Proxy de-anonymization

ndmmxiaomayi

27 Sep 07, 14:34

http://ha.ckers.org/weird/tor.cgi

Doesn't work on my machine. I wonder if it works on any others? Laughing

ndmmxiaomayi

27 Sep 07, 16:35

Running for more than 3 hours liao. I guess it's stuck then. Laughing

Or is Singnet proxy so powerful? Laughing

^tamago^

27 Sep 07, 16:49

Originally posted by ndmmxiaomayi:
Running for more than 3 hours liao. I guess it's stuck then.

Or is Singnet proxy so powerful?

Several seconds have passed..... Laughing

Anyway got script error 'java' is undefined. Rolling Eyes

ndmmxiaomayi

27 Sep 07, 17:03

Originally posted by ^tamago^:
Several seconds have passed.....

Anyway got script error 'java' is undefined.

It's calling some Java codes... maybe the Java code got something wrong. lol. Or it's just for Firefox.

Here's the blog which I took it from:

http://ha.ckers.org/blog/20070926/de-anonymizing-tor-and-detecting-proxies/

Hackademix says it doesn't work on other browsers... hmm...

http://hackademix.net/2007/09/26/cross-browser-proxy-unmasking/

tut4nkh4m3n

27 Sep 07, 17:05

wth this do anyway?

i got error on page

ndmmxiaomayi

27 Sep 07, 17:08

Tested on Firefox only. It runs on my Firefox without errors, but doesn't produce my real IP address.

ndmmxiaomayi

27 Sep 07, 17:09

Originally posted by tut4nkh4m3n:
wth this do anyway?

i got error on page

It shows your real IP address... even if behind a proxy. I want to find out if it can break our national proxy. But it can't even break our own ISPs' proxies yet.

No fun. Laughing

LatecomerX

27 Sep 07, 22:54

Well, if a user was directing all his traffic (not just the browser) to a SOCKS proxy, this would not be able to bypass it either. And SingNet's proxy is transparent. The real IP address is sent to the server as the HTTP header "HTTP_X_FORWARDED_FOR". Try this (my script, hehe).

http://latecomerx.com/(lab)/ip/

ndmmxiaomayi

28 Sep 07, 00:09

Originally posted by LatecomerX:
Well, if a user was directing all his traffic (not just the browser) to a SOCKS proxy, this would not be able to bypass it either. And SingNet's proxy is transparent. The real IP address is sent to the server as the HTTP header "HTTP_X_FORWARDED_FOR". Try this (my script, hehe).

http://latecomerx.com/(lab)/ip/

For the ha.ckers script, it got stuck. My IP address was forever 165.X.X.X. That's after proxying with Singnet's proxy.

Your script showed my IP address - 121.X.X.X, the IP address after going through the national proxy, required by law.

There's also another IP address which no scripts have managed to detect at all, unless somehow it got screwed up - it's the 116.X.X.X IP address. That's the real IP address without national proxy, only available in router logs.

I could only guess that the script is trying to bypass the national proxy, but got stuck. LOL. I wonder what technology we are using. Twisted Evil

LatecomerX

28 Sep 07, 07:24

Wooot, I didn't know we have been going through two proxies. Anyway, somehow, this script showed me a 116.14.x.x IP address. So I guess this is it?

http://software77.net/cgi-bin/ip-country/geo-ip.pl

Edit:

Eh after I refreshed the page, it displayed a 219.74.x.x IP address. -_-

ndmmxiaomayi

28 Sep 07, 17:23

Still 121.X.X.X at best. Well... so it looks like it's our national proxy issue.

MyPillowTalks

29 Sep 07, 16:59

192.168.x.... Shocked

ndmmxiaomayi

29 Sep 07, 17:16

Originally posted by MyPillowTalks:
192.168.x....