Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
Full Version: Showmyip.com
GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers
yann
Apr 3 2005, 02:33 PM

Hi,

It's maybe a new bee question, but how does showmyip.com manage to find the good ip address even through an anonymous proxy connection.

Do they use a java script on the site? or they do a X-Forwarded request?

All other ip sites shows my proxy address not my ISP address.

Thanks,
AgentOrange
Apr 3 2005, 05:48 PM
This isn't a stupid question per say, if this was possible i would want to know how to stop it...

However, I don't have a problem visiting this site anon. I am using FireFox, tor and privoxy, it is possible that privoxy is filtering something out... however from the privoxy logs its just filtering out some google add.

As far as java goes, you can't connect to another ip address other than loopback or the site that you got the java code from, unless you break out of the sandbox. There shouldn't be a way to bypass proxies with java... I browsed though the source and it doesn't look like there is any sneaky code. One thing I would be suspicious of is the site attempting to connect to other browser supported protocols such as gopher, in hopes that it might not be set to use a proxy. However it would be tricky to make a system like that fool proof.

ActiveX is even more strict than java when it comes to sockets, and there isn't any activeX content on that site.

It would be a security risk to have the ability to connect to another ip address. Java and activeX are so rich if you had this peace of the puzzle you could do a lot.

peace
eftex
Apr 16 2005, 07:11 AM
If you deativated javascript, java and ActiveX in your Browser it depents on which kind of Proxy you are using.

Anonymous - HTTP Proxy server does not send HTTP_X_FORWARDED_FOR variable to host, this improves privacy since your IP address cannot be logged.

High anonymity (elite proxy) - HTTP Servers of this type do not send HTTP_X_FORWARDED_FOR, HTTP_VIA and HTTP_PROXY_CONNECTION variables. Host doesn't even know you are using proxy server an of course it doesn't know your IP address.
Pro21
Apr 16 2005, 10:17 AM
IS not a stupid question !!
I had the same problem 3 years ago. I seen when i am using a proxy in my brower and if i am directly connectly to internet with this computer, the proxy doesn t work correctly ....
Work fine behind a nat router or anything else like that smile.gif
Or you can use a software who check proxy and use them for you. It s a solution smile.gif
showmyip
Aug 8 2005, 04:36 AM

We just have a smarter script to detect it, though truly anonymous proxies will not reveal it. We do not use javascript, nor java, nor any other protocols besides http or https - just plain PHP (version 4 at present).
st4n
Aug 12 2005, 12:33 AM
try to use
CODE
getenv("HTTP_X_FORWARDED_FOR")

function getip()
{
  if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
  $ip = getenv("HTTP_CLIENT_IP");

  else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
  $ip = getenv("HTTP_X_FORWARDED_FOR");

  else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
  $ip = getenv("REMOTE_ADDR");

  else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
  $ip = $_SERVER['REMOTE_ADDR'];

  else
  $ip = "unknown";

  return($ip);
}

(source from http://www.php.net/manual/de/function.getenv.php)
setthesun
Aug 12 2005, 03:43 PM
QUOTE(yann @ Apr 3 2005, 02:33 PM)
Hi,

It's maybe a new bee question, but how does showmyip.com manage to find the good ip address even through an anonymous proxy connection.

Do they use a java script on the site? or they do a X-Forwarded request?

All other ip sites shows my proxy address not my ISP address.

Thanks,
*



I'm testing some proxies though showmyip and it can not dedect. It must be related though your proxy check it with other proxies. Also check out that your browser using proxy for SSL connections.
IcedOut3E
Aug 12 2005, 05:56 PM
I tested it through hxxp://www.proxify.com/ and it didn't show my real IP. Maybe its different when you use a program or through your browser.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.