Technology

Catch this article over at ha.ckers.org regarding an easy way to bypass most anonymizing proxies (such as Tor) and figure out the true origin IP of a web surfer. Plugins such as Java or Flash can be written to make a socket call back to the server. Since the plugin isn’t making a normal HTTP request, it ignores the proxy settings of your browser and connects directly to the server.

This code (it takes a several seconds to load) uses a piece of JavaScript to instantiate a Java socket call back to the origin site. In doing so it bypasses the proxy settings of the browser, allowing you to de-anonymize people using proxies. It works great for Tor or just about any HTTP proxy that I can think of. Cool stuff.

Ouch.

A safer anonymizing solution might be to route all traffic through a transparent proxy, while also blocking all traffic not destined for port 80.

De-anonymizing Tor and Detecting Proxies – Link

1 thought on “De-anonymizing Tor and Detecting Proxies

  1. I wonder if this still works aka if this loophole has not been addressed and website “owner” can find out the real IP of the visitor?

Comments are closed.

Tagged