Comments on: Cross-Browser Proxy Unmasking

By: Hide IP address

Hide IP address — Fri, 25 Apr 2008 13:02:21 +0000

Hi! Of cause, this is the real true, but not for every service on the Internet. You should understand that nothing is free. In this case, I mean Tor that provides free anonymous surfing for Internet users.

Of cause, they collect the information about users for father usage. Some services providing Internet anonymity having ads and they say that this is enough for them. But others, like Tor, want to have more profits for their free service usage.

Probably, they are doing this because of very high prices that they spend every day. They have to pay for servers that users use and many others. But how they dare to say that they do provide ANONYMITY for users. I cannot understand this even now.

This post is another try to show the real situation in the Internet. I very appreciate people who write posts like this one. Thank you all!!! Keep on going.

By: hall

hall — Thu, 21 Feb 2008 08:22:04 +0000

if someone is dossing a server and masking there ip address so they cant be traced is it possible anyway to find out his ip address+ service provider?

By: AlternateExistance

AlternateExistance — Wed, 19 Dec 2007 20:02:26 +0000

I tested the original TorCap (commandline only) and found it effectively stops Flash from leaking your real IP Address while using Firefox and Tor but i haven’t tested it with Java (as i don’t use Java).

The original commandline version is pretty hard to find as the project has been revised, updated and released as a GUI (which i havn’t tested… so test it before you rely upon it): http://www.freehaven.net/~aphex/torcap/
If you decide to test it, post your findings for the rest of us.

You should also ensure you are using the latest version of Flash and have also uninstalled all older versions of Flash (as they are often left behind when you upgrade)… but for that matter you should ensure you have the latest versions of all the software on your computer. There is ZERO point using Tor or other such services the programs you use have known security exploits…

Ensuring all your programs are secure is a royal pain in the butt but an easier way to check what does and does not have have know security flaws and weaknesses is to use the Software Inspector tools put together by the Secunia crew:
Online browser based Java plugin scanner (less effective): http://secunia.com/software_inspector/
Standalone GUI exe: https://psi.secunia.com/

By: Long Life to Tor!

Long Life to Tor! — Thu, 08 Nov 2007 03:35:39 +0000

Just for the record, the rules required for Tor, while you’re using a browser like XeroBank are the following. You have to apply them to Firefox.exe file, which is placed on XeroBank’s directory:

Where the protocol is TCP
where the direction is Outbound
And where the remote port is HTTP, HTTPS
Block It

HTTP = port 80
HTTPS = port 443

If you do that, even if you’re using Noscript to allow everything to perform that test, your firewall will prevent the browser from leaking your true IP. I checked here and when my firewall was closed, my true IP was indeed disclosed. So, the bottom line is: if you need to prevent such direct connections, you have to set these rules on your firewall. Otherwise, your true IP will be leaked!

There are more rules here:
http://www.wilderssecurity.com/showpost.php?p=1020429&postcount=9

I strongly recommend everyone to see what was explained on this board.

By: dawgg

dawgg — Tue, 09 Oct 2007 10:38:54 +0000

great & intersting work, but using tor and allowing unfiltered direct web-access to applications at the same is really pointless. ppl who do this will only learn if punished.

By: Ha.ckers.org on: De-anonymizing Tor, or any HTTP Proxy « TheMostBoringBlogInTheWorld

Mon, 08 Oct 2007 18:11:17 +0000

[…] I deferred my bedtime a bit to put up a cross-browser version: http://hackademix.net/2007/09/26/cross-browser-proxy-unmasking/ […]

By: Giorgio

Giorgio — Thu, 04 Oct 2007 10:50:30 +0000

@TMM:
from a quick look, I’d say the main problem is your response not being NULL terminated (unless Wordpress did some escape brutality to your post).
XMLSocket keeps the connection open for full duplex persistent communication (that’s why my code has an explicit close() statement) and expects each response chunk to be a valid XML document terminated with a “0″ octet (NULL char).
You can work around the “valid XML” requirement by overriding the XMLSocket.onData event handler, but if you don’t NULL-terminate your response, your client won’t read anything.

By: TMM

TMM — Thu, 04 Oct 2007 10:12:46 +0000

I tried to make a inetd-based perl-server since I don’t need any cronjob to check if the process is running that way. It worked, but instead of stability, the answer returned from the server got lost when it reached the flash it actually did nothing at all a few times (I tried to return the ip directly to the flash instead). That’s quite weird, since the source is almost identical compared to yours. Do you know why?

Here’s the flash: http://dev.tornevall.net/revip.swf

And here’s the source for the server:
#!/usr/bin/perl -w use strict; use Socket; my $port; my $iaddr; my $sockaddr = getpeername(STDOUT); ($port, $iaddr) = unpack_sockaddr_in($sockaddr); my $hostname = gethostbyaddr($iaddr, AF_INET); my $straddr = inet_ntoa($iaddr); print "$straddr00";

By: Giorgio

Giorgio — Fri, 28 Sep 2007 16:43:06 +0000

@anon:
That demo won’t work if you don’t have the Java plugin installed, as mine won’t work if you miss the Flash player plugin (quite obviously).
Is this the case?

By: anon

anon — Fri, 28 Sep 2007 16:27:37 +0000

Scarey demos are very good at convincing people… but you need a demo that actually works.

I tried the demo at
http://www.frostjedi.com/terra/scripts/ip_unmasker.php?mode=utf16
it failed to get my IP address and the browser info it displayed is the string in my general.useragent.override:
212.112.241.44
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070716 SeaMonkey/1.1.3
http://www.frostjedi.com/terra/scripts/ip_unmasker.php?mode=utf16