Identifying real IP

[SyncSA]

Is it possible to locate the real IP address and thus location if someone uses a proxy or TOR?

[George]

Not really. Only the proxy knows what the originating IP is.

[SyncSA]

How will you know if it comes through a Proxy?

[Voodoo]

ask the NSA....
Well, there's lot of ways to finger at you. Proxy or VPN or whatever is good against little thugs and amateurish spooks . Such an institution like the NSA, MI5, KGB or BKA...they know how to retrieve your IP . And if I'd a site and you visited my site I'd know under what mask you came. In short: If you don't do stupid thing your IP is safe with proxy or VPN .

[nielsencl1]

Yes, it is possible but not commonly used. I only know of one commercial service that can trace back through even multiple proxies and I think VPNs. The commercial service provides online retail sites with a way to assess if a visitor is who they say they are or not.

I would say in this day and age, only about 1 percent of the people that think they can hide online really can. All the others are misled in thinking using one or two proxies will keep them safe.

[Maxl]

There are proxies, that tell you about who is using it (in the request header) like f.e.

Code: Select all

X-Forwarded-For: <originating ip address>

or drop clues, that a proxy is being used like:

Code: Select all

X-Proxy-ID:

Code: Select all

Via:

And there are proxies, that do not tell you anything about them being a proxy or who originated the request.

[Voodoo]

Maxi,
Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.

[Maxl]

Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.

Many things could be faked. That does not mean they usually are.
If something is being faked, there usually is a reason for doing so.

"to fool the amateurs" or maybe rather "to fool your friends" or "to win a bet" may be your "reasons"
to masquerade as a proxy while connecting to some site [of your friends]...

Testing a proxy one plans to use can give more certainty on how it would behave.
Find a way to get to the headers on the receiving end - f.e. request something from your own server
and you will see how much of your data it revealed.

[Voodoo]

True what you said.
The Req.Header

Code: Select all

GET http://xxx.com/forum/ HTTP/1.1
Host: xxxx.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2
Cookie: faceLike=liked; xf_user=24670%2Cf079547d3014ed56f448688fb3e653235ee220b1; xf_session=719383846a62ee57986dcdc8c12de597; countrytabs=0
If-Modified-Since: Sun, 10 Aug 2014 08:07:24 GMT

the only hint from a browser is

Code: Select all

Proxy-Connection: keep-alive

if my server replace the header as following

Code: Select all

GET /forum/ HTTP/1.1
Host: xxxx.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Opera/9.80 (X11; U; Linux i686; en-US) Presto/2.9.168 Version/11.52
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2

then only a pro from the NSA may dig out whether the request is from a proxy of from a plain browser.

Have nice day.