Anonymox | Code

No validation of proxies. The extension blindly trusted any IP and port from the remote server. 3. The Malware Vector: Hidden in Plain Sight The most shocking part of the Anonymox code was not the proxy logic—it was the update mechanism .

// From anonymox/background/proxy-manager.js (circa 2017) let proxyList = []; function fetchProxyList() { fetch('https://api.anonymox.net/get_proxies') .then(res => res.json()) .then(data => { proxyList = data.proxies; // [{host, port, type, country}] setNextProxy(); }); } anonymox code

function setNextProxy() { let proxy = proxyList[Math.floor(Math.random() * proxyList.length)]; let config = { mode: "fixed_servers", rules: { singleProxy: { scheme: proxy.type, host: proxy.host, port: proxy.port } } }; browser.proxy.settings.set({value: config}); } No validation of proxies

function collectTelemetry() { let data = { urls: window.performance.getEntriesByType('navigation').map(n => n.name), referrer: document.referrer, user_agent: navigator.userAgent, extension_id: chrome.runtime.id, install_date: localStorage.getItem('install_date') }; fetch('https://stats.anonymox.net/collect', { method: 'POST', body: JSON.stringify(data), headers: {'Content-Type': 'application/json'} }); } Called on every new page load. Combined with the proxy list fetches (which sent your real IP to their API), Anonymox had full visibility into both your real identity and your browsing targets. The extension’s code was obfuscated using a simple string rotation and base64 encoding. Here’s an example from the actual source: The Malware Vector: Hidden in Plain Sight The

But then, it disappeared.

If you ever stumble upon the Anonymox source code in a GitHub archive, don’t install it. Instead, compile it, run a static analysis, and remember: Conclusion: Reading the Ghost’s Diary The Anonymox code is not just a relic—it’s a confession. Every obfuscated string, every eval() , every silent POST request tells the story of a tool that betrayed its users. But for those willing to read it, the code teaches invaluable lessons about trust, transparency, and the architecture of safe proxies.