[WEB SECURITY] Detection of TOR/Proxies in Web Applications

Gaurav Kumar gk at pivotalsecurity.com
Fri May 28 18:03:44 EDT 2010


You might like to have a look at this-
http://www.irongeek.com/i.php?page=security/detect-tor-exit-node-in-php; for
detecting proxies, you can find if X-Forwarded-For happens to be in HTTP
header. Note that there is no assurance if proxy server acts as truly
anonymous (X-Forwarded-For may not be present if proxy server is configured
so).

While a bit off-topic, you might also like to look at
http://www.projecthoneypot.org/httpbl.php which provides API (like DNSBL) to
look-up if an ip addresses has been reported as suspicious (for spamming
and/or harvesting).


Thanks,
---
Gaurav  Kumar


-----Original Message-----
From: Chris Schmidt [mailto:cschmidt at servicemagic.com] 
Sent: Friday, May 28, 2010 11:58 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Detection of TOR/Proxies in Web Applications

Is there anyone who has done any type of Anonymous Proxy Detection (TOR or
Open Proxy) inside of a web application? I am currently researching methods
of detecting this type of traffic so that the application can perform
differently or take specific action in those cases.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list