Anonymous Internet Browsing. Myth or Reality.

vicnumb Apr 5, 2013

Apr 05 2013 Published by under Misc, Tricks

We hear here and there Keep your information private, use proxy servers and you will never be detected.

 

A series of questions appear around “proxy mystery”:

  • Is information about your IP address hidden.
  • Is information about your browser hidden.
  • Is information about your computer hidden.

 

If you can easily hide information, can you simulate another user or another browser by changing the IP addresses and browser headers:

  • Can you change the IP address.
  • Can you simulate a browser.
  • Can you simulate a real visitor using proxy servers.

 

Unfortunately most internet players use proxy servers for cheating different internet systems. I think the problem is in these systems imperfections. If a internet program pretends to be secure, it should have alternative ways to detect cheats.

 

As said above, our goal is to detect whether your computer/browser information can be hided.

 

1. First of all we create a program (PHP, HTML, JavaScript) capable to extract info from your computer/browser.

<?php 
 
echo "<strong>Data Retrieved by PHP:</strong> <br><br>";
 
echo "Your IP: ".$_SERVER['REMOTE_ADDR'].'<br>';
echo "Remote Host: ".$_SERVER['REMOTE_HOST'].'<br>';
echo "Refferer: ".$_SERVER['HTTP_REFERER'].'<br>';
echo "Request Method: ".$_SERVER['REQUEST_METHOD'].'<br>';
echo "Query String (GET string): ".$_SERVER['QUERY_STRING'].'<br>';
echo "Script Local Path: ".$_SERVER['SCRIPT_NAME'].'<br>';
echo "User Browser: ".$_SERVER['HTTP_USER_AGENT'].'<br>';
?> 
 
<html>
<head>
<title>Remote User Data</title>
 
<script>
document.write('<br><strong>Data Retrieved by JavaScript:</strong> <br><br>');
document.write('Charset: ' + document.charset + '<br>');
document.write('Browser: ' + navigator.userAgent + '<br>');
document.write('Screen Width: ' + screen.width + '<br>');
document.write('Screen Height: ' + screen.height + '<br>');
document.write('JavaScript Enabled: ' + navigator.javaEnabled() + '<br>');
document.write('Color Depth: ' + screen.colorDepth + '<br>');
document.write('Local Address: ' + window.location.href + '<br>');
</script>
 
</head>
 
<body>
 
<span class="myip"></span>
 
 
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>
(function() {
  $.getJSON( "http://smart-ip.net/geoip-json?callback=?",
  function(data){
    $('.myip').html("IP Address: " + data.host);
  });
})();
</script>
 
/body>
</html>

Each line of code has inline explanations, so all you have to do is to copy/paste the code above to a file on your website.

Load the file: All info presented by PHP and by JavaScript are identical.

 

2. Open info detection website, using a proxy server and PHP, CURL, JavaScript technologies.

The code below is retrieving content of a remote website page via GET method then displaying it in your browser. To retrieve data from a remote website page, we used PHP, CURL technologies, cookies, browser simulation.

<?php
 
$proxy_ip = '127.0.0.1'; //proxy IP here
$proxy_port = 0; //proxy port from your proxy list
$loginpassw = 'username:password';  //your proxy login and password here
$url = 'http://yourwebsite/file_detecting_ip_and_browserifo';
 
//Browser header
$agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)";
$cookie = 'cookie.txt';
 
$ch = curl_init();
 
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0); // no headers in the output
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // output to variable
curl_setopt($ch, CURLOPT_PROXYPORT, $proxy_port);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
curl_setopt($ch, CURLOPT_PROXY, $proxy_ip);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $loginpassw);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, false);
 
//simulate user agent
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
 
//use cookie
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
 
//more settings
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_REFERER, "http://freeaddepot.com");
 
$data = curl_exec($ch);
curl_close($ch);
 
echo $data;
 
?>

Copy/paste code above, make sure you do all necessary changes:
Proxy IP, port, username, password, remote website to load.

Now load the IP detection page via proxy server.
As you have noticed information is different, and there’s not exactly what we were expecting:
PHP – has swallowed proxy IP and browser feed data, it’s displaying the info you transmitted to it;
JavaScript – has requested the information directly from your browser and is displaying YOUR browser info.

I think you are not convinced yet.

 

3. What about big players. Will they detect your ip and browser connected via a proxy server.

Connect IP detecting website page (http://yourwebsite/file_detecting_ip_and_browserifo) to Google Analytics.
1) Open: Real Time -> Overview
2) Open IP detecting page in another browser window – check what country page was visited from.
3) Open the same page via proxy server – check what country page was visited from. Google detected your real IP!
4) Run same file from your server bash command line – check google analytics. No Real Time visitors? Google doesn’t consider bots as real website visitors.

4. Proxy servers blacklisting

Paid proxy servers are usually used for years in order to hide some programs after them. Such proxy servers are detected and placed to Proxy black lists.

Try your proxy server with black list checker:
http://whatismyipaddress.com/blacklist-check

 

Conclusion: Using proxies, you will never cheat big internet players. Your information cannot be kept totally private.

 

Happy Browsing!

No responses yet

Leave a Reply