks up it’s location, this is used to determine what you can see. For example Hulu holds the US rights to lots of programmes and you can access the whole catalogue if you connect via a US IP address. Connect from anywhere else and you’ll get little more than adverts and a few clips to enjoy.

This was fairly easy to bypass though, just a little research or investment - you could buy proxy servers from a supplier and use it to hide your real address. Slowly this became harder though with companies like Hulu blocking all but the well set up and configured proxies or VPN servers. But there was another problem, changing your connection and using proxies worked great on a computer but nowadays many of us are surfing the web through a host of other devices like games consoles, phones and media streamers like the Roku.

In theory this should work ok too, but suspiciously many hardware manufacturers are putting less access to basic network connectivity on these devices. It’s very hard to get a PS3 or Xbox to use a proxy or shared VPN (although it is possible), and some hardware like the Roku or ADSL routers simply don’t supply access to these sort of configuration options. Which is partly responsible for the next generation of anti-geoblock technology - namely Smart DNS.

This goes a step further than using proxies, or possibly a step backwards in that only part of the connection is redirected (the bit that checks your location), when you start to stream video for example it goes straight from the web server to your PC. This means that obviously the security element of the connection is pretty much non existent. However the video streaming is much quicker as the majority of the traffic doesn’t need to be router through a third party which happens when using a proxy or VPN server.

Read more here: