IP Unmasker

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Post Reply

Rating:

Excellent!
14
61%
Very Good
5
22%
Good
0
No votes
Fair
2
9%
Poor
2
9%
 
Total votes: 23

Extensions Robot
Extensions Robot
Extensions Robot
Posts: 29220
Joined: Sat Aug 16, 2003 7:36 am

IP Unmasker

Post by Extensions Robot »

Modification name: IP Unmasker
Author: TerraFrost
Modification description: Attempts to determine someone's "real" IP address, using a myriad of techniques, and "blocks" such people.
Modification version: 2.0.1
Tested on phpBB version: See below

Download file: proxy_revealer.zip
File size: 11834 Bytes

Modification overview page: View


Selected tags:
  1. Category
    1. Security
  2. phpBB
    1. 2.0.23
Support for this modification needs to be asked within this topic. The phpBB Team is not responsible or required to give anyone support for this modification. By installing this MOD, you acknowledge that the phpBB Support Team or phpBB MODifications Team may not be able to provide support.

This MOD has only been tested by the phpBB MOD Team with the phpBB version listed in the topic. It may not work in any other versions of phpBB.
Last edited by Extensions Robot on Mon Oct 13, 2008 5:54 pm, edited 3 times in total.
(this is a non-active account manager for the phpBB Extension Customisations Team)
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

MOD Validated/Released

Notes:
I think the MOD Description says it all :)
User avatar
WileCoyote
Registered User
Posts: 432
Joined: Sun Jan 15, 2006 7:37 am
Location: Austria
Name: Wolfgang
Contact:

Post by WileCoyote »

Little Problem here. In general configuration it is not shown which detection method is selected.
User avatar
igorw
Former Team Member
Posts: 8024
Joined: Fri Dec 16, 2005 12:23 pm
Location: {postrow.POSTER_FROM}
Name: Igor Wiedler

Post by igorw »

Sounds like a cool MOD, i'll have a look at it :)
Igor Wiedler | area51 | GitHub | trashbin | Formerly known as evil less than three
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

Little Problem here. In general configuration it is not shown which detection method is selected.


I just installed it on my testboard and everything that should have been checked off in "IP Masking Block" was...

Can you post a screenshot?
spawn_
Registered User
Posts: 45
Joined: Tue Jan 25, 2005 10:02 pm

Post by spawn_ »

What are the possible restrictions for its proper working? I mean is its working restricted to Apache web server, for example?
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

There are no server-side restrictions, aside from the fact that you need to be running PHP and have some sort of SQL server.
spawn_
Registered User
Posts: 45
Joined: Tue Jan 25, 2005 10:02 pm

Post by spawn_ »

Ok, thanks, I'll have a try. :)
acharabia
Registered User
Posts: 139
Joined: Fri Sep 27, 2002 4:41 pm
Location: SEOUL/KOREA
Contact:

Post by acharabia »

No problem to instal and work on my phpbb...
But what the really and exactly is this MOD for?
Hacker who need for cracking my phpbb and his IP masked...
This MOD pick his IP up at my conffig-board?
Show his IP exactly at my admin-config?
And after? We have already blocked or ban user IP default phpbb,
haven't we? But he will be able to comming into
my phpbb board with IP unvisible?!?! Is this right?

And what is that? ( ?x? ) bottom of each page.
There is no way to omit this? I don't know
this MOD fonction until I understand clearly
and see exactly how to fonction... Everyone
need more explain easily to understand below.
IP Masking Block
Select which detection methods you would like to have block users. Java XSS X-Forwarded-For
Image
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

acharabia wrote: But what the really and exactly is this MOD for?

When someone masks their IP address, there are two IP addresses at play. Their real IP address and their masked one. This MOD will try determine the real IP address and will block if the real IP address is different than the masked one.
Hacker who need for cracking my phpbb and his IP masked...
This MOD pick his IP up at my conffig-board?
Show his IP exactly at my admin-config?

Ideally, yes.
And after? We have already blocked or ban user IP default phpbb,
haven't we?

If they can mask their IP once, why can't they do it again?
But he will be able to comming into
my phpbb board with IP unvisible?!?! Is this right?

I'm not sure what you mean by "IP unvisible". If you mean that they can continue masking their IP address... yup - they can.
And what is that? ( ?x? ) bottom of each page.

This MOD adds a hidden iframe to the bottom of each page. The width / height / border are all set to 0, so you shouldn't be seeing anything. If you are seeing something, you're either using Internet Explorer 2.0 or something, or you've not installed the MOD correctly.

(I don't see a red X at the bottom of your forum, btw)
There is no way to omit this?

