Hi,

I want to test to see how they can detect the proxy IP, by going to this site:

Code:

http://whatismyipaddress.com/staticpages/index.php/advanced-proxy-test

Test result: Proxy server detected. (yes, I'm using paid proxy service while using this BHW)

IP 69.164.xxx.xx
rDNS FALSE
WIMIA Test TRUE
TOR Test FALSE
Loc Test FALSE
Header Test FALSE
DNSBL Test FALSE

Based on the tests with 15 different proxy IP addresses, all of them failed WIMIA test (and sometimes TOR test too).

What does it mean to us? They know we are attempting to hide ourselves from their sites through the proxy servers.

What I'm seeing here, it means we need to request the proxy providers to make sure that these IP addresses are not detected by proxy detector scripts, similar to whatismyipaddress.com's proxy detector.

Comments?

Depending on the configuration of the proxy, it may actually be sending your IP address without your knowledge.

Some configurations of proxy servers inject a header called "X-Forwarded By: [Your IP]".

I suspect that the "proxy detector" is searching for that header as well as a database of known proxies.

Edit: Nevermind, I'm wrong.

This is a very intriguing topic, with many hardcore blackhat methods requiring the use of proxies to manipulate site thresholds, with CPA and affiliate sites using proxy detectors can we begin to build a "database" of CPA companies and affiliate networks that don't have proxy detectors?

Or perhaps write a script that checks for the proxy detectors before using proxies to access the sites.

There's definitely ways around anti-proxy security defense. We just have to check for what their checking for and give them false data to bypass their "check".

If all come up as false, it is undetectable?

Originally Posted by pewtercraig

If all come up as false, it is undetectable?

Theoretically yes.

My best guess is that they're logging every single IP address that they can view.. Then, they're comparing the User-Agent with the IP address to check for major variations.

Alternatively, they could be checking for open ports on the IP address in question. Common ports such as 8080 would easily flag it as a proxy.

javascript can detect Proxy use - i wonder nobody here knows this.

Woot private socks ftw (false on all).

Question: what's a "Loc Test"?

they can detect proxy usage but i believe not vpns (someone correct me if wrong) =)

so we need some vpn instead of socks?

regards

Another hard-core proxy detection site (very good):
http://www.lagado.com/proxy-test (thanks to mrankin in his topic)

I will talk to my colleague (he has CCIE) about the proxy issue and will share the details here shortly.

try this

Code:

http://www.whoer.net/ext

it has advance detecting proxy and i think it can be use for credit card fraud

who cares..i still get paid.

Originally Posted by darkAsPitch

I noticed that too, can anyone find a defining link to what WIMIA is?

I assumed it meant that they checking against a database of ips of proxies that they had found somewhere.

Here's a thread that I think explains what WIMIA is:

http://proxy.org/forum/1196102288.html

It sounds proprietary to whatismyipaddress.com - note the acronym and what it could spell out.

Here's the quote for those of us to lazy to click:

That's the test we're currently working on. It's using a non-cookie, non-javascript method to attempt to detect multiple users of the same IP address. Consequently it can give a false positive for people in a multi-user environment. We're working to find the correct threshold.

So users of shared proxies could be nailed by this test.

Originally Posted by bzy39

try this

Code:

http://www.whoer.net/ext

it has advance detecting proxy and i think it can be use for credit card fraud

Good lord...what a depth of details!!! I can image how G-Ad-gay's Javascript (as well as CPA networks's programs/scripts) would have the proxy detection script built-in similar to whoer.net/ext to read all details on user's PCs.

Think about it - you can't fool these paying ad networks if you repeat the CPA toolbar installation that pays $1-3, even with different proxy IP addresses.

Port, Hostname, IP Location, Headers, and User-Agent are all easy ways to check for proxy use, with Headers being the easiest and most common.

A "high-anonymity" proxy is just one that doesn't send the X-Forwarded-For or other Proxy headers.

lol if i visit that site it doesnt detects my proxy. actually i'm logged in at the university VPN with squid proxy. that tool isnt really good so nothing to worry!

I agree. When I first saw this, I was freaking out, but then I realized if I clean my cookies and used clean proxies I was good to go.

I'm using private proxies and this is the result from whatismyipaddress:

Proxy server not detected.
IP (like I'd put that here!)
rDNSFALSE
WIMIA TestFALSE
TOR TestFALSE
Loc TestFALSE
Header TestFALSE
DNSBL TestFALSE

I'd say they're checking public lists for the WIMIA thing that OP got spotted on. I doubt if they have some sort of AI proxy spotter/sniffer.

