I can confirm that this code does indeed expose the external IP address, despite the setting in JCP/deployment.properties.
James Muir wrote: > [EMAIL PROTECTED] wrote: >> On Sun, Dec 02, 2007 at 11:35:49PM -0800, [EMAIL PROTECTED] wrote >> 0.9K bytes in 21 lines about: >> : I remember these tests. I can't seem to find a copy of the applets you >> : used. Are you willing to publish them? Or point me in the right >> : direction should I want to try implementing them? >> >> http://exitthematrix.dod.net/matrixmirror/ar01s05.html Jump down to the >> "Web bugs" section. It references >> http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from >> http://www.inet-police.com/cgi-bin/env.cgi >> >> There is another more thorough test of a java applet completely ignoring >> the jvm proxy configuration. However, my google-fu is weak. > > When I read that example it seems to indicate that the applet reads your > IP address locally and then submits it back to the originating web site > through the proxy. The applet does not seem to ignore proxy settings > (i.e. it does not seem to open a non-proxied connnection); it just > submits identifying information through the proxied connection. > > Jacob, Steve: I don't want to publish my complete ready-to-run code on > the list, but here is an excerpt: > > /***********/ > > Socket socket_to_originating_host = null; > int tcp_port = 80; > InetSocketAddress originating_host = > new InetSocketAddress(getCodeBase().getHost(), tcp_port); > > try { > socket_to_originating_host = new Socket(Proxy.NO_PROXY); > // timeout is in milliseconds > socket_to_originating_host.connect(originating_host, 10000); > System.out.println( > "Socket Local Address = " + > socket_to_originating_host.getLocalAddress().getHostAddress()); > } > > catch (Exception e) { > System.out.println("EXCEPTION THROWN: " + e); > System.exit(1); > > } > > /************/ > > More details can be found in the paper "Internet Geolocation" on my web > site. > > -James > > > > >