Assuming you're refering to the hidden iframe - no. Not if you want this MOD to work.
I don't know
this MOD fonction until I understand clearly
and see exactly how to fonction... Everyone
need more explain easily to understand below.
IP Masking Block
Select which detection methods you would like to have block users. Java XSS X-Forwarded-For

To a lay person, those options are not likely to mean anything. Such people ought not change those settings.

However, to give a readers digest version of what they do...

This MOD employees three techniques to figure out peoples "real" IP address. It looks at the X-Forwarded-For header in HTTP requests.

If you've configured a "traditional" proxy through your web browser, it'll use a Java applet to bypass these settings. This works because I'm using the Socket object. Firefox's only requirement for the proxies that are configured through it are that they work with HTTP. The Socket object does not have this requirement, so Java cannot use Firefox's settings to rewrite the request appropriatly.

Finally, if you're using a web-based proxy (aka cgi proxy) a method similar to XSS will be employeed. To understand how this works, lets consider how "proxies" such as these work. They rewrite all links such that those links instead go through their website. The problem is that they usually only do this in html tags. This MOD serves up some HTML in a charset that doesn't use traditional html tags. This method has been used, in the past, to conduct an IE-only XSS exploit on Google.

Of these methods, the XSS one is probably going to be the toughest to understand for the lay-person. In fact, I doubt I could explain the finer points of XSS in a single post, nor am I very interested in trying.
acharabia
Registered User
Posts: 139
Joined: Fri Sep 27, 2002 4:41 pm
Location: SEOUL/KOREA
Contact:

Post by acharabia »

Ohhh~ goooda~ I understood now~ hehe~ :wink:
Anyway you gave always useful phpbb MOD~
Actually, I should understand how to fonction
very clearly for translation. But ?x? show each page
of bottom maybe code position wrong in page-tail.php
I can't find "global $do_gzip_compress;"
Checking this again plz.
#
#-----[ OPEN ]------------------------------------------
#
includes/page_tail.php
#
#-----[ FIND ]------------------------------------------
#
global $do_gzip_compress;
#
#-----[ AFTER, ADD ]------------------------------------
#
#
#-----[ OPEN ]------------------------------------------
#
includes/sessions.php
#
#-----[ FIND ]------------------------------------------
#
$userdata['session_key'] = $sessiondata['autologinid'];

Code: Select all

#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_main.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]-----------------------------------
#
$lang['IP_Mask_Blocked'] = 'Your IP address has been blocked for this session as it appears to be masked.';
This notice show his(=person's masked IP) page?
when he click my phpbb address after blocking his IP by me
on admin-config-board . doesn't it? So I've never seen that sentence,
haven't I? Because I can't, don't need to block my IP. do I?
Last edited by acharabia on Tue Oct 03, 2006 2:43 pm, edited 1 time in total.
Image
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

acharabia wrote: But ?x? show each page
of bottom maybe code position wrong in page-tail.php

I doubt the position is wrong (indeed, I doubt the position would even make a difference). Can you post a link to the board on which you've installed this?
I can't find "global $do_gzip_compress;"
Checking this again plz.
#
#-----[ OPEN ]------------------------------------------
#
includes/page_tail.php
#
#-----[ FIND ]------------------------------------------
#
global $do_gzip_compress;
#
#-----[ AFTER, ADD ]------------------------------------
#

Can you copy / rename your page_tail.php as page_tail.txt and post the link?

Code: Select all

#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_main.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]-----------------------------------
#
$lang['IP_Mask_Blocked'] = 'Your IP address has been blocked for this session as it appears to be masked.';
This notice show his(=person's masked IP) page?

That's the message that people who are masking their IP addresses should see, yes.
acharabia
Registered User
Posts: 139
Joined: Fri Sep 27, 2002 4:41 pm
Location: SEOUL/KOREA
Contact:

Post by acharabia »

//
// Close our DB connection.
//
$db->sql_close();

//
// Compress buffered output if required and send to browser
//
if ( $do_gzip_compress )

//IP Unmasker MOD begin
if ( $userdata['session_speculative_test'] < 0 )
{
$template->assign_block_vars('speculative_test',array());

$userdata['session_speculative_key'] = substr(dss_rand(),0,10);

$sql = "UPDATE ".SESSIONS_TABLE."
SET session_speculative_test = 0, session_speculative_key = '{$userdata['session_speculative_key']}'
WHERE session_id = '{$userdata['session_id']}'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR,'Unable to update session table','',__FILE__,__LINE__,$sql);
}
}
//IP Unmasker MOD end

{
//
// Borrowed from php.net!
//
$gzip_contents = ob_get_contents();
ob_end_clean();

