Teacher
Professional
- Messages
- 2,670
- Reaction score
- 780
- Points
- 113
This guide / tutorial is about to protect yourself for security measures.
Check yourself for anonymity:
whoer.net
BrowserLeaks.com
At the moment, 13 verification methods have been collected which i send you each one by one.
HTTP proxy headers
Some proxies append their headers to the request that the user's browser initiates.
Often this is the real IP address of the user.
Make sure that the proxy server, if it writes something in the headers listed below, at least not your address:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED
FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
Some of those headers can also be viewed by PHP, an example will be :
Open HTTP proxy ports
The IP address from which the request came to our page can say a lot.
For example, you can see which ports are open on the other side?
The most popular ports are 3128, 1080 and 8123.
Those ports are :
1080 - TCP (SOCKS PROXY)
3128 - SQUID
8123 - TCP (Web Proxy)
If you do not use them, it is quite possible to avoid unjustified suspicions of using 3proxy, SOCKS 5 or Polipo.
Download Links :
3proxy (https://3proxy.ru/)
Polipo (https://github.com/jech/polipo)
Other Links :
Port Lookup (https://wintelguy.com/port-search/)
Open ports to the web proxy
As in the case of HTTP, the web proxy can be hung on any port, but we wanted the test to work very quickly, so we limited the reverse connection to ports 80 and 8080.
Given a web page? Great!
At the moment, we are able to define PHProxy, CGIProxy, Cohula and Glype.
Non-standard ports with authorization close the issue.
Suspicious Hostname
Having an IP address, you can try to cut off the hostname of the client.
Stop words that can hint at a tunnel: vpn, hide, hidden, proxy.
You should not link domain names to a personal VPN, and if you do, then you should avoid "talking" names.
Difference in time zones (browser and IP)
Based on the GeoIP data, you can find out the country by the user's IP, and therefore its time zone.
Then you can calculate the time difference between the browser and the time corresponding to the time zone of the VPN server.
Is there a difference?
So the user is probably hiding.
For Russia, there is no exact base of latitude and longtitude for regions, and since there are many time zones, we do not take these addresses into account in the final result.
With European countries, everything is the opposite, they are very good at burning.
When switching to a VPN, you should not forget to translate the system time, change the time in the browser, or work with Russian proxies.
IP belonging to the Tor network
If your IP address is a Tor node from the site list, congratulations, you've been burned.
Nothing criminal, but the fact of revealing that you are hiding is not very encouraging.
Turbo Browser Mode
By collecting the IP address ranges of Google, Yandex and Opera, and comparing them with the user's address, we can assume that traffic compression services are used in the browsers of the respective companies.
As a rule, such services also merge your real address in the headers.
As a means of anonymization, you should not rely on traffic compression.
Web proxy definition (JS method)
By comparing window.location.hostname with the host of the requested page, you can determine whether a web proxy is used.
Web proxies (in our opinion, anonymizers) are not reliable in principle, so it is better to bypass such methods of anonymization altogether.
IP leak via Flash
Adobe Flash works very well past custom proxies.
By running a special daemon that logs all incoming connections with key tags, you can learn a lot.
The best way to not disclose your address is to not use Adobe Flash at all, or disable it in your browser settings.
For example, the Firefox browser disables flash by default, you should think about it.
? Tunnel detection (two-way ping)
By running a ping to the client IP from a server, you can find out the approximate length of the route.
The same can be done from the browser side, XMLHttpRequest pulls an empty page of our nginx.
The resulting loop difference of more than 30 ms can be interpreted as a tunnel.
Of course, the round-trip routes may vary, or the web server slows down a bit, but overall the accuracy is quite good.
The only way to protect yourself is to prevent ICMP traffic to your VPN server by properly configuring your firewall.
DNS Leak
Finding out which DNS the user uses is not a problem, we have written our own DNS server that records all accesses to our uniquely generated subdomains.
The next step was to collect statistics on several million users, who and what DNS uses. We made a binding to providers, dropped public DNS and got a list of DNS/ISP pairs.
Now it is not at all difficult to find out if the user introduced himself as a subscriber of one network, and uses DNS completely from another.
Part of the problem is solved by using public DNS services, if you can call it a solution.
Leakage through social networks (instagram, twitter, my world, etc.)
It is not a leak of the IP address, but giving everyone left and right the names of authorized users, for example Facebook merges private data that undermines all the anonymity of surfing.
The "Log out" button after each session generally solves the problem, but the best recommendation is not to use social networks
WEB-RTC
WebRTC allows you to set up a conference call without using plug-ins through modern browsers Mozilla and Chrome, but it reveals your real IP even when using a VPN, as well as a list of all local IP addresses that are behind NAT.
WebRTC is only supported in Chrome and Firefox browsers. Native support for WebRTC by Internet Explorer and Safari browsers does not exist.
Disabling WebRTC in Firefox:
In the browser's address bar, enter about:config
Setting in the search:
media.peerconnection. enabled
Set the value to "false" and check again!
Disabling WebRTC in Chrome:
In the Google Chrome browser, you need to install the WebRTC Block plugin to block WebRTC
Disabling WebRTC on Android for Chrome users:
In the address bar of the Chrome browser, enter:
chrome://flags/#disable-webrtc
Setting the value to "enable"
is another alternative way to define proxy and vpn.
Check yourself for anonymity:
whoer.netBrowserLeaks.comAt the moment, 13 verification methods have been collected which i send you each one by one.
