PDA

View Full Version : A Simple Proxy Anonymity Tester Program


JayT
09-14-2007, 11:02 PM
Putting this simple program on your web site allows you to see some common server environment variables and test the anonymity of a proxy server. If you are anonymous, your IP should not be visible in the listing it generates.

It is a program originally written in PERL and I rewrote it for PHP.




<?PHP

/*

This simple program displays some common
server environment variables. It shows
what the web host sees when you connect
to a web site.

It can be useful in helping to determine how
anonymous a proxy server really is.

Language : PHP 5.2.4

Author : Jay Tanner - 2007 Sep *4 - Fri


*/

print Env_Vars();


function Env_Vars()

{

$a = "SERVER_SOFTWARE\t\t" . $_SERVER['SERVER_SOFTWARE'] . "\n";
$b = "SERVER_NAME\t\t" . $_SERVER['SERVER_NAME'] . "\n";
$c = "GATEWAY_INTERFACE\t" . $_SERVER['GATEWAY_INTERFACE'] . "\n";
$d = "SERVER_PROTOCOL\t\t" . $_SERVER['SERVER_PROTOCOL'] . "\n";
$e = "SERVER_PORT\t\t" . $_SERVER['SERVER_PORT'] . "\n";
$f = "HTTP_ACCEPT\t\t" . $_SERVER['HTTP_ACCEPT'] . "\n";
$g = "PATH_INFO\t\t" . $_SERVER['PATH_INFO'] . "\n";
$h = "PATH_TRANSLATED\t\t" . $_SERVER['PATH_TRANSLATED'] . "\n";
$i = "REQUEST_METHOD\t\t" . $_SERVER['REQUEST_METHOD'] . "\n";
$j = "REMOTE_HOST\t\t" . $_SERVER['REMOTE_HOST'] . "\n";
$k = "REMOTE_ADDR\t\t" . $_SERVER['REMOTE_ADDR'] . "\n";

$out = "Some Common Server Environment Variables\n\n$a$b$c$d$e$f$g$h$i$j$k";

return "<PRE>$out</PRE>";


} // End of Env_Vars()



?>





I connected to a proxy server in China, ran the program on my web host and obtained the following listing:


Some Common Server Environment Variables

SERVER_SOFTWARE Apache/2.2.6 (Unix) mod_ssl/2.2.6 mod_auth_passthrough/2.* mod_bwlimited/*.4
SERVER_NAME neoprogrammics.info
GATEWAY_INTERFACE CGI/*.*
SERVER_PROTOCOL HTTP/*.0
SERVER_PORT 80
HTTP_ACCEPT application/x-shockwave-flash, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
PATH_INFO
PATH_TRANSLATED
REQUEST_METHOD GET
REMOTE_HOST
REMOTE_ADDR 222.88.75.24*




The REMOTE_ADDR = 222.88.75.24* is the proxy server I used in China to test the program and see if the proxy was anonymous.

Since my IP doesn't show up, it means that I'm anonymous to the web server, since my own IP is not shown - at least in theory.

So, according to my web host, I posted the kiddie porn on MySpace.com from a computer in China instead of New York State, USA.
(LOL - Just kidding, folks).

The idea of a proxy is to surf the Internet leaving any IP except your own on the server logs.

In fact, an anonymous proxy shouldn't keep general client connection logs or it defeats their purpose!

:)
Moonbat
09-14-2007, 11:23 PM
Or you could just use a proxy and go to a site such as whatsmyip.com and see if it shows your normal IP.

But hey, nice program :D
JayT
09-14-2007, 11:41 PM
Or you could just use a proxy and go to a site such as whatsmyip.com and see if it shows your normal IP.

But hey, nice program :D


I know, but I prefer to make my own programs for such basic things and I also feel more secure when I understand what's actually going on inside a program - and it's educational at the same time!

:)
Moonbat
09-14-2007, 11:54 PM
While that is true, sometimes things aren't meant to be coded again and again. I"ve seen many people on forums post stupid programs like "X-Pinger" when all you have to do is go to Command Prompt (for Windows at least) and type "ping (domain or IP here)".

I'm not saying that this program is useless, it's actually useful. But it's been done before countless times.

But I guess programmers think much differently than I do. :p
JayT
09-15-2007, 01:48 AM
While that is true, sometimes things aren't meant to be coded again and again. I"ve seen many people on forums post stupid programs like "X-Pinger" when all you have to do is go to Command Prompt (for Windows at least) and type "ping (domain or IP here)".


I'm not saying that this program is useless, it's actually useful. But it's been done before countless times.

But I guess programmers think much differently than I do. :p

Programmers are madder than a March hare by definition! I can't communicate with most of them.


Yes. I agree. Most of it has been done before. My main motivation is education.

I'm still rather new to PHP, so I like to learn how things are done rather than always used canned solutions I don't fully understand, regardless of their simplicity in the final analysis.

Why cook a meal from scratch when you can simply open a few cans and save time? If you want to really learn how to cook like the pros, that's not the way to go about it! In my opinion, the same analogy applies to programming.

