Finger Printing for VPN and Proxy Detection
The core purpose of this document is to state the software requirement of the project, How to Get user real IP address if he is using VPN and Elite Proxy. Many users need to access anonymizing services such as VPNs or Proxy servers in order to evade Geo-blocking or governmental firewalls. Tho
2025-06-28 16:27:15 - Adil Khan
Finger Printing for VPN and Proxy Detection
Project Area of Specialization Cyber SecurityProject SummaryThe core purpose of this document is to state the software requirement of the project, How to Get user real IP address if he is using VPN and Elite Proxy. Many users need to access anonymizing services such as VPNs or Proxy servers in order to evade Geo-blocking or governmental firewalls.
Those services are also frequently used for scraping purposes (which we don't have any issues with, as long as the scraping traffic does not impair the websites or accesses private data).
However, many cyber criminals also use services such as SOCKS Proxies, TOR or VPNs to launch cyber-attacks and to hide their true IP identity.
The fingerprinting tool is running passively on the server and does not modify TCP/IP packets. The goal is to detect a mismatch in the operating system specified in the HTTP User-Agent header and the operating system inferred from the TCP/IP header intricacies.
The hypothesis is that different operating systems (and different minor versions among those operating systems) use different default values in their initial TCP SYN packet that initiates the TCP three-way handshake.
We will exclusively look at the initial TCP SYN packet. I am perfectly aware that we could investigate the whole TCP packet exchange to deduce more information, such as for example what kind of TCP congestion control algorithm the client suggests.
Project ObjectivesThe Aim & objectives are to detect proxy / VPN and mismatch in the operating system specified in the HTTP User-Agent header and the operating system inferred from the TCP/IP header intricacies. Put differently: If the TCP/IP fingerprint operating system is different than the claimed User-Agent operating system, there must be something wrong with that client.
Consider:
MTU (Maximum Transmission Unit) is the upper size of an IP packet including the header.
MSS (Maximum Segment Size) is the upper size of data unit being transmitted (excluding the header).
Project Implementation MethodIn order to analyze the incoming IP and TCP connections, we aim to build a detection methodology
Phase-I
In our first phase of methodology our main target on the Research Method, for acquired Network data and a fingerprint made by refinement
Phase-II
The second phase of methodology our goal is to gather the Data, For the purpose of data gathering, we will try to collect data about the fingerprint database where we can label each fingerprint according to the Operating System it represents
Phase-III
The main focus in this phase is to design a method for the detection through the TCP/IP Fingerprinting and also gather the data to design a method for Prevention. Given the accuracy of the aforementioned methods, we have opted to focus on developing.
Phase-IV
The final phase of the methodology is implementation and testing, in this phase we will test and implement the method of detection and method of prevention.
Benefits of the ProjectThe fingerprinting tool is running passively on the server and does not modify TCP/IP packets. The goal is to detect a mismatch in the operating system specified in the HTTP User-Agent header and the operating system inferred from the TCP/IP header intricacies.
This project is to provide detect a mismatch in the operating system specified in the HTTP User-Agent header and the operating system inferred from the TCP/IP header intricacies. If the TCP/IP fingerprint operating system is different than the claimed User-Agent operating system, there must be something wrong with that client. Moreover, this project has so potential to expand further, this project can be implemented on a big scale like national level.
Technical Details of Final DeliverableThe main scope of this project is to provide detect a mismatch in the operating system specified in the http user-agent header and the operating system inferred from the tcp/ip header intricacies. If the tcp/ip fingerprint operating system is different than the claimed user-agent operating system, there must be something wrong with that client. Moreover this project has so potential to expand further, this project can be implemented on a big scale like national level.
Final Deliverable of the Project Software SystemCore Industry ITOther Industries Security Core Technology OthersOther Technologies Cloud InfrastructureSustainable Development Goals Life on LandRequired Resources| Item Name | Type | No. of Units | Per Unit Cost (in Rs) | Total (in Rs) |
|---|---|---|---|---|
| Total in (Rs) | 18500 | |||
| Windows server for hosting | Equipment | 1 | 8000 | 8000 |
| Linux server | Equipment | 1 | 3000 | 3000 |
| Printing | Miscellaneous | 5 | 1000 | 5000 |
| Domain | Equipment | 1 | 2500 | 2500 |