Index

All good things ...

Latest News

McAfee

Stan
Triton
Charon
Athena
Chameleon

Donate

Contact Rhino




-=[Charon v0.6]=-

This is the follow up to the proxy filtering program Calamity. It provides a fully customisable way of filtering out unwanted proxies via control files, a proxy tester to check anonymity - and a fully functional search engine crawler to find lists of posted proxies. Included within the kit is a php checker which can be uploaded to your own webspace to spread the processor load and bandwidth of the actual testing. This is fully integrated into Charon where it will simply send your pages lists of proxies and harvest the results.

Screenshots (click to enlarge)

Where can I download it?

Latest version (0.6) Available here
Unsupported older versions (0.5.3) here and (0.5.4.1) here

New in V 0.6

  • Integrated and customisable blacklist scanner / checker.

New in V 0.5.4.1

  • Fixes a minor bug (thanks to Psykodelik for spotting) with the port filtering.

New in V 0.5.4

    Main changes:

  • Complete re-write of internal network functions.
  • IP scanner function implemented (ability to scan IP ranges for proxies).
  • New option incorporated to spread the traffic load over multiple external judges.
  • New Leeching engine (selectable pages for leeching etc.)
  • Automatic save / recovery - in the event of crashes charon will automatically recover.
  • External php checker support.
  • Blacklist filter check option (using opm.blitzed.org)
  • Other changes:

  • Google / search engine scanning functions completely re-written.
  • Search engine URL filter keywords moved into a customisable .ini file.
  • Support for multiple local IPs (enter them manually seperated by the ; character).
  • Option from the Save menu to output the results in a report according to the host country.
  • Import functions strengthened to cope with some dodgy data.
  • New and improved judge tester / selection screen.
  • Choice now given whether to save the proxy list on closing.
  • Traffic limit introduced to catch proxies which spew false data.
  • Few other minor tweaks.

New in V 0.5.3

  • There's now an option to just perform a quick country lookup without actually testing the proxies - available from the right click menu.
  • Previously, when Charon was minimised and your Windows Explorer crashed it was sometimes impossible to re-open the program. If you now attempt to re-launch the program it will reactivate the old window.
  • Fixed a potential bug with a DNS conflict. Some ISPs would effectively block Charon from testing certain proxies - have coded around that now.
  • Several small changes

New in V 0.5.2

  • Internal Judge implemented on a user customisable port
  • User-customisable engines.ini file - allowing you to choose to search additional engines instead of just google
  • Searching (engines) and scanning (testing proxies) all now have the ability to work *through* another proxy for anonymity
  • Integrated news function to keep up to date with any further improvements
  • Country lookup improved to use the Maxminds GeoIP datafiles
  • Peerguardian 2 (binary format) files supported (to import and create bad.ini lists)
  • Several display / minor bug fixes

New in V 0.5.1

  • Fixed a couple of small bugs.
  • Added in an option to just leech the additional pages instead of searching google.

New in V 0.5

  • Automated proxy scan option - it will now hunt google for proxies
  • Proxy Leech option - leeches proxies off an individual page
  • Multiple filter files available - for specific filtering. No longer constrained to manually editing the bad.ini file for each profile you wanted.
  • Added an option on the Site Scan to now have an option to work on all proxies - or just anonymous ones.
  • Added in a "Last checked" date column
  • Added in an option to return the ping times from the site tests instead of "Good" (choice on the site options dialog)
  • Added in an option to hide individual columns (from the right click menu)
  • Added in an Emergency Stop button for if you can't wait for the graceful shutdown
  • Added in an option to check the local IP before starting each test ... and again every 'n' tests for people on dial-up where it changes
  • Added in import facilities for "Superscan" and "AngryIPScanner" lists.
  • Added in Quickload / Quicksave buttons
  • Added in a "One button - Test all now" function
  • Added in a "Randomise list order" option
  • Added in a "Delete site" button on the site scan page for those people who couldn't find the Del key on their keyboard ;)
  • Judge menu now includes the ping value in the checking
  • Charon now supports AZEnv as a 'proxy judge'
  • Now checks the country of socks proxies
  • Changed the SSL testing to a pure CONNECT test. You can change the url / port it sees if it can connect through to via the settings.ini file.
  • Added the ability to specify the address/port to check socks against
  • Pressing "Backspace" is now picked up as well as the "Delete" key - as per requested
  • Overall timeout implemented for pages that were continually sending data. Previously it would just keep going - now set to a default of 5 minutes.
  • UI Glitch when selecting proxies with the shift-arrow keys.
  • Found that the country check wasn't being performed if the number of threads was equal or greater than the number of proxies.
  • Added an option to the google search page to save the urls it finds (along with the number of proxies leeched from each page)
  • All File load options now support multiple file selection
  • Sorted out a glitch in the "Score" column for socks proxies
  • Changed the icon on the about page from a blank box to the Charon logo ;)

