Identifying real IP

Post your questions about proxy servers here.
Locked
SyncSA
Junior Member
Posts: 6
Joined: Tue Feb 25, 2014 5:28 am

Identifying real IP

Post by SyncSA » Wed Feb 26, 2014 12:32 am

Is it possible to locate the real IP address and thus location if someone uses a proxy or TOR?

George
Active Member
Posts: 522
Joined: Thu Jan 24, 2013 10:24 pm

Re: Identifying real IP

Post by George » Wed Feb 26, 2014 5:48 am

Not really. Only the proxy knows what the originating IP is.

SyncSA
Junior Member
Posts: 6
Joined: Tue Feb 25, 2014 5:28 am

Re: Identifying real IP

Post by SyncSA » Wed Feb 26, 2014 7:03 am

How will you know if it comes through a Proxy?

Voodoo
Active Member
Posts: 572
Joined: Fri Mar 11, 2011 10:17 am

Re: Identifying real IP

Post by Voodoo » Thu Feb 27, 2014 3:45 am

:lol: ask the NSA....
Well, there's lot of ways to finger at you. Proxy or VPN or whatever is good against little thugs and amateurish spooks :shock: . Such an institution like the NSA, MI5, KGB or BKA...they know how to retrieve your IP :twisted: . And if I'd a site and you visited my site I'd know under what mask you came. In short: If you don't do stupid thing your IP is safe with proxy or VPN :mrgreen: .

nielsencl1
Active Member
Posts: 330
Joined: Sun Dec 23, 2012 5:47 pm
Location: Minneapolis, MN

Re: Identifying real IP

Post by nielsencl1 » Wed Mar 05, 2014 10:42 am

Yes, it is possible but not commonly used. I only know of one commercial service that can trace back through even multiple proxies and I think VPNs. The commercial service provides online retail sites with a way to assess if a visitor is who they say they are or not.

I would say in this day and age, only about 1 percent of the people that think they can hide online really can. All the others are misled in thinking using one or two proxies will keep them safe.

Maxl
New Member
Posts: 4
Joined: Tue Aug 19, 2014 12:15 pm

Re: Identifying real IP

Post by Maxl » Wed Aug 20, 2014 8:35 pm

There are proxies, that tell you about who is using it (in the request header) like f.e.

Code: Select all

X-Forwarded-For: <originating ip address>
or drop clues, that a proxy is being used like:

Code: Select all

X-Proxy-ID:

Code: Select all

Via:
And there are proxies, that do not tell you anything about them being a proxy or who originated the request.

Voodoo
Active Member
Posts: 572
Joined: Fri Mar 11, 2011 10:17 am

Re: Identifying real IP

Post by Voodoo » Thu Aug 21, 2014 3:07 am

Maxi,
Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.

Maxl
New Member
Posts: 4
Joined: Tue Aug 19, 2014 12:15 pm

Re: Identifying real IP

Post by Maxl » Thu Aug 21, 2014 6:23 am

Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.
Many things could be faked. That does not mean they usually are.
If something is being faked, there usually is a reason for doing so.

"to fool the amateurs" or maybe rather "to fool your friends" or "to win a bet" may be your "reasons"
to masquerade as a proxy while connecting to some site [of your friends]...

Testing a proxy one plans to use can give more certainty on how it would behave.
Find a way to get to the headers on the receiving end - f.e. request something from your own server
and you will see how much of your data it revealed.

Voodoo
Active Member
Posts: 572
Joined: Fri Mar 11, 2011 10:17 am

Re: Identifying real IP

Post by Voodoo » Thu Aug 21, 2014 7:15 am

:lol: True what you said.
The Req.Header

Code: Select all

GET http://xxx.com/forum/ HTTP/1.1
Host: xxxx.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2
Cookie: faceLike=liked; xf_user=24670%2Cf079547d3014ed56f448688fb3e653235ee220b1; xf_session=719383846a62ee57986dcdc8c12de597; countrytabs=0
If-Modified-Since: Sun, 10 Aug 2014 08:07:24 GMT
the only hint from a browser is

Code: Select all

Proxy-Connection: keep-alive
if my server replace the header as following

Code: Select all

GET /forum/ HTTP/1.1
Host: xxxx.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Opera/9.80 (X11; U; Linux i686; en-US) Presto/2.9.168 Version/11.52
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2
then only a pro from the NSA may dig out whether the request is from a proxy of from a plain browser.

Have nice day.

Locked

Who is online

Users browsing this forum: No registered users and 1 guest