Can Java Script Show Real IP address?

Hi when using a Proxy server to hide your IP for Privacy and you have Javascript turned on which you need to, to load some web pages, is there a way that the people from the servers you are connecting to can find out your real IP address if you have javascript turned on??

if so how would you prevent Javascript from revealing your real IP address??

 

Even if you are using Tor, Javascript can still reveal your REAL IP. And many websites know this... so they refuse to work unless JavaScript is on. And if you disable Javascript, you cannot access their website features.

Whatever you do on the internet, NOTHING can hide your details 100%.

So don't do anything illegal or improper, because they can find you no matter what. Not even Tor or other "privacy or anonymous" services can guarantee you being 100% anonymous.

 

the must be some sort of way to prevent javascript from showing real IP?

is the any web filtering software which can filter in and out going javascript information?

Or use a proxy server which does its job Properly by not allowing your IP to be transfered in Javascript.?

 

Here are some demos to see if your proxy is being bypassed:

Flash

Java

Javascript





If you have FirefoxNoScript Firefox Add-on seems to help block scripts that can bypass your proxy. Also, make sure you have a well configured firewall too. Go here for a leak test.
This isn't a perfect solution but it is a start.

 

TruthSeeker,

Javascript, alone, cannot reveal your "real" IP.

While there are other good reasons to disable Javascript in your browser, loss of anonymity of IP is not one of them. Many people are confused on this point. It is Java that is your worst friend when it comes to revealing your IP - not the Javascript scripting language. Keep away from active Java in your browser!

 

Are you 100% certain about that?

 

He seems certain to me.

These failed Only one I have disabled is Java.

 

yea I am using using SSH tunnel proxy, not worried about Java and Flash because I always have them disabled, but it good to know javascript doesn't reveal it because you sometimes need javascript on to view web pages.

Would these asp servervariables show your real IP even when using a proxy??
How would you prevent you your pc from revealing that information in example 2 ??

 

None of the above proofs of concepts will reveal an IP address with Xerobank VPN. I have also tried them with Iphantom and they cannot bypass that either. Of course Iphantom is no longer available for purchase. I assume that other VPN's, or at least some of the others will protect you also.

If you are going to use tor, it is my understanding that if you use JanusVM, you do not need to worry about Java and javascript. Use them all you like. And evidently when you exit out of the machine, it leaves nothing at all behind on your computer.

 

Where can I test the ASP-example2?

 

I think we should not ask that question, but another one:

What can we do to use Java/Javascript and at the same time, prevent our browser from sending our real IP back to the website who requested that information, using some kind of technique? I mean, if the firewall can block that request and force those callings to be redirected to your proxy/Tor node (or something similar), then you will be able to use Javascript with no restrictions... and never fear about your real IP being revealed.

There's one thread about this subject where the firewall rules were discussed:
https://www.wilderssecurity.com/showthread.php?p=1107681

I think I was capable of blocking the Javascript IP reveal technique by setting those firewall rules. But I wonder if the rules can cover all possibilities if we are talking about Java/Javascript and why not, Flash.

 

To prevent js, java, flash, etc from leaking your local information, you have to change your local information that it knows, because the implementation of these are inherently weak. To change the local environment it sees, you must run your browser in a completely virtualized environment, such as Rockate, Incognito, or xB Machine.