Just let me know what's updated

A guide to the changes introduced in 0.5.4 is provided here courtesy of rari57. For the full list of features, read on.

Blacklist Scanner

The blacklist scanner can be launched via the Charon main button panel. Some sample screenshots are available here

IP Checking

If you have selected the option to do so ... Charon will make a call out to a website to determine your IP address (it needs to know your external address so that it can tell if its leaked on a page or not). For those of you that load an enormous list and leave it overnight .... I've added in an option to re-check this every 'n' tests in case it changes (those of you on dial-up).

Internal judge?

If you've chosen to use the internal judge, then on the first operation that requires it (checking / scanning) it will attempt to start the judge on your chosen port. You can verify that it has indeed started the internal engine by performing a netstat -an command from DOS and looking at the listening ports, or (and taking the default port 80 as the one in the example below) by going to the webpage

http://{your external IP}:80/sex/fuck/porn/judge.php

It's named this way to help filter out the proxies that filter and ban on certain keywords. If you see a returned list of environmental variables then it's working fine. If you don't see anything, then try replacing {your external IP} with 127.0.0.1 .... if this now works then you're not allowing incoming requests through your router / firewall. Consult their own instruction manuals.

News Function

The News function is put there as a service to let you know about any software updates to either Charon or any of the Rhino suite of tools. You'll note that it's not turned on by default as it's a personal hate of mine when programs automatically dial out without you asking them to. All this "news" page does is make a request out to get the same details that are visible from the News section of the main web site - put in the program as a convenience ;).

What's this php checker all about?

Included in the zip file is a php file which can be uploaded to any php enabled host and be used to check the anonymity of proxies. You can customise this by specifying the maximum number of proxies it can test in one go, and by entering a password if you wish to stop the general public from using it. Within the "Judge" options there is a place for you to add in a number of these php judges. Please note that this type of testing will only determine the validity and anonymity of the http proxies - for any further analysis you'll have to use Charon.

I have elected to only use these php checkers when testing existing proxies (accessed via the right click menu) - not for the general searching. The main reason for this is the proxy timeouts which have the potential for timing out the entire page. My God it's crude, I'm not pretending otherwise, but it works and has some basic comments in there. Feel free to improve it - but if you change the output format too drastically then double check that Charon can still read it else let me know and I'll tweak the Charon code ;)

How does the RBL check (from the filter menu) work?

Select the option from the filter menu and it'll run against all of the loaded proxies using the same amount of threads as you've specified for the resolving. The Status column will be updated depending on whether the IP address has been marked by blitzed.org as either WinGate, SOCKS, HTTP CONNECT, Router or HTTP POST. A blank response there means it hasn't been recognised by them as a proxy.

Proxy scanning function

When you hit the "Check Proxies | Scan for new proxies" button it will go looking for proxies
It queries the search engines in the engines.ini file looking for proxy pages which it downloads. The first strings it uses to search the engines are several common keywords. It gets the engine index for those - and builds up a list of pages to leech from.
Taking those pages in turn, it downloads them and picks off anything that looks like a proxy.
if the "Filter proxies through bad list before testing" box in the options is ticked ... then it will run this proxy against the filter files before doing anything else.
If it's bad then it gets thrown away
If it's good .. and the "Test proxies with current settings" box is UNTicked .. then it will just get added to the list
If that test box IS ticked however, the proxy will be tested as if it was a normal proxy that had been added to the main list.
If it turns out to be bad .. it's thrown away
If it's good .. it's added to the list as normal
.... this repeats with all the proxies on that page before downloading / stripping another
If all those keywords have been used .. then it will generate a "proxy" to use as a search string for the next engine search ... and the cycle continues
The final thing in that proxy scanning options page is the 'additional pages' section. These are pages which will be run before it uses those keywords you sent. These pages would contain proxies - so you would put in standard leech urls.
In the future (note the Type column) it will handle boards and act like a spider ... but for now it's regular pages

