5

Can a Java applet reveal the original client IP address, when browsing through a proxy or a VPN? Why?

D.W.
  • 98,420
  • 30
  • 267
  • 572
Nameless
  • 51
  • 1
  • 2

2 Answers2

9

Yes. Java applets can access the original client IP address using java.net.InetAddress.getLocalHost().getHostAddress() and then send it anywhere.

See also Are there any addons that disable only some functionality of scripts? and the Tor documentation (e.g., this page) for more discussion of how various web technologies could reveal your original client IP address.

Java applets can also bypass your web proxy and send packets directly back to the domain where the applet was loaded from. This then reveals your client's IP address (not the proxy's IP address) to the site hosting the Java applet. A Flash applet can also do something similar.

Also, many proxies will reveal your original client IP address, without the need for Java applets or anything fancy, through the X-Forwarded-For header.

See also Metasploit's Decloaking Engine for more discussion of ways to track you and recover your original (real) IP address.

And finally, you might be interested in How much can I trust Tor?, Different strategies for online anonymity and their +/-s?, Whats the best way to make my internet traffic anonymous?, Does using an http proxy completely hide my real IP address?, How to browse the Internet safely?, How anonymous is my setup?.

Community
  • 1
D.W.
  • 98,420
  • 30
  • 267
  • 572
  • fascinating! I suppose this explains how that website that tells if you are affected by "DNSChanger" works. –  Aug 01 '12 at 03:28
  • This does not seem accurate in regaards to being connected to a VPN. Proxy yes, but as all traffic is routed via a VPN I doubt that method would work in such a situation. – MaxSan Aug 01 '12 at 17:20
  • @MaxSan, give it a try and let us know what you find! I would expect `...getHostAddress()` to reveal your IP address even when using a VPN, but it's entirely possible I've misunderstood something. – D.W. Aug 01 '12 at 17:32
0

If you are behind a router on your connection then that java applet or script the best it can get is 192.168.1.2 .

Best way to avoid those scripts are : Using your modem and using other router ahead , then use your internet thru the router , when using a vpn and if you enter a website with those scripts to get your real ip , the script will get the ip that your router is giving you and not your real isp ip . Even if you connect to thru a vpn and if you use cmd on windows and write : "tracert google.com " , you will see that trace route starts on your lan ip and then goes to your vpn provider .

pedropt
  • 1
  • 1