1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Java, java applets

Discussion in 'Proxies' started by persyme, Mar 8, 2009.

  1. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    I'm just curious about this but can't websites using JAVA (JAVA applets) or VB, use them to bypass a proxy to know the real IP being used by the client? Or is it only able to get behind or see past routers/firewalls?

    I would image that proxies (true anonymous) prevent this from happening, right?


    Thanks!
     
  2. Arthas

    Arthas BANNED BANNED

    Joined:
    Jan 5, 2009
    Messages:
    637
    Likes Received:
    322
    im not 100% but i think an installed/ran java applet does not have to use the browser's proxy. such is probably true of most client side apps (such as active x). Of course you will be prompted to accept/deny the installation/running of such apps.

    in other words, they can detect your real ip. be careful of the security warnings you click accept or install for.
     
  3. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    Thanks Arthas.

    So the user/client would have to install/run a java applet in order for them to work?

    What I mean is if a client using a proxy goes to a website and click on a link to perform some type of action (and that link records the IP), would/could an applet be used to see past/beyond an anonymous proxy or will it only see the proxy?

    Or would something have to be installed on the client end in order for an applet to bypass the proxy (if that's possible) and see the real IP address?

    Is it true that Firefox does not support ActiveX so by using Firefox ActiveX couldn't/wouldn't be installed.

    Or is java applets and ActiveX something that's only installed/ran/used by the clients choice/knowledge to perform certain functions on the client end. What I mean is, are applets used only if the client chooses (installs/runs them) and/or does the client know when they're being used/run?

    We use proxies to avoid our real IPs from being seen so if applets can be used to see real IP what would be the use of proxies or other IP hiding methods?

    Sorry for my simple questions. I'm not too clear on these things and how they work.


    Thank you for your reply.
     
  4. Arthas

    Arthas BANNED BANNED

    Joined:
    Jan 5, 2009
    Messages:
    637
    Likes Received:
    322
    java or ax can be used to see past the proxy no matter how anonymous it is.. but before that can happen at a web site the user will have to accept a security warning. something like "would you like to run this java applet?"

    you could also imagine other ways someone might look past the proxy. the first thing that comes to wind would be using file extension handlers. so for example if someone posted a link to a .torrent file and your browser was configured to automatically load up your torrent downloading program when you click a link to a torrent file.

    One can imagine a scenario where the malicious user might put one of their own computer's IP or domain name in the .torrent file so that your torrent downloader would try to connect to it, thus exposing your real IP.

    The same could be true for any file extension handler where the file type supports embedding a remote address to connect to. such as .pls, .asf, etc.

    In a file extension scenario it is possible that there would be no security warning at all, and in fact you wouldn't even have to opt to download and run such a file, just be redirected to it.
     
    Last edited: Mar 8, 2009
  5. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    Ah, I see! One would have to choose to run the applet in order for whatever requires it to work.

    Interesting that someone would configure their browser to automatically download a torrent file. Isn't that dangerous? I don't see why anyone would want to do that.

    As far as links I think people should make sure the link is what it says it is before clicking on it (mouse over or check properties), or not clicking on links they aren't sure of.

    As I stated in my previous post I wasn't quite sure how JAVA applets worked. I was thinking that if the server side (website) included an applet in an HTML page and when a JAVA enabled browser (most browsers?) views the page or clicks a link that the applet's code could be transferred to the user's (client's) system and executed by the browser on something like a browser JVM (JAVA virtual machine).

    Ah me! I think I read too much of things I don't understand enough about.

    Thanks again Arthas!
     
  6. SOCKS-5.com

    SOCKS-5.com BANNED BANNED

    Joined:
    Mar 13, 2009
    Messages:
    12
    Likes Received:
    0
    It's hard to say, i think it depends on what's browser are you using, the best way is test it by yourself
     
  7. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    Thanks, but how can I test it myself?

    I'm using Mozilla Firefox, latest version (updated). But as Arthas said I'd have to accept a security warning before a Java applet could run.

    I guess my understanding wasn't clear on how these applets run, but now think I'm a little more clear.

    I was thinking Java applets were something that could be used on the server side by placing some code in the javascript (or something) and when the user/client clicks on a particular link on a particular webpage, it could perform some type of action, without the user's/client's knowledge, to see past the proxy and know or record the real IP address.

    I think the fact that the user/client would first have to accept the security warning shows that no action can be performed without the user's/client's knowledge, right?

    Thanks again.
     
  8. Arthas

    Arthas BANNED BANNED

    Joined:
    Jan 5, 2009
    Messages:
    637
    Likes Received:
    322
    i bet you could do it without user permission by embedding a windows media player object on the page and loading a .asx file in it that contains a link to your server.
     
  9. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    That's over my head but still very interesting.

    Would there be a way the user would know?

    Thanks again.
     
  10. Arthas

    Arthas BANNED BANNED

    Joined:
    Jan 5, 2009
    Messages:
    637
    Likes Received:
    322
    no. there would obviously be contact with your server or home computer but it would just look like media trying to be loaded. you could actually serve up the media too.
     
  11. persyme

    persyme Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    401
    Likes Received:
    51
    Thanks!
    How could I serve up the media?

    "it would just look like media trying to be loaded" Would it be like the website page being loaded or would I be able to tell something additional is being loaded? Are there any clues, i.e., what would be happening on my end (the user's end)?