ZeroTrace OSINT
Proxy Validation
Check whether a proxy is alive, measure latency, classify anonymity level, detect DNS leaks, and probe per-protocol support.
The proxy validation tool checks whether a proxy works and, if it does, characterises how it works — anonymity level, leaks, protocol support, exit IP, country, latency.
What you get
For each proxy:
| Field | What it tells you |
|---|---|
| Reachable | Whether the proxy accepted the connection at all |
| Protocol | HTTP / HTTPS-CONNECT / SOCKS4 / SOCKS5, with auth requirement detected |
| Latency | Round-trip time of a known-host probe |
| Exit IP | The IP the target sees when traffic exits the proxy |
| Exit country | Country of the exit IP (auto-composed via IP geolocation) |
| Anonymity level | Elite / anonymous / transparent (based on header leaks) |
| DNS-leak status | Whether DNS resolution leaks outside the proxy |
| Forwarding-header leaks | Via, Forwarded, X-Forwarded-For, X-Real-IP headers the proxy adds |
| Auth-leak status | Whether Proxy-Authorization is forwarded to the target |
| Origin-mismatch flag | Whether the proxy claims a different origin than expected |
Anonymity classification
Proxies fall into three classes based on what headers they leak:
| Class | Headers leaked |
|---|---|
| Elite | None — the target sees no proxy fingerprint |
| Anonymous | A Via header reveals "this connection came through a proxy" but does not reveal the original IP |
| Transparent | An X-Forwarded-For or equivalent reveals the original client IP |
For OSINT use, elite is the only useful class. Anonymous proxies tip off the target. Transparent proxies are not anonymising at all — the target sees your IP regardless.
DNS leak detection
A proxy that forwards your DNS queries to an external resolver leaks your activity even when traffic is anonymised. The tool issues a DNS query through the proxy and confirms:
- The query was resolved on the proxy side.
- The exit-IP of the DNS query matches the exit-IP of the HTTP traffic.
A mismatch indicates a leak.
Per-protocol probing
The tool tests each protocol the proxy claims to support:
- HTTP — plain HTTP through the proxy.
- HTTPS-CONNECT — TLS tunnel through the proxy via the CONNECT method.
- SOCKS4 / SOCKS5 — non-HTTP tunnelling, with optional username/password.
A proxy advertised as "HTTPS-capable" that fails CONNECT is not actually HTTPS-capable — common for misconfigured public proxies.
"Reachable" and "anonymous" are the two flags you almost always care about. A proxy that is reachable but transparent is worse than no proxy at all — it adds latency without adding anonymity.
Bulk validation
Bulk paste accepts a list of proxies (one per line, in any common format — host:port, protocol://host:port, protocol://user:pass@host:port). The tool processes them in parallel (with bounded concurrency).
Aggregate table shows protocol / latency / exit IP / country / anonymity per proxy. Sortable, filterable, exportable.
For a freshly-scraped proxy list of hundreds, this is the standard "first-pass filter" before saving the survivors to a pool.
Pivots
| Click on... | Pivot to |
|---|---|
| Exit IP | IP geolocation, ASN, IP reputation, reverse DNS |
| Proxy host | DNS lookup, WHOIS |
| Anonymity classification | (no pivot — informational) |
Sources
- The tool issues probe requests directly through the candidate proxy to a known-host (typically a small, low-cost endpoint that returns the client IP and headers).
- Exit IP geolocation auto-composes the IP geolocation tool.
The probe-host is named on the result.