ZeroTrace OSINT
Proxy Validation
Check whether a proxy is alive, measure latency, classify anonymity level, detect DNS leaks, and probe per-protocol support.
The proxy validation tool checks whether a proxy works and, if it does, characterises how it works, anonymity level, leaks, protocol support, exit IP, country, latency.
What you get
For each proxy:
| Field | What it tells you |
|---|---|
| Reachable | Whether the proxy accepted the connection at all |
| Protocol | HTTP / HTTPS-CONNECT / SOCKS4 / SOCKS5, with auth requirement detected |
| Latency | Round-trip time of a known-host probe |
| Exit IP | The IP the target sees when traffic exits the proxy |
| Exit country | Country of the exit IP (auto-composed via IP geolocation) |
| Anonymity level | Elite / anonymous / transparent (based on header leaks) |
| DNS-leak status | Whether DNS resolution leaks outside the proxy |
| Forwarding-header leaks | Via, Forwarded, X-Forwarded-For, X-Real-IP headers the proxy adds |
| Auth-leak status | Whether Proxy-Authorization is forwarded to the target |
| Origin-mismatch flag | Whether the proxy claims a different origin than expected |
Anonymity classification
Proxies fall into three classes based on what headers they leak:
| Class | Headers leaked |
|---|---|
| Elite | None, the target sees no proxy fingerprint |
| Anonymous | A Via header reveals "this connection came through a proxy" but does not reveal the original IP |
| Transparent | An X-Forwarded-For or equivalent reveals the original client IP |
For OSINT use, elite is the only useful class. Anonymous proxies tip off the target. Transparent proxies are not anonymising at all, the target sees your IP regardless.
DNS leak detection
A proxy that forwards your DNS queries to an external resolver leaks your activity even when traffic is anonymised. The tool issues a DNS query through the proxy and confirms:
- The query was resolved on the proxy side.
- The exit-IP of the DNS query matches the exit-IP of the HTTP traffic.
A mismatch indicates a leak.
Per-protocol probing
The tool tests each protocol the proxy claims to support:
- HTTP, plain HTTP through the proxy.
- HTTPS-CONNECT, TLS tunnel through the proxy via the CONNECT method.
- SOCKS4 / SOCKS5, non-HTTP tunnelling, with optional username/password.
A proxy advertised as "HTTPS-capable" that fails CONNECT is not actually HTTPS-capable, common for misconfigured public proxies.
"Reachable" and "anonymous" are the two flags you almost always care about. A proxy that is reachable but transparent is worse than no proxy at all, it adds latency without adding anonymity.
Bulk validation
Bulk paste accepts a list of proxies (one per line, in any common format, host:port, protocol://host:port, protocol://user:pass@host:port). The tool processes them in parallel (with bounded concurrency).
Aggregate table shows protocol / latency / exit IP / country / anonymity per proxy. Sortable, filterable, exportable.
For a freshly-scraped proxy list of hundreds, this is the standard "first-pass filter" before saving the survivors to a pool.
Pivots
| Click on... | Pivot to |
|---|---|
| Exit IP | IP geolocation, ASN, IP reputation, reverse DNS |
| Proxy host | DNS lookup, WHOIS |
| Anonymity classification | (no pivot, informational) |
Sources
- The tool issues probe requests directly through the candidate proxy to a known-host (typically a small, low-cost endpoint that returns the client IP and headers).
- Exit IP geolocation auto-composes the IP geolocation tool.
The probe-host is named on the result.