August 30, 2009
I think people have the wrong idea when they hear about this site, so lets get a few things straight.
1) It's not going to break every browser on every OS using any anonymity network.
2) If you make an effort to secure your browser, then you will probably be alright.
3) If you have no idea if you're secure or not, then you'll probably leak your real IP with some of these tests.
4) The results of these tests are private, and will never be released to the public. Test results are only viewable for about 48hours.
5) If you don't know the difference between a real and spoofed IP address, please leave the Internet right now for your own safety. :-)
The point of this site is to demonstrate flaws in your current browser configuration or anonymity service. This site assumes you are using a anonymity service provider of some sort. If you are not
using a anonymity service, you can still run the test to determine what leaks your browser may have, just don't expect the PASS or FAIL to be accurate. Let me explain why that is.
When you start a test, your reported IP address is temporarly stored. If one of the following tests is successful, then it will report your IP address back to the server. If the IP address from the
start of the test matches the IP address of a executed test, then it says you PASSED. If the IP addresses are different, then it says you FAILED. If the test says NOT DETECTED, that means
your browser will not react to those types of test...which is A GOOD THING.
If you have a transparent anonymity solution, such as JanusPA, JanusVM, or a VPN provider like
Xerobank, then this site will not affect your anonymity.
Here are a couple of things I'm working on:
- Browser UA Spoof detection.
- More tests and 0-days. (I got 3 new ones almost ready)
- A link for each tests to a more detail description of that test.
- A feedback system to allow users the ability to input details about their configuration/anonymity service.
- More stats about what types of OS's and Browser's are being tested with.
- More detailed stats about each test, and the total number of PASSED, FAILED, and NOT DETECTED results.
- Make a downloadable copy of your test results.
Check back here in a week or two for new tests and updates.
- Kyle
August 24, 2009
- Updated the stats page to have more relevant/accurate information.
- Worked on more detailed stats page. Not ready for public release.
- Kyle
August 15, 2009
Fixed Test 5: The NEWS:// URI
Test 5 now defeats the latest NoScript (v 1.9.8.7) on Firefox (3.0/3.5), possibly earlier versions too.
The problems were:
1) The News/NNTP daemon wasn't running for more than 1 test.
2) The payload for the test was only using a META refresh tag, instead of both the META refresh tag and the Refresh HTTP header.
Noscript does not block the loading of external URI's through HTTP Refresh headers, and that can launch third party applications. In this case we use that to find your IP address, but if one were to find a vulnerability in a third-party application, then it could lead to much more than just leaking your IP address.
- Kyle