My proxies are not detected by any of those, i just use private squid proxies on irregular ports. I think these kinda scripts are really only a danger to those that are using public/shared proxies or proxies on the common proxy ports.

is your flash or java ip address result is same with your proxy address you use after test with the site?
coz if not using tunneling and use software like proxifier your real ip address still detected by flash or java detector

After some digging, I learned that some sites with proxy detection scripts use ActionScript Flash script (used for Flash based ad images) that will read PC network interface details (MAC address, IP address, etc.).

Here's the Flash based script link - that will raise your eyebrows:

Code:

http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/net/InterfaceAddress.html

You can disallow flash cookies here:

Code:

http://www.macromedia.com/support/do...manager03.html

View and remove your current cookies here:

Code:

http://www.macromedia.com/support/do...manager07.html

As for Java (not Javascript), yes, the site with Java applet will read PC network interface details.

See the code examples here:

Code:

http://www.javacodez.com/forums/how-get-mac-ip-address-using-java-t-92.html

Originally Posted by portalweb

After some digging, I learned that some sites with proxy detection scripts use ActionScript Flash script (used for Flash based ad images) that will read PC network interface details (MAC address, IP address, etc.).

Here's the Flash based script link - that will raise your eyebrows:

Code:

http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/net/InterfaceAddress.html

You can disallow flash cookies here:

Code:

http://www.macromedia.com/support/do...manager03.html

View and remove your current cookies here:

Code:

http://www.macromedia.com/support/do...manager07.html

As for Java (not Javascript), yes, the site with Java applet will read PC network interface details.

See the code examples here:

Code:

http://www.javacodez.com/forums/how-get-mac-ip-address-using-java-t-92.html

disabling flash would seem like an easy work around for this?

Yes they might have access to Public proxies which always follow a similiar pattern of ports but Private proxies which comes with Security are safe i guess contact me if u need any lol

Does anyone think tha Firefox add-on No Script will help in these types of situations?

Yes ofcourse, but what when sites tell you that you must enable Javascript for instance? (cause NoScript can also block Flash & Java, which isnt required so often as JS)

So - id better stick to good VPN/proxy.

What I'm saying is that - they can look at your PC to find the real IP address, along with the proxy IP address.

For demonstration purpose, I will write the simple proxy detection script, with the ActionScript Flash/Java widgets and put it on the test site to give us the idea how they would look at PC's connection to Internet. I will post my findings in one week.

Originally Posted by portalweb

What I'm saying is that - they can look at your PC to find the real IP address, along with the proxy IP address.

For demonstration purpose, I will write the simple proxy detection script, with the ActionScript Flash/Java widgets and put it on the test site to give us the idea how they would look at PC's connection to Internet. I will post my findings in one week.

waiting for you mate

i hope u can finish soon

regards

Originally Posted by portalweb

What I'm saying is that - they can look at your PC to find the real IP address, along with the proxy IP address.

For demonstration purpose, I will write the simple proxy detection script, with the ActionScript Flash/Java widgets and put it on the test site to give us the idea how they would look at PC's connection to Internet. I will post my findings in one week.

This would be interesting to see, will you post the script for us?

The proxy detection test site access will be free to anyone, as the test page will be on my site, using SSI to handle the backend scripts. Giving it away for free will not do good, as I believe that there are variables that need to be updated. My large site has the geoIP database server that will provide the worldwide IP information to the proxy detection test script. If you want to see my large site, PM me.

Until then - stay tuned.

PW

Status: 75% complete. It's bit complicated to develop the server-side scripts to deal with the access to user's PC via web browser. I believe we will have the test site ready for our testing.

Until then, stay tuned.

perhaps it detects transparent proxies, anonymous proxies shud be safe

Originally Posted by goawayplease

Port, Hostname, IP Location, Headers, and User-Agent are all easy ways to check for proxy use, with Headers being the easiest and most common.

A "high-anonymity" proxy is just one that doesn't send the X-Forwarded-For or other Proxy headers.

How can we check to see if our proxies are sending this info? I certainly don't want to pay for proxies that are just going to reveal who I am - what the hell would be the point in using a proxy at all then? It would add absolutely no anonymity and would only slow your connection, as going through a proxy is almost always (maybe even always) going to be slower than just connecting direct, right?

Originally Posted by MarketerMac

disabling flash would seem like an easy work around for this?

It would seem the work around would include disabling flash AND java, no?

