Khan, Etienne (UT-EEMCS)
Etienne Khan is a PhD candidate with the Design and Analysis of Communication Systems (DACS) group at the University of Twente, Netherlands.
His research focuses on residential proxies (RESIPs) and their usage on the Internet.
Sessie
Residential proxy networks route traffic through the IP addresses of real households, allowing their customers to appear as ordinary residential users. This capability is widely used for purposes such as web scraping, ad verification, and geo-restriction circumvention, but also facilitates fraud, credential stuffing, and other forms of abuse. While prior work has studied these networks from the customer side, comparatively little attention has been given to the two other key vantage points: the network operators who unknowingly carry this traffic, and the proxy client software installed on residential devices.
In this work, we examine residential proxy networks from both perspectives. From the outside, we collaborate with SURF to characterize residential proxy traffic as observed on their network. From the inside, we reverse engineer the client applications of several major residential proxy providers (including Honeygain, PacketStream, pawns.app, Proxyrack, earnApp, earn.fm and more) to uncover their command-and-control architectures, tunneling protocols, and protection mechanisms. Our analysis reveals a diverse ecosystem: providers employ a range of technologies from SSH tunneling to QUIC-based transports, and vary significantly in software quality and protection, ranging from plaintext TypeScript with developer comments still intact, to light obfuscation techniques such as certificate pinning and compiled Dart AOT snapshots.
Together, these complementary viewpoints provide a comprehensive understanding of how residential proxy networks operate in practice, and inform potential detection and mitigation strategies for network operators and the security community.