New Whitelist Based Squid Redirector – White Trash

Do you know about a very interesting squid proxy whitelisting plugin called White Trash ?

It is very common today for malware to "call home" upon infecting a victim computer and this is exactly where White Trash kicks in : It is a user driven dynamic white listing system that guarantees that the outgoing HTTP connections have been initiated by real users. A nice side effect is holding the users responsible for all the browsing history recorded by the system.

The usage scenarios are very simple and robust:

Scenario – URL in the database

  • Client sends get request to Squid.
  • Squid writes URL to stdin of whitelist.py running as a squid redirector.
  • whitelist.py checks for URL in db, finds it, and returns newline (tells squid to use url as is).
  • Squid loads page and then any further elements from the server using the same procedure.

Scenario – Add new URL to the database

  • Client sends get request to Squid
  • Squid writes URL to stdin of whitelist.py running as a squid redirector
  • whitelist.py checks for URL in db, doesn’t find it, and returns http://whitelistproxy/generate_form.py
  • User is redirected to generate_form.py which is served by servecgi.py
  • generate_form.py presents a user with a form, all values filled in
  • User clicks "I Agree" and form is submitted to whitelist_add.py
  • servecgi.py processes the POST to whitelist_add.py and adds the proxy authentication information.
  • whitelist_add.py adds the domain, username etc. to the database and refreshes the page to deliver the user to their requested URL.

Scenario – View the whitelist

  • A cron runs whitelist_report.py every hour. This script builds a html representation of the whitelist from the database.
  • Apache serves the static html page.

One other evil usage of this tool would be enforcing the AUP and other security policies. I mean, one has to think twice about adding an URL to the intranet database thus leaving traces about his visit all over the place:)

Technically , the solution looks great, but one of the biggest risks of implementing this system would be the user frustration about being monitored; it’s the the old saying "the more you squeeze the employees, the more they leak". Balance has to be reached for both parties.

In order to see how White Tash works in real life, check out the flash demo or download White Trash  yourself . Free . As in GPL.



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “New Whitelist Based Squid Redirector – White Trash

  • 1
    ehcache.net
    February 15th, 2011 18:46

    New Whitelist Based Squid Redirector – White Trash…

    Do you know about a very interesting squid proxy whitelisting plugin called White Trash ? It is very common today for malware to “call home” upon infecting a victim computer and this is exactly where White Trash kicks in : It is a user driven dynamic…


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge