27089 total geeks with 3528 solutions
Recent challengers:
 Welcome, you are an anonymous user! [register] [login] Get a yourname@osix.net email address 

Articles

GEEK

User's box
Username:
Password:

Forgot password?
New account

Shoutbox
sdchristebrad
[b][url=http ://www.links oflondonoutl etsale.com/] links of londo<strong ><a href="http:/ /www.linksof londonoutlet sale.com/">l inks of london sweetie bracelet</a> </strong> <b r> <strong><a href="http:/ /www.linksof londonoutlet sale.com/">l inks of london friendship
sdchristebrad
[b][url=http ://www.copyr olex.co/]rol ex submariner[/ url][/b] [b][url=http ://www.copyr olex.co/]rol ex watches replica[/url ][/b] [b][url=http ://www.copyr olex.co/]rol ex oyster perpe<br><st rong><a href="http:/ /www.copyrol ex.co/">role x submariner</ a></strong>
sdchristebrad
[b]<a href="http:/ /www.copyrol ex.co/">role x submariner</ a>[/b] [b][url=http ://www.copyr olex.co/]rol ex watches replica[/url ][/b] [b]<a href="http:/ /www.copyrol ex.co/">role x oyster perpetual datejust</a> [/b] http://www.g irltiffany.c om/ tiffany out
sdchristebrad
[b][url=http ://www.canad agoosejacket ssale.com/]c anada<strong ><a href="http:/ /www.canadag oosejacketss ale.com/">ca nada goose parka outlet</a></ strong> <br> <strong><a href="http:/ /www.canadag oosejacketss ale.com/">ca nada goose sale</a></st rong> <br>
sdchristebrad
[b][url=http ://www.uggsh oessale.net/ index.php]ug g boots clearance[/u rl][/b] [b][url=http ://www.uggsh oessale.net/ index.php]ug g boots outlet[/url] [/b] [b][url =http://www. uggshoessale .n<br><stron g><a href="http:/ /www.uggshoe ssale.net/in dex.php">ugg boots cl

Donate
Donate and help us fund new challenges
Donate!
Due Date: Oct 31
October Goal: $40.00
Gross: $0.00
Net Balance: $0.00
Left to go: $40.00
Contributors


News Feeds
The Register
SKYPE has the HOTS
for my NAKED WIFE
Time to test your
sarcasm detectors:
It"s the UN"s
global comms
shakeup
extravaganza!
Wanna see how
Russia et al hope
to shape the
internet? ITU opens
up (a little more)
t
Google CEO Larry
Page gives Sundar
Pichai keys to the
kingdom
Cheapo telcos fined
for their cheapo
security: Financial
records on 305,000
people spill
LG taps TSMC to
bake its first-ever
mobile chip
FCC: You"ll have to
wait even longer
for faster wireless
broadband
Breaking news:
Google exec in
terrifying SKY
PLUNGE DRAMA
Revealed: The
amazing magical
innovation in the
iPad Mini 3 ? a
lick of paint
Silicon Valley
scrooges paid staff
$1.21 an hour in a
122-hour week
Slashdot
Peter Kuran:Visual
Effects Artist and
Atomic Bomb
Archivist
OwnCloud Dev
Requests Removal
From Ubuntu Repos
Over Security Holes
Microsoft Now Makes
Money From Surface
Line, Q1 Sales
Reach Almost $1
Billion
Days After
Shooting, Canada
Proposes New
Restrictions On and
Offline
AT&T Locks
Apple SIM Cards On
New iPads
Passwords: Too Much
and Not Enough
Verizon Injects
Unique IDs Into
HTTP Traffic
Secretive Funding
Fuels Ongoing Net
Neutrality
Astroturfing
Controversy
A Low Cost, Open
Source Geiger
Counter (Video)
Computer Scientist
Parachutes From
135,908 Feet,
Breaking Record
Article viewer

Proxy Detection with PHP



Written by:noimnot
Published by:thinkt4nk
Published on:2005-12-18 02:40:59
Topic:PHP
Search OSI about PHP.More articles by noimnot.
 viewed 70663 times send this article printer friendly

Digg this!
    Rate this article :
This guide shows you how to detect proxies using various methods; it also provides crucial information on improving your online security.

HTTP-Headers

HTTP message-headers are used by HTTP, the Hypertext-Transfer Protocol, to control connections or supply additional information like the browser's version string, the system language or even dynamic content such as cookies. A HTTP message-header as defined by RFC2616 looks like this:

message-header = field-name ":" [ field-value ]
       field-name = token
       field-value = *( field-content | LWS )
       field-content = <the OCTETs making up the field-value
                        and consisting of either *TEXT or combinations
                        of token, separators, and quoted-string>


This shows us that a HTTP header consists of several fields, each containing its name and value, separated by a ":".


HTTP-Headers and the $_SERVER Variable

The $_SERVER variable is the preferred method of retrieving external variables. It provides a PHP programmer with various information related to the server, provided by the webserver, and clients, transmitted via the HTTP headers which are the "HTTP_"-prefixed elements in $_SERVER. Now to get to the point: A connected clients IP address is stored in the REMOTE_ADDR element of the array $_SERVER. If proxies are used to open a connection the value of this element is changed to the IP of the proxy, which breaks any reference a script may try to establish using just this field of the header.


Proxies and HTTP Headers

As proxies introduce additional functionality, they also introduce new HTTP message-header fields. One of these additional fields is stored inside the HTTP_X_FORWARD element and is used by various proxy servers to submit the IP of the client using it. Similar to this the HTTP_X_FORWARDED_FOR field is used and may be seen as an indication of a relayed connection. Using just these two elements of the HTTP header one might find references to users trying to avoid detection schemes. On the other hand, a user trying to circumvent such a measure may be advised to check for these header fields being used by his chosen proxy.


Using Cookies to Detect Relayed Communication

Since the possibility of detecting a stealth connection by the means of HTTP message-headers is limited by the fact that the proxy is responsible for sending the clients information in order to process them; so, if the proxy is completely anonymous, not relaying any client information whatsoever, the only way left is to make the client tell you who he is. To make this more understandable here is a piece of code I use to detect various users using "stealth-proxies":

$r_ip=$_SERVER['REMOTE_ADDR'];
$seed="8hasdv9fjadzf8jzssadf0a7shi";
$e_id=query_base_entry($r_ip);
if($e_id!=0) {
$cookiename="myPROXYdetectionCOOKIE";
 $olcookie=$_COOKIE[$cookiename]; // old visit's cookie
 $thiscookie=md5($host.$seed); // this visits cookie
 if($olcookie&&$thiscookie!=$olcookie) {
  if(!islogcookie($e_id,$olcookie)) add_logcookie(get_bidbylogcookie($olcookie),$thiscookie);
  if(!islogcookie($e_id,$thiscookie)) add_logcookie($e_bid,$thiscookie);
 }
 if(!$olcookie) {
  setcookie($cookiename,$thiscookie); // send user his cookie (he aint got none)
  if(!$cthiscookie=get_logcookie($e_id,$thiscookie)) { // if a reference between the cookie and $e_id is not saved yet, INSERT one..
   add_logcookie($e_id,$thiscookie);
  }
 } elseif($olcookie&&$thiscookie==$olcookie) {
  // we loged this user, and he gots his cookie
  // yas # yet another sheep
 }


I use a table of unique IP's that are referenced to timestamps, information on individual clicks, cookies, proxies, etc. to implement integer ID's for any host that connected to one of my sites. I will not publish all the functions used in this piece of code since it would fail the subject of this article. Still, if you are interested in this project of mine, I might publish it if you ask me to do so :) Nevertheless, to ensure a sane understanding of what's going on, here a short explanation on what these functions do:

  • query_base_entry($r_ip);--returns the unique ID of an IP, $r_ip as referenced to by the database
  • islogcookie($id,$cookie);--queries a database of ip-addresses if a certain cookie is already referenced to IP(s)
  • add_logcookie($id,$cookie);--adds a reference between a $cookie and an IP address as referenced to by $id
  • get_bidbylogcookie($cookie);--returns the unique id of a users IP that has been given a cookie which has now been found to be used by a client with a different ip. This indicates a change of location, like a laptop, or the use of a stealth proxy

    What the above code does is lookup a database for a unique ID linked to the connected user's IP address. If it finds one, it looks if a cookie is set that is also referenced to a different IP address by a local database. If such a cookie is found, the script has detected a user that changed his IP-address or is using a stealth proxy.



    Conclusion


    Programmers

    A client can run, but hiding is a whole different game where rules have to be learned first . . .

    Users

    Using a proxy does not automatically make you anonymous on the web. You need to stealth or erase every reference to you, HTTP headers, and your previous activities cookies to make sure not to be detected.


    References/Lookups

  • PHP-Docs Predefined Variables/$_SERVER
  • PHP-Docs setcookie()
  • RFC2616 Hypertext Transfer Protocol--HTTP/1.1

  • Did you like this article? There are hundreds more.

    Comments:
    Anonymous
    2011-06-03 04:31:34
    I found so many interesting stuff Harga Jual Blackberry iPhone Laptop Murah http://www.macfamous.com/harga-jual-blackberry-iphone-laptop-murah.html in your blog, especially its discussion.
    Anonymous
    2011-06-05 16:18:46
    Anonymous
    2011-06-10 08:38:09
    how about proxy switch example : http://www.bejubel.com/sell/57/Laptop-Notebook.html"> jual laptop
    http://www.bejubel.com">[/b]toko online[/b]
    Anonymously add a comment: (or register here)
    (registration is really fast and we send you no spam)
    BB Code is enabled.
    Captcha Number:


    Blogs: (People who have posted blogs on this subject..)
    elasolova
    My PHP Projects on Sat 26th Sep 10am
    I have been developing PHP applications for almost a year now. I have developed three projects. One is a simple trivia game. The other is a question-answer based community at http://www.javaist.com/quans . The last one is a programming challenge site just
    countll
    Blog entry for Thu 25th Oct 7am on Thu 25th Oct 7am
    soo nu on this wicked world of NET. just decided to dive in today..hope friend aroun here can help

    Test Yourself: (why not try testing your skill on this subject? Clicking the link will start the test.)
    Test of experience (hopefully) by AcidIce

    Things you're only likely to know if you've actually written a lot of PHP before :)


         
    Your Ad Here
     
    Copyright Open Source Institute, 2006