Page 1 of 1

Identifying real IP

Posted: Wed Feb 26, 2014 12:32 am
by SyncSA
Is it possible to locate the real IP address and thus location if someone uses a proxy or TOR?

Re: Identifying real IP

Posted: Wed Feb 26, 2014 5:48 am
by George
Not really. Only the proxy knows what the originating IP is.

Re: Identifying real IP

Posted: Wed Feb 26, 2014 7:03 am
by SyncSA
How will you know if it comes through a Proxy?

Re: Identifying real IP

Posted: Thu Feb 27, 2014 3:45 am
by Voodoo
:lol: ask the NSA....
Well, there's lot of ways to finger at you. Proxy or VPN or whatever is good against little thugs and amateurish spooks :shock: . Such an institution like the NSA, MI5, KGB or BKA...they know how to retrieve your IP :twisted: . And if I'd a site and you visited my site I'd know under what mask you came. In short: If you don't do stupid thing your IP is safe with proxy or VPN :mrgreen: .

Re: Identifying real IP

Posted: Wed Mar 05, 2014 10:42 am
by nielsencl1
Yes, it is possible but not commonly used. I only know of one commercial service that can trace back through even multiple proxies and I think VPNs. The commercial service provides online retail sites with a way to assess if a visitor is who they say they are or not.

I would say in this day and age, only about 1 percent of the people that think they can hide online really can. All the others are misled in thinking using one or two proxies will keep them safe.

Re: Identifying real IP

Posted: Wed Aug 20, 2014 8:35 pm
by Maxl
There are proxies, that tell you about who is using it (in the request header) like f.e.

Code: Select all

X-Forwarded-For: <originating ip address>
or drop clues, that a proxy is being used like:

Code: Select all

X-Proxy-ID:

Code: Select all

Via:
And there are proxies, that do not tell you anything about them being a proxy or who originated the request.

Re: Identifying real IP

Posted: Thu Aug 21, 2014 3:07 am
by Voodoo
Maxi,
Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.

Re: Identifying real IP

Posted: Thu Aug 21, 2014 6:23 am
by Maxl
Request Header? If it's a hint, then YES. BUT it's can be easily "faked" or "omitted" to fool the amateurs.
Many things could be faked. That does not mean they usually are.
If something is being faked, there usually is a reason for doing so.

"to fool the amateurs" or maybe rather "to fool your friends" or "to win a bet" may be your "reasons"
to masquerade as a proxy while connecting to some site [of your friends]...

Testing a proxy one plans to use can give more certainty on how it would behave.
Find a way to get to the headers on the receiving end - f.e. request something from your own server
and you will see how much of your data it revealed.

Re: Identifying real IP

Posted: Thu Aug 21, 2014 7:15 am
by Voodoo
:lol: True what you said.
The Req.Header

Code: Select all

GET http://xxx.com/forum/ HTTP/1.1
Host: xxxx.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2
Cookie: faceLike=liked; xf_user=24670%2Cf079547d3014ed56f448688fb3e653235ee220b1; xf_session=719383846a62ee57986dcdc8c12de597; countrytabs=0
If-Modified-Since: Sun, 10 Aug 2014 08:07:24 GMT
the only hint from a browser is

Code: Select all

Proxy-Connection: keep-alive
if my server replace the header as following

Code: Select all

GET /forum/ HTTP/1.1
Host: xxxx.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Opera/9.80 (X11; U; Linux i686; en-US) Presto/2.9.168 Version/11.52
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,vi;q=0.2
then only a pro from the NSA may dig out whether the request is from a proxy of from a plain browser.

Have nice day.