The X-Forwarded-For (XFF) HTTP header field is used for identifying the originating IP address of a client connecting to a web server through an HTTP proxy (Wikipedia article on X-Forwarded-For HTTP header field). This field, if set/modified by the proxy server, enables a web-server to detect whether a client/browser is connecting directly or via a proxy server.
The following simple python script shows the difference in the HTTP request headers when a programmatic HTTP request is made via a proxy server.
Output of the above Python script is:
Output of the above Python script is:
As we can see from the output, there is an extra field (X-Forward-For) present in the HTTP request header when the web request is made via an HTTP proxy server. Hence, using this field the web-server can easily identify that this request is made via a proxy server. A simple comparison of the value of 'X-Forward-For' with the source IP of the TCP connection (in this case it is the proxy IP of 65.182.107.98) will reveal the truth.
Note that, I have masked my source IP address (xxx.xxx.xxx.xxx). If you run the above script you will see your actual source IP address (without mask) as the value for the X-Forward-For field.
Check out this informative article on Typosquatting: Typosquatting
No comments:
Post a Comment