[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Reducing java leakage in windows



phobos@xxxxxxxxxx wrote:
On Sun, Dec 02, 2007 at 11:35:49PM -0800, jacob@xxxxxxxxxxxxx wrote 0.9K bytes in 21 lines about:
: I remember these tests. I can't seem to find a copy of the applets you
: used. Are you willing to publish them? Or point me in the right
: direction should I want to try implementing them?

http://exitthematrix.dod.net/matrixmirror/ar01s05.html  Jump down to the
"Web bugs" section.  It references
http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from
http://www.inet-police.com/cgi-bin/env.cgi

There is another more thorough test of a java applet completely ignoring
the jvm proxy configuration.  However, my google-fu is weak.

When I read that example it seems to indicate that the applet reads your IP address locally and then submits it back to the originating web site through the proxy. The applet does not seem to ignore proxy settings (i.e. it does not seem to open a non-proxied connnection); it just submits identifying information through the proxied connection.

Jacob, Steve: I don't want to publish my complete ready-to-run code on the list, but here is an excerpt:

/***********/

Socket socket_to_originating_host = null;
int tcp_port = 80;
InetSocketAddress originating_host =
  new InetSocketAddress(getCodeBase().getHost(), tcp_port);

try {
      socket_to_originating_host = new Socket(Proxy.NO_PROXY);
      // timeout is in milliseconds
      socket_to_originating_host.connect(originating_host, 10000);
      System.out.println(
       "Socket Local Address = " +
       socket_to_originating_host.getLocalAddress().getHostAddress());
}

catch (Exception e) {
      System.out.println("EXCEPTION THROWN:  " + e);
      System.exit(1);

}

/************/

More details can be found in the paper "Internet Geolocation" on my web site.

-James