Anonymiser.com might reveal your IP (fwd)

measl at mfn.org measl at mfn.org
Tue Nov 27 15:18:32 PST 2001


---------- Forwarded message ----------
Date: Tue, 27 Nov 2001 14:55:11 +0000
From: Klaxon <klaxon at netcabo.pt>
To: Bugtraq <bugtraq at securityfocus.com>
Cc: NUKE Borgas <nukeborgas at yahoogroups.com>
Subject: Anonymiser.com might reveal your IP


  Hello, if this has been discussed in the past just tell me to sod off.
  While playing with proxy configurations for a machine at home I came 
 across a questionable behaviour from www.anonymiser.com. I stuck netcat
 on port 80 of this machine and than surfed back to it through Anonymiser.
 I know there's a transparent proxy on my ISP and apparently it attaches
 a "Client-ip: x.x.x.x" field to all http requests. What's fun is that
 Anonymiser happily copies this field to its own http request. Actually
 it will pass along any field sent with your request, which makes sense
 for "Accept-..." stuff but is obviously a bad ideia for anything else. 

-------------------------------------
[~]# nc -l -p 80

GET / HTTP/1.0
Host: foo.bar.com
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Charset: iso-8859-1, utf-8;q=0.66, *;q=0.66
Accept-Encoding: identity
User-Agent: Mozilla/4.78 (TuringOS; Turing Machine; 0.0)
Client-ip: X.X.X.X <------------ BOOM!
Via: HTTP/1.1 proxy-02[XXXXXXX] (Traffic-Server/3.5.7 [XXXXXXXX])
-------------------------------------

  So beware if you trust this service and there's an unknown proxy
 somewhere along the wire. Please note this experience was with
 Anonymiser.com's free service. I would like to know if anyone paying
 for it can confirm this.
  To try it: launch netcat on your port 80 (nc -l -p 80), telnet to
 www.anonymiser.com on port 80 and request your address:

[~]$ telnet www.anonymiser.com 80
Trying 168.143.112.10...
Connected to www.anonymiser.com.
Escape character is '^]'.
GET http://your.ip.goes.here HTTP/1.0
Foo-bar: it hurts

 Netcat should spit this:

[~]# nc -l -p 80
GET / HTTP/1.0
Host: your.ip.goes.here
Foo-bar: it hurts
Connection: Keep-Alive

 If Foo-bar is there so can a Client-ip be.


-- 
EOF





More information about the cypherpunks-legacy mailing list