----
Due to lack of help in developing this MOD, I am the only one debugging the issue some people complained about (being unable to log in as admin or user after installing this MOD), and so I would appreciate any input/testing from others.
PLEASE DO NOT TEST THIS ON A LIVE/PRODUCTION FORUM YET! (At least until we find and fix the source of this bug)
More on that here...
Modification Name: Proxy Revealer Olympus
Author: jasmineaura
phpBB2 Author: TerraFrost
phpBB2 MOD: Proxy Revealer (IP unmasker)
Modification Description:: This is a port of Proxy Revealer 2.0.1 (phpBB2) to phpBB3. Attempts to determine someone's "real" IP address, using a myriad of techniques, and "blocks" such people. Original techniques included XSS, Java, and X_FORWARDED_FOR checks. In this port, Flash has been added as yet another unmasking technique. There maybe additional techniques added on later.
Modification Version:: 0.3.3 BETA
Requirements:
- phpBB3.x
- *Optional* Shell access on the hosting server as normal user if the Flash technique is to be used (for running included perl XMLSocket daemon script - Win/Linux/BSD/Solaris should all be supported)
- HTTP(S)/SOCKS Proxy Detection by Flash and Java applet techniques, and optional blocking.
- HTTP(S)/SOCKS Proxy Detection by Tracking-IP Cookie, and optional blocking.
- CGI-Proxy Detection by XSS and Flash techniques, and optional blocking.
- Transparent HTTP Proxies Detection with X_FORWARDED_FOR technique, and optional blocking.
- Optional "Require Javascript enabled" feature (helps circumvent Firefox with "NoScript" addon).
- Optional auto-banning of unmasked IP addresses with the chosen blocking techniques above.
- Blocking/Banning done within the confines of phpBB3's "Session IP Validation" setting in the ACP.
- Auto-Logging masked/unmasked IP addresses with possible extended info if Flash/Java was used.
- Exception List Management for excluding particular proxy servers you may be running.
New Features in 0.3.0:
- Option in "Settings" to completely disable this MOD
- Optional blocking of all Tor exit-nodes IPs with the "Tor IPs" method (uses TorDNSEL)
- Optional "Defer Scan Methods" in "Settings" (to allow for username exceptions)
- Sections in "Exceptions" to add/remove Usernames to/from the exceptions list
- Installer (also works as Updater for old releases that didn't store the MOD version in the database). Automates SQL setup and ACP Modules installation.
- Signed & Trusted Java applet (Thawt signing authority). No more server-side workarounds needed for the Java detection method.
- HTTP(S)/SOCKS/CGI Proxy Detection by RealPlayer technique, and optional blocking.
- CGI-Proxy Detection now possible with the updated Java technique (along with HTTP(S)/SOCKS)
- DNSBL checking; allows logging and optionally blocking IPs listed as Open HTTP/SOCKS proxies in the appropriate DNSBLs
Example showing the use of a CGI-Proxy to visit the forum site, and the blocking in action after first click (detection methods XSS & Flash in action in the background):
Auto-banning enabled -> example showing browser using HTTP Proxy getting ban message after first click (detection methods Flash & Java in action in the background):
Screenshots of the detection of flash (no flash, or old flash version < 9.0):
- No Flash detected but javascript enabled, user gets a DHTML/AJAX popup with sneaky message to lure them to install it:
- Flash version older than 9.0 detected, user gets a popup and prompt to upgrade their flash version automatically using the expressInstall method of swfobject (latest version as of date - 2.1 - is used)
Signed & Trusted Java applet (since version 0.3.1):
Admin Screenshots:
External IPs Log:
(showing a CGI-Proxy's URL that was used when you roll over the "XSS" link - opens in a popup if clicked)
Internal IPs Log:
Search Functionality:
(clicking a masked ip automatically searches for all other real IPs that used that proxy, including all methods that detected it)
Whois Functionality:
(clicking a real ip automatically pops up a window with the whois results - imitating the whois functionality from includes/acp/acp_users.php and using the user_ipwhois() function from includes/functions_user.php)
Extended Flash Plugin Information:
(clicking the "Flash" method on any row pops up a window detailing the masked end-user's browser information and the Flash plugin version they have installed)
Extended Java Plugin Information:
(clicking the "Java" method on any row pops up a window detailing the masked end-user's browser information and the Java plugin version they have installed)
RealPlayer (or RealAlternative) Detection method & Plugin info (since version 0.3.2):
DNSBL Checking & Blocking (since version 0.3.3):
Settings:
Exceptions list:
Actions get automatically logged in admin (and moderator) log:
Demo URL: not yet available
Demo Username: N/A
Demo Password: N/A
Modification Download:Proxy Revealer Olympus 0.3.3 Beta (Removed until further notice)[/url]
SVN source tree anonymous checkout:
Code: Select all
svn checkout https://proxy-revealer.googlecode.com/svn/trunk/ proxy-revealer-read-only