"This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed."

Essentially this uses flash and/or applets which execute on the client side to gather host information. There have been commercial equivalents for some time but this is the first open source POC.

More Information: http://decloak.net/