Originally Posted by dirtyc

How can we check to see if our proxies are sending this info? I certainly don't want to pay for proxies that are just going to reveal who I am - what the hell would be the point in using a proxy at all then? It would add absolutely no anonymity and would only slow your connection, as going through a proxy is almost always (maybe even always) going to be slower than just connecting direct, right?

That is what the proxy detection script I'm working on right now, which will reveal everything (hopefully).

Originally Posted by dirtyc

It would seem the work around would include disabling flash AND java, no?

Yes...that is the possible avenue. It means you can't watch Flash based video clip without enabling Flash. Decisions, decisions.

Until then, stay tuned.

You what else would be super tight (maybe this goes beyond the proxy checking thing) but if your tool would tell a user whether a website was trying to download flash cookies or java applets to your computer. Since that's part of the whole "tracking/privacy" landscape, I think it would be super relevant, don't you?

The tool will see if the browser is using the java, javascript, etc.

Here's the "ALPHA VERSION" proxy detection script, which read the "browser" settings as listed here:

Frames enabled
IFrames enabled
Tables enabled
Cookies enabled
Java applets enabled
Javascript enabled
Support CSS enabled
CSS version 3
Alpha -
Beta -
VBscript enabled
Flash enabled

In few days, the network interface readout java applet will be added, as well as the network interface readout Flash actionscript too. These are the difficult parts - but it will be there. What's nice about this script is that it will work with any operating systems.

Until then, please stay tuned.

just wondering, back in the day we just had a script that would look for all the normal proxy ports if 8080 was open or 3128 and so on it would ban the ip.

dont really know why they still dont do that, you cant hide standard proxy ports. and unless your running the proxy you cant really change the port either.

my 2c'z

Originally Posted by lost_tribe

just wondering, back in the day we just had a script that would look for all the normal proxy ports if 8080 was open or 3128 and so on it would ban the ip.

This might be an incredibly stupid question - but why does a proxy have to listen on port 8080? BTW - do you think the process you describe is common practice? That as soon as a webserver receives an HTTP GET request, it attempts to connect to the machine requesting it on port 8080?

Originally Posted by websicosys

Depending on the configuration of the proxy, it may actually be sending your IP address without your knowledge.

Some configurations of proxy servers inject a header called "X-Forwarded By: [Your IP]".

I suspect that the "proxy detector" is searching for that header as well as a database of known proxies.

Edit: Nevermind, I'm wrong.

What do you mean you're wrong? I did some research on the net and that appears to be exactly how it works. See this site: Proxy Anonymity Test. Most proxies are configured by default to use X-Forwarded By and other similar headers. So when you say it *may* be sending your info, I think you really mean it *is* sending your info until configured otherwise.

Time
zone

America/Los_Angeles GMT-0800
local Wed Jan 27 2010 02:34 :55 GMT-0800 (PST)
system
Wed Jan 27 2010 03: 35:06 GMT-0700 (Mountain Standard Time)

Mismatch


Oh man....



-BH3M

Latest Status:
We are working on implementing the server-sided Java applets. I think the first Java based proxy detection services will be ready very soon for live test. After that, ActionScript will be next stage to be added to the proxy detection web interface.

darkAsPitch is correct about disabling Flash. Yes, ActionScript is part of Flash programming - that will detect PC soul (anything it can do based on how clever the script is written).

Anyway, as mentioned earlier, the simple goal for offering the free proxy detection web tester:
- With the proxy detection web interface tool available for everyone, it will help us to test/configure our PC to make sure that the browser settings are correctly configured before surfing the sites anonymously.
- In the near future: Copy-paste-test the proxy IP addressesorts to make sure that these proxy IP addresses are REALLY CLEAN, and can detect SOCKS/HTTP types quickly. I have tested many proxy IP addresses using primitive methods - they are really useless for my BH tools.

Yes...please keep up with your concerns/thoughts - as it's really very helpful for us.

Until then, please stay tuned and visit my sites (see my signature).

sheezz.. proxy providers should do something about this...

Originally Posted by jaguarslug

sheezz.. proxy providers should do something about this...

like they care... if the feds or any other authority knocks on their door they'll give all the logs and info they have...

wanna bet?

Googling for WIMIA yields:

""It's using a non-cookie, non-javascript method to attempt to detect multiple users of the same IP address. Consequently it can give a false positive for people in a multi-user environment."

I imagine the test fails for shared proxies and routed connections.

Well... nobody trecommend good proxy. There are a few members say they use private proxy. Can you please post this proxies here?