1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

(GUIDE) Check Whether Facebook, Instagram, and Other Sites Can Tell If You're Using Proxies

Discussion in 'BlackHat Lounge' started by Noah Hawryshko, Nov 2, 2016.

  1. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    725
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    Hi BlackHatWorld,

    So as many of you know, sites like Facebook, Instagram, and Twitter have databases comprising of what's likely close to 99% of all proxies, without getting into too many technicalities. Most sites won't ban you if you use proxies the right way, but when they know you're using a proxy many can and will apply strict filters to your activity. Currently, there is no way to directly tell whether any of these sites really know whether you're using a proxy or not.

    In general, if you're using proxies it's safe to assume that the websites you visit know that you're using proxies. If you think you have proxies that are special or unique, then check them against some high-quality blacklists see if they can stand up to them. To date, the three sites that I've found to have the best proxy blacklists are leakforums.net, Omegle.com, and nike.com. If your proxies are banned on any of these sites then you can be almost certain that Facebook, Instagram, Twitter, and every other site that cares knows that you're using a proxy. This may impact your ability to use those sites effectively for marketing purposes.

    However, if your proxies aren't banned on any of those sites, then there's a high probability that other sites will not detect that you're using a proxy. The idea is that if three independent sites have all amassed a high-quality proxy blacklist and your proxy IP is not on any of them, then it's reasonable to assume that it won't be on other high quality proxy lists like the ones Facebook, Instagram, and Twitter have acquired.

    To test your proxies against Leakforums, open up their URL and see if you can load the main page. If you get a screen that says "denied cakey love", then you're blocked and it's safe to assume that sites like Facebook, Instagram, and Twitter have applied strict filters to all accounts associated with your proxy.

    To test your proxies against Omegle, open up the Omegle URL and try to text chat with someone. If you receive a message that says "error connecting to server" or "Banned." then your IP has been blacklisted.

    Last but not least, Nike will reject your connection if you're on their blacklist. You'll be greeted with a white screen and an error message if your IP has been blacklisted, rather than the standard page.

    Remember that even though your proxy may be able to connect to all the above sites, it's still possible that Facebook, Twitter, and Instagram may have a different or updated proxy list. However, this is highly unlikely, and the point of this method is not to prove with certainty that your proxy goes undetected, but to test whether it is highly likely that it will go undetected.

    That's it! Feel free to leave me any questions, comments, or criticisms you may have. I realize that some of the assumptions I've made about proxies are less black and white in reality, but they will hold true for the majority of users and that's what's important in a guide.
     
    • Thanks Thanks x 5
    Last edited: Nov 2, 2016
  2. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    I'd be pretty impressed if anyone had 99% of proxies even documented, let alone banned.
     
    • Thanks Thanks x 1
  3. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    725
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    I'd say the number is somewhere around there. I could probably gather 97-98% if I devoted enough initial time into it and consistently scraped for new proxies as upkeep. I can only imagine how good corporate proxy lists are though, because the IT departments of Fortune 500 companies are likely being paid big bucks to make high-quality ones.
     
  4. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    New proxies pop up daily, and others die daily. The up keep would be ridiculous. You'd have to consistently scan every known public IP range, ports 80-65535(proxies can be run off of any port after all) - and even then banning certain IP's just for allowing a hop could have some adverse effects.

    You'd be far better off just running a detection system(as I'm sure all of these companies ACTUALLY do, as opposed to maintaining a list of proxies - sure they will have banned IP's from prior abuse/infractions) as it's far harder to truly hide a proxy than most people assume(are you tunneling your DNS? Do your browser & server times match? Does your browser location and IP GEO match? etc etc).

    Your post still stands, those sites are great to see if your proxy will be blocked. You can also use http://whatismyipaddress.com/blacklist-check
     
    • Thanks Thanks x 1
  5. Kanske

    Kanske Newbie

    Joined:
    Jun 12, 2016
    Messages:
    16
    Likes Received:
    1
    Gender:
    Male
    LOL I just tried this out with one of the proxy services I use. That cakey love message. They know. THEY KNOW.

    Thanks for sharing this man.
     
    • Thanks Thanks x 1
  6. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    725
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    I've actually been thinking about doing this for a while, and here's how I'd imagine it working:

    The upkeep wouldn't be perfect, which is why I'd say 97-98% rather than 100 percent. You could definitely grab around that many new proxies with a single VPS. You'd first and foremost blacklist all corporate and satellite CIDR ranges, so there'd be no need to scan those, leaving only tier 3 subnets.

    Then, you'd scan only the default ports of every proxy program or configuration, followed by the next 100 or so most common ports used (determined by a weighted sample of recently scraped proxies). After that, you'd set up a couple different proxy scrapers to scan with their own algorithms, while simultaneously targeting your own ranges manually.

    What do you think of this?

    Also, can you tell me more about these detection systems? Why would DNS need to be tunnelled? Do things like browser time and browser location exist, and can they be queried? Moreover, couldn't they be spoofed?
     
  7. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    When I'm talking browser settings and DNS I'm talking about really nailing down your anonymity - programs like Netflix use your DNS settings to determine your location, so even if you proxy with an American proxy, if you're not also using an American DNS server you're blocked.

    Browser settings could of course be spoofed, that's why I said the majority of users using proxies are detectable. Just look at your Google analytics page, it gives you all that info. If a user is connecting from China, but their browser default language is ca-en(Canadian English), good chance it's a Canadian using a Chinese proxy - although this would cause some false positives of course. You would have to run multiple methods for a better detection rate.

    Your concept is definitely do able, don't get me wrong. Most of the gov and big corporation ranges are well documented so you're right - it would reduce your workload greatly(that's what I was referring to when I said "public ranges").

    There was a project(pretty sure it's still running) where a group was running port scans on every IP around - essentially mapping every open port on the Internet, if you wanted some knowledge on how to go about what you're thinking of that might be a great resource to check out. I'll see if I can find it quickly.
     
    • Thanks Thanks x 1
  8. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    Found it - checkout znet.io
     
    • Thanks Thanks x 1
  9. Noah Hawryshko

    Noah Hawryshko Senior Member

    Joined:
    Apr 28, 2016
    Messages:
    871
    Likes Received:
    725
    Gender:
    Male
    Occupation:
    Biotechnology Engineer at Silph. Co, Saffron
    Location:
    Kanto
    Host name isn't resolving for me. Weird.
     
  10. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    That's because I'm an idiot. Try zmap.io