Monday, 9 December 2013

X-Forwarded-For: Proxy Server Detection

Do you know it may be possible to detect your actual IP address (source IP) even though a proxy server is used? Yes...it is possible most of the time. Please read on and I will tell you how it may be possible.

The X-Forwarded-For (XFF) HTTP header field is used for identifying the originating IP address of a client connecting to a web server through an HTTP proxy (Wikipedia article on X-Forwarded-For HTTP header field). This field, if set/modified by the proxy server, enables a web-server to detect whether a client/browser is connecting directly or via a proxy server.

The following simple python script shows the difference in the HTTP request headers when a programmatic HTTP request is made via a proxy server.



Output of the above Python script is:



As we can see from the output, there is an extra field (X-Forward-For) present in the HTTP request header when the web request is made via an HTTP proxy server. Hence, using this field the web-server can easily identify that this request is made via a proxy server. A simple comparison of the value of 'X-Forward-For' with the source IP of the TCP connection (in this case it is the proxy IP of 65.182.107.98) will reveal the truth.

Note that, I have masked my source IP address (xxx.xxx.xxx.xxx). If you run the above script you will see your actual source IP address (without mask) as the value for the X-Forward-For field.

Check out this informative article on Typosquatting: Typosquatting


No comments:

Post a Comment