A quick note about the statistics shown when scanning for new proxies

a threads (b downloading, c testing) d / e pages stripped - f proxies (g good, h bad, i testing)
a is the total threads set in the "Connect options"
b is the number of threads either getting a google index page .... or downloading one of the google index results (i.e., a page of proxies)
c (testing) is the number of threads actually checking proxies it's found.
e is the number of pages it's found from google which should contain proxies. This is the amount of pages in memory (in total)
d is the number of these which have been downloaded and stripped/processed
f - number of proxies found on all the pages
g, h, i ... proxies ... work it out ;)

Filtering

The "Filter List" button works in several stages.

  1. Analyses the proxies according to the rules specified in the reference file - deleting as necessary.
  2. Checks for multiple ports on the same IP address - as specified in the filter options.
  3. Intelligent gateway filter. If a scan has been run (and the gateways identified) then this will filter multiple gateways pointing to the same base IP address.

Connect options

Several options are available for use in the scan (threads / timeout / resolution to hostname / https check). These can actually be changed on the fly when the scan is running.

What does VIA mean?

It will return a positive result in the VIA column if it finds one of the following variables:
HTTP_VIA, HTTP_PROXY_CONNECTION, HTTP_FORWARDED or HTTP_CONNECTION

You can change these by manually editing the settings.ini file.

Does anybody actually read this help section?

Based on the number of questions asked that are fully answered in here ... no. Thanks for at least being the exception to the norm ;).

What are the units?

Ping is in ms, Speed is a relative count of the size of the page divided by the time taken to retrieve it. Use it comparatively anyway.

Site Checking

This is a feature which can be used to determine certain "elite" proxies. Basically it checks against all of the sites you have loaded into this section and looks for keywords. These can be keywords from either the header or the body of the site For example:

Site 1) http://www.google.co.uk/
Resp 1) <title>Google</title>

Site 2) http://www.someprotectedsite.com/members/
Resp 2) 401

Site 3) http://user:pass@www.someprotectedsite.com/members/
Resp 3) members section

If all of these are returned with their correct response string then "Good" will appear in the Site column, else it will display "Bad".

A good use for this would be to find a protected site that doesn't ban by IP address. Enter in:

Site 1) http://workinguser:workingpass@www.site.com/members/
Resp 1) members section

Site 2) http://baduser1:badpass1@www.site.com/members/
Resp 2) 401

Site 3) http://baduser2:badpass2@www.site.com/members/
Resp 3) 401

... this will give you a good idea if the proxy can be used for cracking against these "types" of protected sites.

An additional option has been added in to return, for sites that pass the test, the average ping times instead of "Good".

Why does it take so long to load the list?

Because under the "General Options" tab you've selected the box "Resolve proxies to IP address upon loading." and this is what it's doing. Whether the fact it's slow is a problem with your local DNS or not (what the cases so far have been ;)) it's hard to say. It'll use 25 internal threads for resolving by default .... if you want to increase this then close the program and manually edit the settings.ini file.

Why isn't it checking any of the proxies?

You haven't marked any of them for test.

I've marked them ... but it's still not checking any of them?

Don't just select them and highlight them in blue. Right click, "Mark for test", "Mark Selected for test". Then try again

Ahh .. it works now ... sorry :(

No problem ;)

How does the Connect test work?

Charon will make an initial connection to the proxy, then make a connect request out to the address & port specified in the settings.ini file. If you want to change these from the default of www.google.com:80 then close the program and edit the file manually.

How does the country lookup work?

Initially, Charon will make a query to the local database file GeoIP.dat. If it can't find the information in there, then it will query a few in-built IP lookup sites. If you ever want to update the GeoIP.dat file then download and unzip the file from http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz into the Charon directory.

Gateway proxies

Why not delete all gateways? .. Why keep any?

There are nothing wrong with gateway proxies (providing they are anonymous).

Basically these are proxies which point to another (Gateway) proxy which then fetches the page. Consider it like this

Proxies             Gateway proxy
12.34.56.43:80 \
12.34.56.76:80  >   12.34.56.55:80
12.34.56.91:80 /

If you use any of the proxies then go to a site .. assuming the gateway proxy is anonymous then that is the IP it will show and not your own.

