Reducing java leakage in windows
James Muir
jamuir at cs.smu.ca
Mon Dec 3 15:11:37 UTC 2007
phobos at rootme.org wrote:
> On Sun, Dec 02, 2007 at 11:35:49PM -0800, jacob at appelbaum.net wrote 0.9K bytes in 21 lines about:
> : I remember these tests. I can't seem to find a copy of the applets you
> : used. Are you willing to publish them? Or point me in the right
> : direction should I want to try implementing them?
>
> http://exitthematrix.dod.net/matrixmirror/ar01s05.html Jump down to the
> "Web bugs" section. It references
> http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from
> http://www.inet-police.com/cgi-bin/env.cgi
>
> There is another more thorough test of a java applet completely ignoring
> the jvm proxy configuration. However, my google-fu is weak.
When I read that example it seems to indicate that the applet reads your
IP address locally and then submits it back to the originating web site
through the proxy. The applet does not seem to ignore proxy settings
(i.e. it does not seem to open a non-proxied connnection); it just
submits identifying information through the proxied connection.
Jacob, Steve: I don't want to publish my complete ready-to-run code on
the list, but here is an excerpt:
/***********/
Socket socket_to_originating_host = null;
int tcp_port = 80;
InetSocketAddress originating_host =
new InetSocketAddress(getCodeBase().getHost(), tcp_port);
try {
socket_to_originating_host = new Socket(Proxy.NO_PROXY);
// timeout is in milliseconds
socket_to_originating_host.connect(originating_host, 10000);
System.out.println(
"Socket Local Address = " +
socket_to_originating_host.getLocalAddress().getHostAddress());
}
catch (Exception e) {
System.out.println("EXCEPTION THROWN: " + e);
System.exit(1);
}
/************/
More details can be found in the paper "Internet Geolocation" on my web
site.
-James
More information about the tor-talk
mailing list