proxy:HTTP:X_Forwarded_For

[ommy]

hello people
I have a question here. As we all know that a proxy service is used to proxify the request originated from the end station or to conceal its ip address. IMHO, I think, that the ip address of the end station(from where the request is originated, passing through a proxy service) can be still known, if you strip off the proxy header (the header given to the packet by proxy service ). There is a field in the http header about X_Forwarded_For which gives you the ip address of end station, even after passing through a proxy service. Please ******** me on this.I may be wrong. I am posting a URL here which gives you all information of your http header, and it gives you the ip of any intermediate server(if you are going through a proxy server), as well as the ip of end station.
http://inet-police.com/cgi-bin/env.cgi

Lately, there had been a thread , which have information about an application that spoofes the http header information. I could'nt find that thread again in any forum. Please anyone refer to the thread.

[slarty]

Mine seems to send both

Code:

X-Forwarded-For:

and

Code:

Client-Ip:

Both have the same value, which is my IP address.

As far as spoofing header information is concerned - yes, the client could put anything it wanted in that (or any other) header. So it should not be relied on for security.

Slarty

[ammo]

I'm not quite sure what the question is exactly, but the X-Forwarded-For field can be use for configurations where you have cascading proxies or a content filter before the proxy and you want the upstream proxy to do IP ACL filtering; if the X-Forwarded-For feature isn't configured (or availible) on the first proxy/content filter, the second proxy will only have the first's proxy/filter's IP to filter on, which isn't much use! If the first proxy/filter does add a valid X-Forwarded-For field to the http request, the second proxy will (squid can, but with a patch) be able to filter on that...

That's one use for the X-Forwarded-For field...

Ammo

[ommy]

I thought I made myself clear. But probably, I was not very precise in asking question thats why this thread didnt get much response. All the ways, putting it simple, my question is here.
As I know , that when an IP packet is originated from a client, its header include its Ip address. When it passes through a proxy server, proxy wrap up the packet with its own IP. My question is that at the other end (where the packet is intended to arrive), can the proxy header be stripped off and client's IP(from where the packet has originated) could be exposed to someone at the "other" end.
I hope i am making myself clear.
Thanx
Ommy
Please do response...coz my teacher is also intrested in knowig this fact.

[Tim_axe]

Well most proxies you come across will just wrap it the way you are talking about. So yes, by looking at what is in the HTTP header can get you information on where a packet came from if behind a proxy. I think that this is how AntiOnline may show a Proxy Detected message under some user's posts.

There are also proxies called Anynomous Proxies, and I think that these take care to remove the original IP address. When you use these, it doesn't look like a proxy and AntiOnline will not be able to detect it.

There was a discussion a while back where someone asked why the proxy detected showed under their name... http://www.antionline.com/showthread...Proxy+Detected You may consider reading through the posts there since the information may be what you are looking for.

Also, Negative, a moderator here, put up a link to his proxy checker (on his server too)... It looks at the HTTP Headers and determines if it looks like you are behind a proxy or not. I think it will say "it doesn't look like you are using a proxy" if you use an anynomous proxy, since that information isn't passed on those... http://www.neg.be/php/checker.php