To me, most, but not all, other programmers' coding is as strange as Chinese. They don't seem to write code with the idea that anyone else might like to read and understand and learn from it. They often use cryptic variable names that have no apparent rhyme or reason and also too often fail to document their work in any meaningful way that simple minded people like me can easily follow. If my mind was any simpler, I'd be a single cell organism!

I try NOT to do in my coding the things that other programmers do that make me want to strangle them!
LOL

For several years I worked for the government and did some scientific and mathematics educating, so I tend to habitually think like a teacher and want things to be as clear and as simple as possible.

Another thing is that I want to share what I've learned with other newbies like me, if possible, and if it is all crammed together like chaos, a strain on the eyes and mind to read and interpret, without useful comments, then the purpose of such education is not well served.

I dread the idea of someone looking at my code and wanting to strangle me and going insane trying to understand it as I've done with other people's code many, many times.
LOL

Since I'm still a newbie, I have a long way to go.
Ezekiel
09-15-2007, 05:33 AM
In fact, an anonymous proxy shouldn't keep general client connection logs or it defeats their purpose!

Generally they would, since they don't really benefit from hosting a proxy and wouldn't want to take the fall for one of their users' illegal acts.

TOR is designed to be secure, and although it has its flaws too, I recommend it over regular proxies.


While that is true, sometimes things aren't meant to be coded again and again. I"ve seen many people on forums post stupid programs like "X-Pinger" when all you have to do is go to Command Prompt (for Windows at least) and type "ping (domain or IP here)".

Recreational programmers like to reinvent the wheel. It's how we learn.

Corporate-slave programmers, however, are more likely to rip code segments from the web, rearrange them to suit their own needs and end up with something that does its job.

I guess it depends on whether you want to learn or want to solve a problem quickly (since all programs should solve some problem).

There is definitely a surplus of useless programs on the web though (pingers, port-scanners, etc.).
Make
10-05-2007, 11:23 AM
Script simple display environment variables of ip address and nothing else.
Probably the most useful test that detect **% of all proxy servers can be found on http://www.proxyserverprivacy.com/detector-proxy.shtml
If you like to make combos with Java try this http://www.proxyblind.org/test.shtml

Here are 2 simple and server friendly script for testing ip address (that are widely supported by all proxy programs) from Guardian (unfortunately his site does not exist anymore)

Perl


#!C:/perl/bin/perl
#!/usr/local/bin/perl
#
# Use the correct shebang according to OS.
# You can rename this script to azenv.cgi if .pl
# extension is not supported.
#
##########################################################################
#
# AZ Environment variables *.04 © 2004 AZ
# Civil Liberties Advocacy Network
# http://clan.cyaccess.com http://clanforum.cyaccess.com
#
# AZenv is written in PHP & Perl. It is coded to be simple,
# fast and have negligible load on the server.
# AZenv is primarily aimed for programs using external scripts to
# verify the passed Environment variables.
# Only the absolutely necessary parameters are included.
# AZenv is free software; you can use and redistribute it freely.
# Please do not remove the copyright information.
#
##########################################################################

print <<EOC;
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W*C//DTD XHTML *.0 Transitional//EN"
"http://www.w*.org/TR/xhtml*/DTD/xhtml*-transitional.dtd">
<html xmlns="http://www.w*.org/****/xhtml" xml:lang="en" lang="en">
<head>
<title>AZ Environment variables *.04</title>
</head>
<body>
<pre>
EOC

foreach $var (keys(%ENV))
{ if ($var =~ /REMOTE/ || $var =~ /HTTP/ || $var =~ /REQUEST/)
{ print $var.' = '.$ENV{$var}."\n"; } }

print <<EOC;
</pre>
</body>
</html>
EOC


PHP


<!DOCTYPE html PUBLIC "-//W*C//DTD XHTML *.0 Transitional//EN"
"http://www.w*.org/TR/xhtml*/DTD/xhtml*-transitional.dtd">
<html xmlns="http://www.w*.org/****/xhtml" xml:lang="en" lang="en">
<head>
<title>AZ Environment variables *.04</title>
</head>
<body>
<pre>
<?php
##########################################################################
#
# AZ Environment variables *.04 © 2004 AZ
# Civil Liberties Advocacy Network
# http://clan.cyaccess.com http://clanforum.cyaccess.com
#
# AZenv is written in PHP & Perl. It is coded to be simple,
# fast and have negligible load on the server.
# AZenv is primarily aimed for programs using external scripts to
# verify the passed Environment variables.
# Only the absolutely necessary parameters are included.
# AZenv is free software; you can use and redistribute it freely.
# Please do not remove the copyright information.
#
##########################################################################

foreach ($_SERVER as $header => $value )
{ if (strpos($header , 'REMOTE')!== false || strpos($header , 'HTTP')!== false ||
strpos($header , 'REQUEST')!== false) {echo $header.' = '.$value."\n"; } }
?>
</pre>
</body>
</html>



