INTRO

Have you ever wondered how some websites just know that you are using a VPN or some Proxy? some AD-blocker works with proxy and VPN stuff. Some websites don’t allow you to use AD-blocker. but how do they know that you are using a proxy or VPN? by the way, if you don’t know the difference between Proxy and VPN. you should see these videos :

I am pretty sure that these videos will clear your concept about proxy and VPN. and of course, subscribe to our channel if you find it helpful. There is no such inbuilt function in PHP or other languages to find if the host is connected to VPN or Proxy. Nobody has built it yet. and I don’t think there will be any in future.

And by the way, I have not known this technique until I have not Googled it. so, yes, you can also google things, not just this topic but any topic. I found the solution to this problem on stack-overflow. you can check it out yourself. but I assure you to explain it better in this article.

 

ATTACK

After googling some stuff, I have come to know that there aren’t such things as VPN detector or proxy detector. Then, I got to know that we can run a port scan on the host IP to see if there is an opened port which is serving proxy to the client. same little bit concept can be applied to VPNs. And you can absolutely do a port scan in any programming language. But it is easy in Python, PHP, Shell scripting, etc.

I have found a website which does the same thing with machine learning. we will use its API with python. you can implement the same logic with any other language. if you working with PHP backend, you can use curl in that case. You should check out the website before using it, Click Here.

You will see a “web-interface” option on the navbar. we are going to detect a bad IP via its website.

Screenshot:

Scroll a little bit down, and enter your public IP to check if it is working fine.

Screenshot:

And see that result in the green box. if it is green and value is “0”, means that our IP is not a proxy’s or VPN’s IP. let’s see what would I get after entering a proxy IP. you can pick a proxy Ip from proxy broker tool.

Screenshot:

If a value of 0.50 is returned, then it is as good as flipping a 2 sided fair coin, which implies it’s not very accurate. From my personal experience, values > 0.95 should be looked at and values > 0.99 are most likely proxies. Anything below the value of 0.90 is considered as “low risk”. Since a real value is returned, different levels of protection can be implemented.

Now, let’s use this with python. they have described their API stuff in a separated section., check it out.

you can use this script to detect Proxy/VPN.

import requests

Ipaddr = input("IP: ")
url = f"http://check.getipintel.net/check.php?ip={Ipaddr}&contact="
r = requests.get(url)
if (float(r.content) >= 0.95):
    print("\nProxy/VPN detected!!!")
elif (float(r.content) == 0.50):
    print("\nNot Sure")
else:
    print("\nNo Proxy/VPN")

 

To use this script, replace the contact parameter value with your email. you can add some flag to know the country and some other info regarding IP address. let’s come back to our shell and use curl.

Type this command to get the result with the country:

curl "http://check.getipintel.net/check.php?ip=<IP-address>&contact=<your-Email-Address>&oflags=c

Screenshot:


I think its Romania. I don’t know correctly.

you can get the JSON format result with this parameter:

curl "http://check.getipintel.net/check.php?ip=<IP-address>&contact=<your-Email-Address>&oflags=c&format=json

Screenshot:

 

You can use advance check with flags=f but it can take a little bit of time than a usual scan. I would not recommend it. but anyway, here’s the command:

curl "http://check.getipintel.net/check.php?ip=<IP-address>&contact=<your-Email-Address>&oflags=c&flags=f

Screenshot:

well, that’s how you can identify if a host is using a proxy or VPN to connect to you.

 

 

Thanks For Visiting.

LEAVE A REPLY

Please enter your comment!
Please enter your name here