1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Your Elite Anonymous Proxy is LEAKING YOUR REAL IP TO WEBSITES (in popular browsers)

Discussion in 'Proxies' started by BloodyNinja, Mar 8, 2016.

  1. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    592
    Likes Received:
    559
    Location:
    Deeptown
    Hi guys

    In this topic I wanted to share something I wouldn't personally believe, hadn't I performed all testing by myself.

    FACT: Firefox and Chrome (may be also other chrome/firefox based browsers) are LEAKING your real IP address to ANY website EVEN BEHIND ANONYMOUS PROXY. In non-modified Chrome it's IMPOSSIBLE to block this leakage.

    For those of you who don't like reading, please watch this video:




    If you don't believe me, do the following steps and see by yourself:

    1. Go to http://whatismyip.com to check you real IP

    [​IMG]


    2. Get a "fully anonymous proxy". I don't care if it is elite, superb, awesome or whatever degree of anonymity it may have. Put this proxy into Firefox or Chrome settings.

    [​IMG]

    3. Go to http://whatismyipaddress.com to make sure you are behind a proxy

    [​IMG]

    4. Now go back to http://whatismyip.com and SEE YOUR ACTUAL IP REVEALED WHILE YOU ARE BEHIND AN ANONYMOUS PROXY

    [​IMG]


    5. To blow your mind completely, go here https://www.browserleaks.com/webrtc and see how not only your real IP is revealed but also LOCAL IP is known to some arbitrary website:




    [​IMG]



    Questions? Ask me anything in this topic.
     
    • Thanks Thanks x 3
    Last edited by a moderator: Sep 6, 2017
  2. unr3al

    unr3al Jr. VIP Jr. VIP

    Joined:
    Jan 7, 2010
    Messages:
    4,564
    Likes Received:
    785
    Gender:
    Male
    Occupation:
    www.anonymous-proxies.net
    Location:
    Bucharest, Romania
    Home Page:
    Hi,

    You are not doing the correct proxies settings, this is why your IP is leaking. Check the field " use this proxy server for all protocols " and you won't have this issue again.

    Thanks!
     
    • Thanks Thanks x 2
  3. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    592
    Likes Received:
    559
    Location:
    Deeptown
    Dude, with all respect, did you test it on your own before telling me I did something wrong? I put "use this proxy server for all protocols" as you suggested:

    [​IMG]

    The result is the same, my real ip is leaked (check the whole IP, it doesn't match, just by accident last 2 digits are the same)

    [​IMG]


    Because this option tunnels ONLY ftp and ssl requests through http proxy. However, IP is leaking through UDP. It is NOT POSSIBLE to tunnel UDP through http proxy.
     
    Last edited: Mar 9, 2016
  4. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,802
    Likes Received:
    3,919
    Location:
    Theatre of dreams :)
    But I am guessing still our IP is leaked right?
     
  5. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    592
    Likes Received:
    559
    Location:
    Deeptown

    "Use this proxy server for all protocols" does not prevent your real IP leakage because it leaks through UDP protocol, which can not be tunneled through http proxy.
     
  6. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,163
    Likes Received:
    33,721
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  7. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    592
    Likes Received:
    559
    Location:
    Deeptown
    I didn't know about these "old news".
    Some other guys as well, e.g. from this topic http://www.blackhatworld.com/blackh...acking-me-using-selenium-create-accounts.html

    Also, I know personally lots of IMers who use Chrome, where WebRTC cannot be blocked at all
     
  8. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,163
    Likes Received:
    33,721
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  9. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    592
    Likes Received:
    559
    Location:
    Deeptown
  10. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    437
    Likes Received:
    28
    I've been disabling it manually for FF via about:config page, and have Disable webRTC box ticked in uBlock Origin for Chrome.

    I'm still not clear, though... since very few people would have it disabled, does doing so provide some kind of signal that you are attempting to hid your identity? If this is used in conjunction with elite proxy, other types of fingerprinting aside, does the disabling itself throw up some kind of flag, or does it just appear like normal (non proxy) user when combined with proxy and webRTC off?