$gzip_size = strlen($gzip_contents);
$gzip_crc = crc32($gzip_contents);

$gzip_contents = gzcompress($gzip_contents, 9);
$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);

echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
echo $gzip_contents;
echo pack('V', $gzip_crc);
echo pack('V', $gzip_size);
}
exit;
?>


This is my page-tail.php after code editing. Is it correct?
Ahha!!! I got it!!! That position wrong!!! Manuall below will be
fonction correctly that mean there is no ?x? sign on each
bottom of page when I re-position like below. But I'm not sure
totally this MOD fonction doesn't have any problem?!?!
Look and check again session.php below.
That line either no find on my session.php
#
#-----[ OPEN ]------------------------------------------
#
includes/page_tail.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]------------------------------------
#

if ( $userdata['session_speculative_test'] < 0 )
{
$template->assign_block_vars('speculative_test',array());

$userdata['session_speculative_key'] = substr(dss_rand(),0,10);

$sql = "UPDATE ".SESSIONS_TABLE."
SET session_speculative_test = 0, session_speculative_key = '{$userdata['session_speculative_key']}'
WHERE session_id = '{$userdata['session_id']}'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR,'Unable to update session table','',__FILE__,__LINE__,$sql);
}
}

}
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;

$userdata['session_speculative_test'] = -1;
$userdata['session_speculative_key'] = NULL;


setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);

$SID = 'sid=' . $session_id;

return $userdata;
}


This is session.php in my phpbb... Is it correct?
I can't find your line... So I put it there...
There is no ["$"] [$-1, $NULL] are maybe...
hmmmm... :cry: Anyway I solved ?x? problem
each bottom of pages... Thank to serve this MOD~ :wink:
OK~ Never mind other things about [$] I didn't touched it.
Here you go also lang-pak~ That's the way it was~ :wink:
(But... what's that? View Complete List?!?! I just leave alone.)

lang_admin.php

Code: Select all

$lang['Speculative_IPs'] 		= '위장 아이피 적발';
$lang['Speculative_IP_explain'] 	= '
이곳에서는 그 장치가 무엇을 이용하였든, 충분히 검증되어 내 게시판에 
접속 되지 않았을지라도 위장 아이피를 사용하여 내 게시판에 접속한 후, 
어떠한 위해를 가하려는 여러가지 시도도 사전에 적발해 낼 수 있읍니다.';

$lang['Spoofed_IP'] 			= '접속한 위장 아이피';
$lang['Real_IP'] 			= '접속한 실제 아이피';
$lang['Method_Used'] 			= '접속한 위장 방법';
$lang['Search_For'] 			= '접속한 위장 이이피 검색';
$lang['Method_Used_explain'] 		= '사용된 위장 방법';
$lang['Real_IP_explain'] 		= '실제 아이피 혹은 근사치 아이피';
$lang['View_List'] 			= 'View Complete List';
$lang['Most_Recent'] 			= '가장 최근';
$lang['Least_Recent'] 			= '근접 최근';
$lang['Show'] 				= '노출행수';

// i'm not sure why anyone would want to translate the following, but whatever.
$lang['Java'] 				= 'Java';
$lang['X-Forwarded-For'] 		= 'X-Forwarded';
$lang['XSS'] 				= 'XSS';

$lang['IP_Block'] 			= '위장 아이피 적발-차단';
$lang['IP_Block_explain'] 		= '
어떠한 방법으로 위장 아이피를 적발-차단할 것인지를 선택합니다.';
lang_main.php

Code: Select all

$lang['IP_Mask_Blocked'] = '귀하께서 접속한 아이피는 본 게시판에 위해 요소를 지닌 위장 아이피로 판명되었으므로 차단 되었읍니다.';
Last edited by acharabia on Tue Oct 03, 2006 3:58 pm, edited 3 times in total.
Image
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

You don't want to add it after "if ( $do_gzip_compress ) ". Since the global thing doesn't exist in yours, just add it before this:

Code: Select all

if ( !defined('IN_PHPBB') )
{
	die('Hacking attempt');
}
Your changes to sessions.php look okay, although if you're not finding that line, then I don't think you're running the latest version of phpBB on whichever board you've installed this on?
There is no ["$"] [$-1, $NULL] are maybe...

eh? I'm not really sure what you mean by that..
Mike O'Hara
Registered User
Posts: 118
Joined: Sat Sep 09, 2006 7:00 pm
Contact:

Post by Mike O'Hara »

Is this compatible with your "Log IP On Registration" mod thingy?
Post Reply

Return to “[2.0.x] MOD Database Releases”