might reveal your IP

From: Klaxon (
Date: 11/27/01

Date: Tue, 27 Nov 2001 14:55:11 +0000
From: Klaxon <>
To: Bugtraq <>
Subject: might reveal your IP
Message-ID: <>

  Hello, if this has been discussed in the past just tell me to sod off.
  While playing with proxy configurations for a machine at home I came
 across a questionable behaviour from I stuck netcat
 on port 80 of this machine and than surfed back to it through Anonymiser.
 I know there's a transparent proxy on my ISP and apparently it attaches
 a "Client-ip: x.x.x.x" field to all http requests. What's fun is that
 Anonymiser happily copies this field to its own http request. Actually
 it will pass along any field sent with your request, which makes sense
 for "Accept-..." stuff but is obviously a bad ideia for anything else.

[~]# nc -l -p 80

GET / HTTP/1.0
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Charset: iso-8859-1, utf-8;q=0.66, *;q=0.66
Accept-Encoding: identity
User-Agent: Mozilla/4.78 (TuringOS; Turing Machine; 0.0)
Client-ip: X.X.X.X <------------ BOOM!
Via: HTTP/1.1 proxy-02[XXXXXXX] (Traffic-Server/3.5.7 [XXXXXXXX])

  So beware if you trust this service and there's an unknown proxy
 somewhere along the wire. Please note this experience was with's free service. I would like to know if anyone paying
 for it can confirm this.
  To try it: launch netcat on your port 80 (nc -l -p 80), telnet to on port 80 and request your address:

[~]$ telnet 80
Connected to
Escape character is '^]'.
Foo-bar: it hurts

 Netcat should spit this:

[~]# nc -l -p 80
GET / HTTP/1.0
Foo-bar: it hurts
Connection: Keep-Alive

 If Foo-bar is there so can a Client-ip be.