System and method for decoding traffic over proxy servers
Abstract
Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).
Claims
exact text as granted — not AI-modified1 . A method, comprising:
intercepting, by a decoding system, a packet sent between a client computer and a proxy server or between the proxy server and a target server, the packet comprising a first identity of one of the client computer or the target computer in a header of the packet; decoding, by the decoding system, the packet to extract a second identity of the other one of the client computer or the target server from a payload of the packet; correlating the first identity with the second identity; reconstructing and presenting a communication session between the client computer and the target server, as viewed by a user of the client computer, using the correlated first and second identities, the communication session includes the packet.
2 . The method of claim 1 , wherein the first identity is an Internet Protocol (IP) address of the one of the client computer or the target computer.
3 . The method of claim 2 , wherein the second identity is a Uniform Resource Locator (URL) of the other one of the client computer or the target server.
4 . The method of claim 1 , wherein the packet includes an encoded form of the second identity.
5 . The method of claim 4 , wherein the packet is an Hyper-Text Transfer Protocol (HTTP) request packet.
6 . The method of claim 1 , wherein reconstructing and presenting the communication session comprises modifying the packet to imitate a modified session between the client computer and the target server that does not traverse the proxy server.
7 . The method of claim 6 , wherein reconstructing and presenting the communication session further comprises:
reconstructing the modified session from modified communication packets including the modified packet; and decoding and presenting the modified communication session.
8 . The method according to claim 1 , wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein correlating the first and second identities comprises decoding at least the first TCP tunnel.
9 . The method according to claim 1 , wherein the proxy server comprises a HTTP proxy server.
10 . The method according to claim 1 , wherein the proxy server operates in accordance with a SOCKS protocol.
11 . An apparatus, comprising:
a network interface, which is configured to intercept a communication packet sent between a client computer and a proxy server or between the proxy server and a target server, the packet comprising a first identity of one of the client computer or the target computer in a header of the packet; and a processor, which is configured to decode the packet to extract a second identity of the other one of the client computer or the target server; wherein the processor is further configured to correlate the first identity with the second identity; wherein the processor is further configured to reconstruct and present a communication session between the client computer and the target server, as viewed by a user of the client computer, using the correlated first and second identities, the communication session includes the packet.
12 . The apparatus of claim 11 , wherein the first identity is an Internet Protocol (IP) address of the one of the client computer or the target computer.
13 . The apparatus of claim 12 , wherein the second identity is a Uniform Resource Locator (URL) of the other one of the client computer or the target server.
14 . The apparatus of claim 11 , wherein the packet includes an encoded form of the second identity.
15 . The apparatus of claim 14 , wherein the packet is an Hyper-Text Transfer Protocol (HTTP) request packet.
16 . The apparatus of claim 11 , wherein the processor is further configured to modify the packet to imitate a modified session between the client computer and the target server that does not traverse the proxy server.
17 . The apparatus of claim 16 , wherein the processor is further configured to:
reconstruct the modified session from modified communication packets including the modified packet; and decode and presenting the modified communication session.
18 . The apparatus of claim 11 , wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein the processor is further configured to decode at least the first TCP tunnel to correlate the first identity with the second identity.
19 . The apparatus of claim 11 , wherein the proxy server comprises a HTTP proxy server.
20 . The apparatus of claim 11 , wherein the proxy server operates in accordance with a SOCKS protocol.Join the waitlist — get patent alerts
Track US2021126905A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.