tags:

views:

60

answers:

2
Q: 

How do websites get your real IP address when you're proxied?

From a trusted computer engineer and Rapidshare, it seems that its possible to get your real IP address when you're proxied. Note that I define proxied I mean using some kind of tunneling (VPN, SSH, etc) to another computer that does not share your IP address. I do NOT mean proxy sites, since with some trivial Javascript and some server side code you can get the IP address easily.

My question though is how? The computer engineer I mentioned said that you could just ask the browser directly (presumably with JS) and it would cough up your real IP. He also mentioned using a tracking image, although I don't think that will work since thats requested by the proxy, not you directly.

+1  A: 

They could be using a flash or a java object which can use sockets and get the IP not relying on the browser. However that method would not work if you are connecting through a VPN.

Non-anonymous proxies (SOCKS etc.) are not worried about hiding your IP so they might send it in the header which Rapid Share then dissects and gets your IP.

It is also quite easy to determine a proxy using some checks. One way would be maintaining a list of proxies. Non-anonymous proxies state that the person is using a proxy in the headers.

VPN is almost undetectable unless you're using a blacklist as all the traffic is routed through the tunnel, not just HTTP.

Nick Brooks  2010-07-23 22:08:40
More specifically, Does your SOCKS rule still apply when its only a wrapper for an SSH connection? Using the same SSH connection do flash/java objects or other websites know my real IP?
TheLQ  2010-07-23 22:17:04
+2  A: 

On HTTP proxies, they can use a header name X-Forwarded-For. the format of this header looks like it:

X-Forwarded-For: client1, proxy1, proxy2

this header added by http proxy, so web applications could easily check it, but of course anyone can send a fake header. this is supported by major proxy servers like Squid, MS ISA Server, Cisco Cache Engine, etc.

Maryam  2010-07-23 22:27:14
Would you know if that header exists in VPN or SSH tunneling?
TheLQ  2010-07-24 20:19:15

related questions

Is there native .NET type for CIDR subnets?
Unpacking _WTS_CLIENT_ADDRESS.Address in vb.net (retreiving IP address from Terminal Services Client)
Know a good IP address Geolocation Service?
Get IP Address of Remote Client with No DNS Entry in VB.Net
How do I determine all of my IP addresses when I have multiple NICs?
How can openvpn deal with both dynamic and fixed IP addresses?
How much effort does it take to spoof an Ip Address in a call to a webservice?
Linux / C++: Get the IP Address of local computer
How does a website know what city I'm in?
UserHostAddress gives wrong IPs
IP Address change with limited account
IP subnet verification in JSP
Why is getenv('REMOTE_ADDR') giving me a blank IP address?
Finding a public facing IP address in Python?
Finding local IP addresses in Python.
How would you compare IP address?
How do I get the Local Network IP address of a computer programmatically? (C#)
How to route in linux
Asp.net c# and logging ip access on every page and frequency
How do I change the IP address on Oracle 10g
private IP address ranges
How can you find all the IP addresses in a selected block of text with a javascript bookmarklet?
How do I find a user's IP address with PHP?
Connecting private IPs
How can I find a user's location based on their IP address? (free and not free services)