Basically, if you have all 3 of the above proxies in your program and run it against a site ... it will see the attack coming in from the one address (the gateway proxy) 3 times.

The only reason to delete gateway proxies is when you have several that all point to the same gateway. Just deleting them verbatim does not make sense. Providing it's anonymous don't worry about it.

If you have several all pointing to the same IP .. then it's not the end of the world if you do run them ... it'll just negate the effectiveness of proxy rotation.

What's the failed "determining your IP" message?

When Charon starts - providing you've enabled the option - it attempts to communicate out to the site http://checkip.dyndns.org/ to determine your IP address. It does this so that it can check the proxies to see if your real IP address shows up anywhere.

If it cannot make that connection then you will get the "Failed to connect to the web site determining your IP" error message presented. Try going to that site manually in your browser to check that it's up and running. If it is, then Charon is being blocked somehow.

You can bypass this step by manually entering your IP into the program and going to the "Connect options" deselecting all the automatic-check options - but if it cannot make this initial connection then there is no guarantee that it will be able to test the proxies properly - so you'd be better off investigating why it's being blocked.

Firewall misconfiguration is the most common reason.

How do I speed up the scan?

If speed is of the essence, you can do a couple of things. Disable the site, country and 'Connect' checking. If you're only interested in either socks or HTTP proxies then only select to test that type.

Are there any other tutorials around?

A tutorial in German, courtesy of brOt, is available here.
A pdf walkthrough of all the functions, courtesy of Karsten Keese, is available here.

Awards

Softpedia.com has awarded Charon a 100% CLEAN rating.

FileCluster have awarded it their 100% Quality and Clean Award.

Downloads2k have awarded Charon their 100% Clean award

Prosoftix have given Charon their trusted soft award

Are there any hidden nags?

After you've used the program 50 times you'll get a reminder that it's freware. This can be permanently disabled by modifying the settings.ini file as the dialog box tells you to

### Change this to 0 to stop the initial 'donate'     ###
### splash screen from appearing                      ###
Show splash screen on program launch = 1

Just disable this here, and you'll never see it again ;)

How can I integrate Charon into my program?

There are 2 modes for this. The first was done for Form@ and the second for Sentry 2 / C-Force. Take your pick over which to use ;)

Type 1:

The way that Form@ works is to get the user to locate the executable first .. then stores that as a local variable. From within the program, just call charon with a few command line paramaters:
c:\blah\charon.exe -auto "c:\Path\to\input.txt" "c:\Path\To\output.txt"
The input.txt will just be a standard list of proxy:port ... and the output.txt I put in a specific format that Form@ uses. An example is:
Proxy:Port ANON:x WORKS:y
where y is a number, and x is a text value in the range of:
WORKS:0   (means the proxy is untested)
WORKS:1   (means the proxy is a working http)
WORKS:2   (means the proxy is a working socks)
WORKS:-1   (means the proxy doesn't work)

ANON:Anon   (means the proxy is Anonymous)
ANON:Non-Anon   (means the proxy is Non anonymous)
ANON:Untested   (means the proxy is Not tested)

Type 2:

For Sentry 2 / C-Force, the command line param was changed to:
c:\blah\charon.exe -bigauto "c:\Path\to\input.txt" "c:\Path\To\output.txt"
Now, for this one, the input and output lists are going to be of the same type that the Charon history file uses. That is:

IP, Hostname, Port, Anon, Ping, Speed, Via, Gateway, Site, SSL, Socks, Score, Country, Status, Date

with each element seperated by the control character of

Monitoring

In order to monitor/control the automatic run, you can use global mutexes.

Whilst Charon is running under this automated mode, there will be a global mutex created called
CharonForm
.. this is so that you can have something within your prog to check on the current status of Charon. If you want to force a remote shutdown - just create your own global mutex called
CharonDeform
and Charon will abort it's automatic run.

Why isn't xyz in this help file?

3 Choices.

  1. Nobody's ever asked me about it so it hasn't come up. If many people do then I'll add it.
  2. It's so obvious that you should figure it out.
  3. It is. Read it again.

I'm sure there's a bug in .....

There more than likely is .... nothing is bug free. Report it and I'll see if I can reproduce and fix it.

But what about .....

I can't tell you everything straight away .... just have a play around with the damn program ;)

Any other questions, feel free to ask. You can find me via the "Contact Rhino" link on the left ;)













© Copyleft Rhino 2025.