Proxy De-anonymization


This is example code that attempts to bypass the proxy settings in a browser by opening up a Java socket directly to the same machine. Java does not follow the same proxy settings as the browser does, and therefor we can get the real IP address (not internal, but external) of the user. Jeremiah Grossman and I presented this originally at Blackhat 2007. Although originally designed for Tor, it works on all proxies (tested on Firefox 2.0.0.5-7):

Your current IP is: 54.226.116.197
Your real IP is:

Have a nice day. Go home.