Hi when using a Proxy server to hide your IP for Privacy and you have Javascript turned on which you need to, to load some web pages, is there a way that the people from the servers you are connecting to can find out your real IP address if you have javascript turned on??

if so how would you prevent Javascript from revealing your real IP address??

{QUOTE-> Hi when using a Proxy server to hide your IP for Privacy and you have Javascript turned on which you need to, to load some web pages, is there a way that the people from the servers you are connecting to can find out your real IP address if you have javascript turned on??

if so how would you prevent Javascript from revealing your real IP address?? <-QUOTE}

Even if you are using Tor, Javascript can still reveal your REAL IP. And many websites know this... so they refuse to work unless JavaScript is on. And if you disable Javascript, you cannot access their website features.

Whatever you do on the internet, NOTHING can hide your details 100%.

So don't do anything illegal or improper, because they can find you no matter what. Not even Tor or other "privacy or anonymous" services can guarantee you being 100% anonymous.

the must be some sort of way to prevent javascript from showing real IP?

is the any web filtering software which can filter in and out going javascript information?

Or use a proxy server which does its job Properly by not allowing your IP to be transfered in Javascript.?

Here are some demos to see if your proxy is being bypassed:

Flash (http://evil.hackademix.net/proxy_bypass/)

Java (http://www.frostjedi.com/terra/scripts/ip_unmasker.php?mode=utf16/)

Javascript (http://ha.ckers.org/weird/tor.cgi)





If you have FirefoxNoScript Firefox Add-on (https://addons.mozilla.org/en-US/firefox/addon/722) seems to help block scripts that can bypass your proxy. Also, make sure you have a well configured firewall too. Go here for a leak test. (http://www.grc.com/lt/leaktest.htm)
This isn't a perfect solution but it is a start.

TruthSeeker,

Javascript, alone, cannot reveal your "real" IP.

While there are other good reasons to disable Javascript in your browser, loss of anonymity of IP is not one of them. Many people are confused on this point. It is Java that is your worst friend when it comes to revealing your IP - not the Javascript scripting language. Keep away from active Java in your browser!

arran, besides JavaScript, there are other methods to find out who is visiting a Web site. For example, on a Microsoft server, a Webmaster can create an ASP page that can retrieve a Collection of ASP ServerVariables (http://www.w3schools.com/asp/coll_servervariables.asp). Example 2, at the bottom of the page, demonstrates how to reveal a visitor's browser type, IP address, and much more.

{QUOTE-> TruthSeeker,

Javascript, alone, cannot reveal your "real" IP.

While there are other good reasons to disable Javascript in your browser, loss of anonymity of IP is not one of them. Many people are confused on this point. It is Java that is your worst friend when it comes to revealing your IP - not the Javascript scripting language. Keep away from active Java in your browser! <-QUOTE}

Are you 100% certain about that?

He seems certain to me. {QUOTE-> Here are some demos to see if your proxy is being bypassed:

Flash

Java

Javascript <-QUOTE}

These failed :) Only one I have disabled is Java.

yea I am using using SSH tunnel proxy, not worried about Java and Flash because I always have them disabled, but it good to know javascript doesn't reveal it because you sometimes need javascript on to view web pages.



{QUOTE-> arran, besides JavaScript, there are other methods to find out who is visiting a Web site. For example, on a Microsoft server, a Webmaster can create an ASP page that can retrieve a Collection of ASP ServerVariables (http://www.w3schools.com/asp/coll_servervariables.asp). Example 2, at the bottom of the page, demonstrates how to reveal a visitor's browser type, IP address, and much more. <-QUOTE}

Would these asp servervariables show your real IP even when using a proxy??
How would you prevent you your pc from revealing that information in example 2 ??

{QUOTE-> Would these asp servervariables show your real IP even when using a proxy??
How would you prevent you your pc from revealing that information in example 2 ?? <-QUOTE}
Unfortunately, yes. The REMOTE_ADDR variable returns your IP address and the HTTP_REFERER variable would show your proxy IP Adress.

Example 2 shows what can be done from an HTML (regular Web site page) standpoint, but a good Webmaster would use a server-side ASP page, that no one can touch unless the server is hacked, to discover that information. AFAIK you can't prevent ASP server-side scripts from running unless you stop visiting that particular site.

Whenever someone starts spamming one of my client Web site's online form, I include the above 2 variables inside the ASP code and once the info is collected, it automatically blocks their IP Address via a script. The next time they click the Submit button, the form code is processed and they are redirected to Google.

None of the above proofs of concepts will reveal an IP address with Xerobank VPN. I have also tried them with Iphantom and they cannot bypass that either. Of course Iphantom is no longer available for purchase. I assume that other VPN's, or at least some of the others will protect you also.

If you are going to use tor, it is my understanding that if you use JanusVM, you do not need to worry about Java and javascript. Use them all you like. And evidently when you exit out of the machine, it leaves nothing at all behind on your computer.

Where can I test the ASP-example2?

mp3, first, welcome to Wilders! Go to the w3schools.com's ASP Request Object (http://www.w3schools.com/asp/asp_ref_request.asp) page and under the Other Examples section, click on the Get the server variables link for the example 2 test. Be aware that this ASP script does not contain the HTTP_REFERER or any of the other Server_Variables (http://www.w3schools.com/asp/coll_servervariables.asp) that can be added to a Web form.

I think we should not ask that question, but another one:

What can we do to use Java/Javascript and at the same time, prevent our browser from sending our real IP back to the website who requested that information, using some kind of technique? I mean, if the firewall can block that request and force those callings to be redirected to your proxy/Tor node (or something similar), then you will be able to use Javascript with no restrictions... and never fear about your real IP being revealed.

There's one thread about this subject where the firewall rules were discussed:
http://www.wilderssecurity.com/showthread.php?p=1107681

I think I was capable of blocking the Javascript IP reveal technique by setting those firewall rules. But I wonder if the rules can cover all possibilities if we are talking about Java/Javascript and why not, Flash.

To prevent js, java, flash, etc from leaking your local information, you have to change your local information that it knows, because the implementation of these are inherently weak. To change the local environment it sees, you must run your browser in a completely virtualized environment, such as Rockate, Incognito, or xB Machine.