PDA

View Full Version : Anonymizer.com and ProxyTest ??



cantoris
10-04-2001, 06:24 AM
Hi!

How does the proxytest work?

I was surprised to find for example that it could detect me behind the free proxy at Anonymizer if I used
http://anon.free.anonymizer.com/http://www.all-nettools.com/pr.htm

And yet when a friend tried the same URL it couldn't see him. I'm using IE6 and he's using IE5.5 under a different ISP.

Any ideas as to what's going on?

Thanks!


Andrew

MrByte
10-05-2001, 12:20 PM
Hi,



How does the proxytest work?


Basically, it studies the HTTP request headers trying to find out if any information about the client leaks through.



I was surprised to find for example that it could detect me behind the free proxy at Anonymizer if I used
http://anon.free.anonymizer.com/http://www.all-nettools.com/pr.htm

And yet when a friend tried the same URL it couldn't see him. I'm using IE6 and he's using IE5.5 under a different ISP.

Any ideas as to what's going on?


Did it detect your real IP address, or just the fact that you were behind a proxy? In either case, it sounds strange, it's possible that it's a bug in Anonymizer. What exactly did the proxy test show, and what was in your browser's address line when you were viewing that page?

Mr.Byte

cantoris
10-16-2001, 05:31 AM
Hi!

Thanks for replying.
Even using a real anonymizer account, the proxytest sees my IP. I get to the proxy test with the URL http://anon.user.anonymizer.com/cipher:<a load of rubbish comes here>
The test successfully finds my own IP!

Best wishes,


Andrew

MrByte
10-16-2001, 12:49 PM
Well, this is strange, I've just tried it with a paid account too, and my IP was not detected.

Here is what you can do ... get Essential NetTools at www.tamos.com. Run the program, switch to the "RawTCP" tool and start listening on port 80. Then use Anonymizer to connect to your own IP address, as if you have a web server running. The program will accept this connection from Anonymizer and show something like this:

*** Accepted connection from *68.*4*.**2.8 ***
GET / HTTP/*.0
Host: ******** (that was my IP address;-)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Charset: iso-885*-*,*,utf-8
Accept-Encoding: identity
Accept-Language: en
User-Agent: Mozilla/4.7* [en] (TuringOS; Turing Machine; 0.0)

That's what the script at all-nettools.com "sees" when you run a proxy test. As you can see, nothing in these headers reveals my IP address. Maybe in your headers you'll see something different. Note that the "Host" header will contain your IP address, this is normal, because you told Anonymyzer where to go. So ignore this header, look at the other ones. Maybe this will lead you somewhere.

DATA
10-19-2001, 02:45 AM
hi,


the big question is who is behind the privacy loving anonymizer.com ?The c.i.a ?

cantoris
10-19-2001, 08:17 AM
Thanks again MrByte!

Well I did what you s***ested and got a rather surprising result:

*** Accepted connection from *68.*4*.**2.8 *** (that's the anonymizer proxy)
GET / HTTP/*.0
Host: <my IP>
Accept: <the usual stuff>
Accept-Encoding: identity
Accept-Language: en-gb
Cache-Control: no-cache
Client-ip: <my IP>
Pragma: no-cache
User-Agent: Mozilla/4.0 (TuringOS; Turing Machine; 0.0)

What on Earth is that Client-IP doing there?
And what are Pragma and this Turing thing?

Very mysterious
Best wishes,


Andrew

PowerJewels
10-19-2001, 10:33 AM
Trash your browser's History cache folder, download cache folder. Disable java, javascript, ActiveX. Quit your browser.

Now try your proxy test.

MrByte
10-19-2001, 01:55 PM
*** Accepted connection from *68.*4*.**2.8 *** (that's the anonymizer proxy)
GET / HTTP/*.0
Host: <my IP>
Accept: <the usual stuff>
Accept-Encoding: identity
Accept-Language: en-gb
Cache-Control: no-cache
Client-ip: <my IP>
Pragma: no-cache
User-Agent: Mozilla/4.0 (TuringOS; Turing Machine; 0.0)

What on Earth is that Client-IP doing there?
And what are Pragma and this Turing thing?


... another bug in Anonymizer:) My guess is that you were accessing Anonimyzer via a proxy server. Note that some ISPs route your HTTP traffic via their proxy server(s) even if you don't explicitly configure your browser to use a proxy server.

Regarding your headers: Pragam is a line inserted by a proxy server. Turing OS is a standard replacement for your actual OS carried out by Anonymizer (that's they way they're joking;-). Now, Client-ip is a header inserted by your proxy server, at least that's what I think it is. Anonymizer should have eliminated this header, but they screwed up. Tell them about it, they must fix it. Oh, and ask for a free life-time account, they gave me one years ago for finding yet another security flaw:)

Mr.Byte

cantoris
10-19-2001, 06:58 PM
Thanks again for the help!

I tried the proxytest using Netscape408 with Java and Javascript disabled and the effect was the same as with IE6.
I have no proxies configured on my own machine so my ISP must be doing something.

I've emailed Anonymizer, so I'll be interested to see what they say. MrByte, your last sentence was intriguing too :-P

Best wishes,


Andrew