De-anonymizing Tor and Detecting Proxies

Technology

Catch this article over at ha.ckers.org regarding an easy way to bypass most anonymizing proxies (such as Tor) and figure out the true origin IP of a web surfer. Plugins such as Java or Flash can be written to make a socket call back to the server. Since the plugin isn’t making a normal HTTP request, it ignores the proxy settings of your browser and connects directly to the server.

This code (it takes a several seconds to load) uses a piece of JavaScript to instantiate a Java socket call back to the origin site. In doing so it bypasses the proxy settings of the browser, allowing you to de-anonymize people using proxies. It works great for Tor or just about any HTTP proxy that I can think of. Cool stuff.

Ouch.

A safer anonymizing solution might be to route all traffic through a transparent proxy, while also blocking all traffic not destined for port 80.

De-anonymizing Tor and Detecting Proxies – Link

1 thought on “De-anonymizing Tor and Detecting Proxies

  1. Dan says:

    I wonder if this still works aka if this loophole has not been addressed and website “owner” can find out the real IP of the visitor?

Comments are closed.

Tagged
FEEDBACK