lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: jwiens at nersp.nerdc.ufl.edu (Jordan Wiens)
Subject: Google Private IP is 10.7.0.73 !!!!!!

fyi, the googleproxy will only proxy html, not images or other files.  So
for example, checking my logs after testing the proxy produces:

216.239.39.5 - - [24/Aug/2003:17:40:50 -0400] "GET / HTTP/1.0" 200 1556 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401,gzip(gfe) (via translate.google.com)"
my.re.al.ip - - [24/Aug/2003:17:40:50 -0400] "GET /style.css HTTP/1.1" 200 796 "http://216.239.39.104/translate_c?hl=en&u=http://psifertex.com/&prev=http://translate.google.com/language_tools" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401"
my.re.al.ip - - [24/Aug/2003:17:40:50 -0400] "GET /images/psifertex.jpg HTTP/1.1" 200 7264 "http://216.239.39.104/translate_c?hl=en&u=http://psifertex.com/&prev=http://translate.google.com/language_tools" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401"

Plus, google does pass along X-Forwarded-For headers:

GET / HTTP/1.0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401,gzip(gfe) (via translate.google.com)
Accept-Language: en
Accept-Charset: utf-8,*
Accept: text/html, text/plain, */*
Via: 1.0 translate.google.com (TWS/0.9), 1.0 proxy.google.com:80 (Squid/2.3.STABLE4)
X-Forwarded-For: my.re.al.ip, unknown
Host: psifertex.nerdc.ufl.edu
Cache-Control: max-age=259200
Connection: keep-alive

Interesting that they're using squid for their translation.

-- 
Jordan Wiens, CISSP
UF Network Incident Response Team
(352)392-2061

On Sat, 23 Aug 2003, morning_wood wrote:

> Messagei kinda discoverd google's use as a proxy simply by doing
> http://translate.google.com/translate?u=http%3A%2F%2Fwhatismyip.com
>
> and is essentally the basis of http://exploit.wox.org/tools/googleproxy.html
>
>
> Donnie Werner
> Chief Technical Officer
> E2 Labs Information Security Pvt. Ltd.
>
> http://e2-labs.com
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