Here is official AATools proxy server testing script


#!/usr/local/bin/perl
#
$title = '"#**ccff"';
$http = '"#ccffcc"';
$proxy = '"#ccff**"';
$remote = '"#ffcccc"';
$other = '"#ffffcc"';
$warn = '"#ff****"';
$java = '"#66**cc"';

print "Content-type: text/html\n\n";
print "<HTML><HEAD><TITLE>CGI ENVIRONMENT</TITLE></HEAD>\n";
print "<BODY BGCOLOR=\"#ffffff\">\n";
print "<H* ALIGN=center>CGI ENVIRONMENT</H*>\n";
print "<HR>\n";
print "<BR>\n";

$host = !$ENV{'REMOTE_HOST'}||$ENV{'REMOTE_HOST'}eq$ENV{'REMOTE_ADDR'}?gethostbyaddr(pack('C4',split(/\./,$ENV{'REMOTE_ADDR'})),2)||$ENV{'REMOTE_ADDR'}:$ENV{'REMOTE_HOST'};
print "REMOTE_HOST = $host<BR>\n";
if ( defined $ENV{'HTTP_X_FORWARDED_FOR'} ) {
@ip = split( /[, ]+/, $ENV{'HTTP_X_FORWARDED_FOR'} );
foreach (@ip) {
if ( m/^[0-*.]+$/ ) { $ip .= (gethostbyaddr(pack('C4',split(/\./,$_)),2)||$_) . ' -> '; }
else { $ip .= "$_ -> "; }
}
$ip =~ s/ -> $//;
print "HTTP_X_FORWARDED_FOR = $ip<BR>\n";
}
print "HTTP_FROM = $ENV{'HTTP_FROM'}<BR>\n" if defined $ENV{'HTTP_FROM'};
print "<BR>\n";

print "<HR>\n";
print "<BR>\n";
print "<TABLE BORDER=*>\n";
print "<TR><TH BGCOLOR=$title>ENVIRONMENT<TH BGCOLOR=$title>VALUE</TR>\n";
foreach $key (sort (keys %ENV)) {
if ( $key ne 'PATH' &&
$key ne 'SCRIPT_FILENAME' &&
$key ne 'REQUEST_URI' &&
$key ne 'SCRIPT_FILENAME' &&
$key ne 'SCRIPT_NAME' &&
$key ne 'SERVER_ADDR' &&
$key ne 'SERVER_ADMIN' &&
$key ne 'SERVER_NAME' &&
$key ne 'SERVER_PORT' &&
$key ne 'SERVER_PROTOCOL' &&
$key ne 'SERVER_SIGNATURE' &&
$key ne 'SERVER_SOFTWARE' &&
$key ne 'DOCUMENT_ROOT' ) {
if ( $key =~ /^HTTP_/ ) {
if ( $key eq 'HTTP_ACCEPT' ||
$key eq 'HTTP_ACCEPT_CHARSET' ||
$key eq 'HTTP_ACCEPT_LANGUAGE' ||
$key eq 'HTTP_ACCEPT_ENCODING' ||
$key eq 'HTTP_CONNECTION' ||
$key eq 'HTTP_COOKIE' ||
$key eq 'HTTP_IF_MODIFIED_SINCE' ||
$key eq 'HTTP_HOST' ||
$key eq 'HTTP_PRAGMA' ||
$key eq 'HTTP_REFERER' ||
$key eq 'HTTP_UA_COLOR' ||
$key eq 'HTTP_UA_CPU' ||
$key eq 'HTTP_UA_OS' ||
$key eq 'HTTP_UA_PIXELS' ) {
print "<TR><TD BGCOLOR=$http>$key<TD BGCOLOR=$http>$ENV{$key}</TR>\n";
}
elsif ( $key eq 'HTTP_USER_AGENT' ) {
$ENV{$key} =~ s%\bvia\b%<FONT COLOR=$warn>$&</FONT>%i;
$ENV{$key} =~ s%\bproxy\b%<FONT COLOR=$warn>$&</FONT>%i;
$ENV{$key} =~ s%\bgateway\b%<FONT COLOR=$warn>$&</FONT>%i;
$ENV{$key} =~ s%\bTuring\b%<FONT COLOR=$warn>$&</FONT>%i;
$ENV{$key} =~ s%\bANONYM%<FONT COLOR=$warn>$&</FONT>%i;
print "<TR><TD BGCOLOR=$http>$key<TD BGCOLOR=$http>$ENV{$key}</TR>\n";
}
elsif ( $key eq 'HTTP_FROM' ) {
print "<TR><TD BGCOLOR=$http>$key<TD BGCOLOR=$http><FONT COLOR=$warn>$ENV{$key}</FONT></TR>\n";
}
else {
print "<TR><TD BGCOLOR=$proxy>$key<TD BGCOLOR=$proxy>$ENV{$key}</TR>\n";
}
}
elsif ( $key =~ /^REMOTE_/ ) {
print "<TR><TD BGCOLOR=$remote>$key<TD BGCOLOR=$remote>$ENV{$key}</TR>\n";
}
else {
print "<TR><TD BGCOLOR=$other>$key<TD BGCOLOR=$other>$ENV{$key}</TR>\n";
}
}
}
print "</TABLE>\n";

print "<BR><HR><BR>\n";
print "</BODY></HTML>\n";


For detailed infos about ip address there is Ip Address Location (http://www.ipaddresslocation.org)