HTTP proxy headersSome proxies append their headers to the request that the user's browser initiates.
Often this is the real IP address of the user.
Make sure that the proxy server, if it writes something in the headers listed below, at least not your address:
HTTP_VIAHTTP_X_FORWARDED_FORHTTP_FORWARDED_FORHTTP_X_FORWARDEDHTTP_FORWARDEDHTTP_CLIENT_IPHTTP_FORWARDED_FOR_IPVIAX_FORWARDED_FORFORWARDED_FORX_FORWARDEDFORWARDEDCLIENT_IPFORWARDED_FOR_IPHTTP_PROXY_CONNECTIONSome of those headers can also be viewed by PHP, an example will be :
Code:
<?php
function get_client_ip() {
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
$ip = get_client_ip();
print($ip);
?>The IP address from which the request came to our page can say a lot.
For example, you can see which ports are open on the other side?
The most popular ports are 3128, 1080 and 8123.
Those ports are :
1080 - TCP (SOCKS PROXY)
3128 - SQUID
8123 - TCP (Web Proxy)
If you do not use them, it is quite possible to avoid unjustified suspicions of using 3proxy, SOCKS 5 or Polipo.
Download Links :
3proxy (https://3proxy.ru/)Polipo (https://github.com/jech/polipo)Other Links :
Port Lookup (https://wintelguy.com/port-search/) Open ports to the web proxyAs in the case of HTTP, the web proxy can be hung on any port, but we wanted the test to work very quickly, so we limited the reverse connection to ports 80 and 8080.
Given a web page? Great!
At the moment, we are able to define PHProxy, CGIProxy, Cohula and Glype.
Non-standard ports with authorization close the issue.
Suspicious HostnameHaving an IP address, you can try to cut off the hostname of the client.
Stop words that can hint at a tunnel: vpn, hide, hidden, proxy.
You should not link domain names to a personal VPN, and if you do, then you should avoid "talking" names.
Difference in time zones (browser and IP)Based on the GeoIP data, you can find out the country by the user's IP, and therefore its time zone.
Then you can calculate the time difference between the browser and the time corresponding to the time zone of the VPN server.
Is there a difference?
So the user is probably hiding.
For Russia, there is no exact base of latitude and longtitude for regions, and since there are many time zones, we do not take these addresses into account in the final result.
With European countries, everything is the opposite, they are very good at burning.
When switching to a VPN, you should not forget to translate the system time, change the time in the browser, or work with Russian proxies.
IP belonging to the Tor networkIf your IP address is a Tor node from the site list, congratulations, you've been burned.
Nothing criminal, but the fact of revealing that you are hiding is not very encouraging.
Turbo Browser ModeBy collecting the IP address ranges of Google, Yandex and Opera, and comparing them with the user's address, we can assume that traffic compression services are used in the browsers of the respective companies.
As a rule, such services also merge your real address in the headers.
As a means of anonymization, you should not rely on traffic compression.
Web proxy definition (JS method)By comparing window.location.hostname with the host of the requested page, you can determine whether a web proxy is used.
Web proxies (in our opinion, anonymizers) are not reliable in principle, so it is better to bypass such methods of anonymization altogether.
IP leak via FlashAdobe Flash works very well past custom proxies.
By running a special daemon that logs all incoming connections with key tags, you can learn a lot.
The best way to not disclose your address is to not use Adobe Flash at all, or disable it in your browser settings.
For example, the Firefox browser disables flash by default, you should think about it.
? Tunnel detection (two-way ping)
By running a ping to the client IP from a server, you can find out the approximate length of the route.
The same can be done from the browser side, XMLHttpRequest pulls an empty page of our nginx.
The resulting loop difference of more than 30 ms can be interpreted as a tunnel.
Of course, the round-trip routes may vary, or the web server slows down a bit, but overall the accuracy is quite good.
The only way to protect yourself is to prevent ICMP traffic to your VPN server by properly configuring your firewall.
DNS LeakFinding out which DNS the user uses is not a problem, we have written our own DNS server that records all accesses to our uniquely generated subdomains.
The next step was to collect statistics on several million users, who and what DNS uses. We made a binding to providers, dropped public DNS and got a list of DNS/ISP pairs.
Now it is not at all difficult to find out if the user introduced himself as a subscriber of one network, and uses DNS completely from another.
Part of the problem is solved by using public DNS services, if you can call it a solution.
Leakage through social networks (instagram, twitter, my world, etc.)It is not a leak of the IP address, but giving everyone left and right the names of authorized users, for example Facebook merges private data that undermines all the anonymity of surfing.
The "Log out" button after each session generally solves the problem, but the best recommendation is not to use social networks
WEB-RTCWebRTC allows you to set up a conference call without using plug-ins through modern browsers Mozilla and Chrome, but it reveals your real IP even when using a VPN, as well as a list of all local IP addresses that are behind NAT.
WebRTC is only supported in Chrome and Firefox browsers. Native support for WebRTC by Internet Explorer and Safari browsers does not exist.
Disabling WebRTC in Firefox:
In the browser's address bar, enter about:config
Setting in the search:
media.peerconnection. enabled
Set the value to "false" and check again!
Disabling WebRTC in Chrome:
In the Google Chrome browser, you need to install the WebRTC Block plugin to block WebRTC
Disabling WebRTC on Android for Chrome users:
In the address bar of the Chrome browser, enter:
chrome://flags/#disable-webrtc
Setting the value to "enable"
is another alternative way to define proxy and vpn.
