Cenzic 232 Patent
Paid Advertising
web application security lab

Detecting Privoxy Part II

Well the old trick still works but I just wasn’t satisfied with that. I really like to break Privoxy for some reason. I have nothing against it, it just seems like a kludge to me. A Kludge that needs to be broken. So I decided to come up with another way to do the exact same thing, only in a trickier way. This time I used a technique stolen right out of Jeremiah’s handbook. I used CSS and JavaScript to detect if an embedded CSS file works or not.

Click here with Privoxy and JavaScript turned on to have it detect you. That’s right, I noticed that Privoxy had it’s own custom style sheet. It embeds it whenever it gives you an error message (which is relatively often). That style sheet overwrites a particular class called “warning”. So I created an EM tag with a warning class, and then wrote a little peice of JavaScript stolen almost word for word from Jeremiah’s CSS history hack and poof.

You can now (again) detect if users are using Privoxy, which might tell you something about them, or may cause you to take different actions based on that fact. Privoxy isn’t so private after all.

2 Responses to “Detecting Privoxy Part II”

  1. Legionnaire Says:

    Hello!

    I guess Privoxy never claimed to be undetectable.
    What the Tor + Privoxy package advertises is encrypted and anonymous http web surfing.

  2. Boooh Says:

    hi,
    this tests fails for me …
    visiting with privoxy & TOR but it sais i am NOT using TOR …

    greez