1

Stripe's fraud detection documentation claims it has

Proxy Detection

When I search for how it might be detecting traffic from proxies, I see this great answer, which show how to detect that traffic.

But I am not sure how reliable it is. Is it always possible to detect traffic from proxies?

For example, could someone motivated (e.g. a fraudster) operate behind a proxy undetected by obfuscating their http request headers in such a way as to blend in with regular traffic?

I looked into how to modify the request headers but am still unsure if they can be modified to the extent to completely remove/obfuscate information that reveals that the request arrived via a proxy.

Another way of asking the same thing: could a motivated fraudster completely disguise their requests, so as to appear to not be behind proxies, when really they are?

stevec
  • 1,240
  • 1
  • 7
  • 17

1 Answers1

1

Another way of asking the same thing: could a motivated fraudster completely disguise their requests, so as to appear to not be behind proxies, when really they are?

There are "residential proxy" services which basically offer routing the traffic through residential IP addresses, often by (mis)using the legal internet access of an (unaware) customer of common ISP. Properly done the traffic looks like originating from this specific ISP customer and there are no traces of proxy use.

See How to create a proxy so that no website or web service can know that I am connecting through a proxy? for more information.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434