anon
06.06.09, 21:03
As of 2018, this is less relevant given that most of the Web uses HTTPS, but still worth knowing.
Method 1: open a Command Prompt window and run telnet 1.2.3.4 80. If you see a black screen for about 20 seconds, and then a message about losing the connection to the host, then you are behind a transparent proxy. If Telnet freezes at "connecting to 1.2.3.4" and then shows "failed to connect to host", you are not behind a transparent proxy.
Method 2: same as above, but if you do get a black screen, paste the following line and press Enter twice.
GET ftp://ftp.intel.com/ HTTP/1.0
If you get a directory listing, then you are behind a transparent proxy (although the black screen was proof enough already).
Method 3: get a copy of tcptraceroute, run tcptraceroute www.google.com 80 and see if Google is suspiciously close to you when compared with a regular traceroute (or a TCP one on a different port, say 443).
FAQ
Q: What does "being behind a transparent caching proxy" mean?
A: It means that a proxy between you and Web servers is caching HTTP traffic, often to save bandwidth by being able to serve the same content to other users without having to redownload it. This has the drawback of having to wait for the proxy to update its cached copy when a Web page changes its content. Also, if the proxy is overloaded or misconfigured, your connectivity will likely suffer.
Q: When can this happen?
A: When you're at work or school. They could implement such a proxy to also block certain sites like MySpace, Facebook, etc. If browsing at home, it means your ISP is using one.
Q: Why do I get a black window during testing if there's indeed a proxy?
A: Because the proxy "catches" all port 80 connections. The connection them times out because no request has been sent through it.
Q: If I'm behind a caching proxy, is there a way to get more information?
A: When you get the black window, copy the following and right-click -> Paste it on the telnet window, then press Enter twice.
TRACE / HTTP/1.1
Host: 1.2.3.4
Max-Forwards: 0
You may get a response from the proxy with a Server header and more information (or a 405 Method Not Allowed error, or a 403 Forbidden error... but it's worth a try).
Q: OK, I'm behind one. What can I do?
A: If you're at work or school, you can try Tor or a VPN so that your requests never actually pass through the proxy.
If you're at home, this varies from provider. Sometimes there are IP ranges that aren't "proxified", so changing your address is worth a try.
Furthermore, most proxies will leave TLS traffic on port 443 alone, so HTTPS sites are immune to this plight. But since SNI is sent in plain text, they can still drop or shape connections based on the target hostname.
I have also attached different versions of a program called pasakche which was created to bypass caching proxies by injecting a "Cache-Control: no-cache" header in all your requests. It's in Spanish, but should be easy to use. Just run it, then start your browser, download manager, etc. You can visit azenv.net to verify that the header is actually sent. The checkbox at Opciones is to run the program automatically on system startup. It only works for 32-bit programs, and may not work at all on modern versions of Windows due to the DLL injection method it uses, but I thought I'd share it for the sake of completeness. The "Parche_DEP2" version is preferred.
Method 1: open a Command Prompt window and run telnet 1.2.3.4 80. If you see a black screen for about 20 seconds, and then a message about losing the connection to the host, then you are behind a transparent proxy. If Telnet freezes at "connecting to 1.2.3.4" and then shows "failed to connect to host", you are not behind a transparent proxy.
Method 2: same as above, but if you do get a black screen, paste the following line and press Enter twice.
GET ftp://ftp.intel.com/ HTTP/1.0
If you get a directory listing, then you are behind a transparent proxy (although the black screen was proof enough already).
Method 3: get a copy of tcptraceroute, run tcptraceroute www.google.com 80 and see if Google is suspiciously close to you when compared with a regular traceroute (or a TCP one on a different port, say 443).
FAQ
Q: What does "being behind a transparent caching proxy" mean?
A: It means that a proxy between you and Web servers is caching HTTP traffic, often to save bandwidth by being able to serve the same content to other users without having to redownload it. This has the drawback of having to wait for the proxy to update its cached copy when a Web page changes its content. Also, if the proxy is overloaded or misconfigured, your connectivity will likely suffer.
Q: When can this happen?
A: When you're at work or school. They could implement such a proxy to also block certain sites like MySpace, Facebook, etc. If browsing at home, it means your ISP is using one.
Q: Why do I get a black window during testing if there's indeed a proxy?
A: Because the proxy "catches" all port 80 connections. The connection them times out because no request has been sent through it.
Q: If I'm behind a caching proxy, is there a way to get more information?
A: When you get the black window, copy the following and right-click -> Paste it on the telnet window, then press Enter twice.
TRACE / HTTP/1.1
Host: 1.2.3.4
Max-Forwards: 0
You may get a response from the proxy with a Server header and more information (or a 405 Method Not Allowed error, or a 403 Forbidden error... but it's worth a try).
Q: OK, I'm behind one. What can I do?
A: If you're at work or school, you can try Tor or a VPN so that your requests never actually pass through the proxy.
If you're at home, this varies from provider. Sometimes there are IP ranges that aren't "proxified", so changing your address is worth a try.
Furthermore, most proxies will leave TLS traffic on port 443 alone, so HTTPS sites are immune to this plight. But since SNI is sent in plain text, they can still drop or shape connections based on the target hostname.
I have also attached different versions of a program called pasakche which was created to bypass caching proxies by injecting a "Cache-Control: no-cache" header in all your requests. It's in Spanish, but should be easy to use. Just run it, then start your browser, download manager, etc. You can visit azenv.net to verify that the header is actually sent. The checkbox at Opciones is to run the program automatically on system startup. It only works for 32-bit programs, and may not work at all on modern versions of Windows due to the DLL injection method it uses, but I thought I'd share it for the sake of completeness. The "Parche_DEP2" version is preferred.