[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Reducing java leakage in windows

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Reducing java leakage in windows
From: icmp30 <icmp30@xxxxxxxxx>
Date: Tue, 4 Dec 2007 00:51:31 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 04 Dec 2007 03:51:44 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=vPWRG8OFtubzqqidfktWDl495pQEl4x27aPj3G1RPmAv2tB2sT6BClGN6EsRIgQPpF9rNQI00KYl+qD5IDJMtZTu9RzID3oPttft5PHZZB1+zJSY3b8uUvkg73C3uyi0romu9RZodB4lV2DxSrfwyPj3L59WqwaaKIsQ3F53rXg=;
In-reply-to: <4753014C.7000408@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

How's it do against the decloak tests at metasploit?
http://metasploit.com/research/misc/decloak/


--- Arrakis <arrakistor@xxxxxxxxx> wrote:

> It appears that Java attacks for causing external IP data to be leaked
> can be mitigated to some good degree. The upshot is that you can now run
> Java applets that even when attempting to phone home directly (revealing
> your IP), they are routed through the socks port and thus Tor or any
> other socks speaking application. What we are doing is changing the
> proxy settings of the Java Control Panel in windows. The following will
> shortly be applied to xB Browser after testing, and I highly suggest it
> for other proxy programs. Needs lots of testing of course, and I would
> also like to know if Java applets can acquire the authority to modify
> that file as well. May require administrative access, but I imagine
> Vista will popup a priv escalation window. There are probably variations
> in the directories and syntax if you are running JRE <1.4. A good
> indicator of old versioning is to see if your shoes employ the use of
> velcro, you have a pair of 'jams' in your closet, or you've found
> yourself to be too legitimate to quit.
> 
> Regards,
> Steve Topletz
> 
> 
> -------------
> 
> 
> 1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
> If there is no deployment.properties file there, try all administrative
> usernames we can enumerate until we find the file. This is not a certianty.
> 
> 2. Back up deployment.properties to a new file name.
> 3. Open it up
> 4. Read and store all lines beginning with "deployment.version"
> 5. Read and store all lines beginning with "deployment.javapi"
> 6. Close the file
> 7. Create a new file deployment.properties where the old one was.
> 8. Open the file
> 9. Insert the following lines
> 
>  #deployment.properties
>  deployment.system.tray.icon=false
>  deployment.browser.vm.iexplorer=false
>  deployment.proxy.socks.host=localhost
>  deployment.proxy.type=1
>  deployment.proxy.same=true
>  deployment.browser.vm.mozilla=false
>  deployment.capture.mime.types=true
>  deployment.proxy.socks.port=8080
> 
> (where port 8080 is your socks port. in Tor, use 9050 by default)
> 
> 10. Write all previously stored lines from old opened file.
> 11. Close the new deployment.properties
> 
> Continue starting your proxy program
> On program exit...
> 
> 12. Delete the deployment.properties file we created.
> 13. Restore the deployment.properties file we backed up.
> 



      ____________________________________________________________________________________
Be a better pen pal. 
Text or chat with friends inside Yahoo! Mail. See how.  http://overview.mail.yahoo.com/

Follow-Ups:
- Re: Reducing java leakage in windows
  - From: Arrakis

References:
- Reducing java leakage in windows
  - From: Arrakis

Prev by Author: Re: Help me understand tor with SSL?
Next by Author: Re: Reducing java leakage in windows
Previous by thread: Re: Reducing java leakage in windows
Next by thread: Re: Reducing java leakage in windows
Index(es):
- Author
- Thread