    I see that some of the other Chrome plugins say they don't disable it, but rather limit some aspects. Can't tell if this is in part to appear as normal user, or if they are only doing that so that certain other browser features that require webRTC can function. Not clear about the pure anonymity aspects of one approach vs the other. Also, maybe it's just me, but I prefer the approach I'm taking in FF of just disabling it manually via the about:config. Can't confirm this, but my hunch is that this is more secure than using a plugin that may break at some point on browser update.
     
    Last edited: Mar 9, 2016
  11. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,371
    Likes Received:
    3,964
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Automation Alternatives
    Home Page:
  12. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    - Yes it does look suspicious if your browser is supposed to have WebRTC and it's disabled (don't have any stats on that but only a fraction of the people using proxy or VPN are doing so very it, so it's extremely small), but unless we are talking about companies that deal with serious fraud (banks, paypal, etc...) they won't really care about it, so if the question is will they ban my FB account because of that? the answer is no.

    - Chrome simply do not want people to completely disable WebRTC, so people found other way to 'bypass' this block.

    - Now for the debate is it better to use a browser extension or change settings manually, it's always better to use as little extension as possible.
     
  13. zovika1

    zovika1 Newbie

    Joined:
    Mar 2, 2016
    Messages:
    24
    Likes Received:
    1
    This is pretty old. Already knew that
     
  14. StanMan

    StanMan Junior Member

    Joined:
    Jan 3, 2014
    Messages:
    115
    Likes Received:
    110
    Definitely, changing the settings manually, as the the extensions can leak additional fingerprints. As OP suggested, MultiLoginApp does the trick in hiding WEBRTC without additional fingerprints being displayed to the website. I use it myself, a nifty tool.
     
  15. extremeboy

    extremeboy Jr. VIP Jr. VIP

    Joined:
    Jul 8, 2010
    Messages:
    3,220
    Likes Received:
    673
    Occupation:
    World Best RANK Tracker SERPCloud.com
    Home Page:
    Obviously use all Protocols and make sure not using Public IP use Fully Anonymous Proxy is good to go.
     
  16. StanMan

    StanMan Junior Member

    Joined:
    Jan 3, 2014
    Messages:
    115
    Likes Received:
    110
    Even Fully Anonymous Elite Proxy will leak your Public Ip with WebRtc. Furthermore, even socks 4/5 proxies will work in only few instances.
     
  17. NobelNerd

    NobelNerd Power Member

    Joined:
    Feb 21, 2013
    Messages:
    731
    Likes Received:
    299
    Occupation:
    Digital Marketing
    Location:
    India
  18. healzer

    healzer Jr. VIP Jr. VIP

    Joined:
    Jun 26, 2011
    Messages:
    2,659
    Likes Received:
    2,297
    Gender:
    Male
    Occupation:
    RevEngineeringMon$y
    Location:
    Somewhere in Europe
    Home Page:
    Thanks for writing about this.
    For all the people who're worried about their software & bots; as long as your software/bot uses the HTTP protocol and not a web browser (with Javascript enabled) then your IP cannot be revealed, unless it's a bad/transparent proxy.

    Cheers!
    Healzer
     
    • Thanks Thanks x 1
  19. SPPChristian

    SPPChristian Jr. VIP Jr. VIP

    Joined:
    Oct 20, 2012
    Messages:
    1,287
    Likes Received:
    258
    Gender:
    Male
    Occupation:
    www.sslprivateproxy.com
    Location:
    www.sslprivateproxy.com
    Home Page:
    indeed you are very right, what do you see in the above video has nothing to with WebRTC, its all about flash, java and javascript.
    place the proxy in windows control panel under java cpanel will proxify the java connections, using a software like proxifier or proxycap in order to avoid any leaks and so on.
    avoid using g chrome cause there is no valid way that you can disable webrtc, use firefox with a plugin that will disable webrtc.
    regarding pinbot software there is nothing to be worried about, there are simple http/https connections with headers without user interaction or browser plugins javascript or flash
     
  20. nekrox

    nekrox Newbie

    Joined:
    May 17, 2015
    Messages:
    25
    Likes Received:
    5
    Use a VPN and problem solved. If the anonymity is your concern you must avoid the use of proxies.

    Now days the VPN servicies are very cheap and is so easy mount a vpn server.