[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Metasploit Decloak Project v2

Interesting, it works with Open Office on Linux revealing the true ip

There's a option in OO to use a proxy, it was set to system at the time
and I tried just using foxyproxy.

But yeah, like someone else mentioned, using iptables to redirect all
attempts so that you don't have to worry about a app mis-behaving is a
good idea.


On Sun, 2008-12-14 at 19:26 -0600, H D Moore wrote:
> On Sunday 14 December 2008, Roc Admin wrote:
> > It doesn't seem like there are any new attack vectors but I wanted to
> > pass it along to see if anyone had comments.
> I am looking for feedback as well -- right now, the reporting side is 
> pretty weak, but that should improve this evening. Roger pointed me at the 
> torbutton design notes, so I will continue adding coverage/techniques 
> there. This test should work on all browsers regardless of security 
> settings or scripting. No test requires javascript, which should give an 
> accurate view for folks who run noscript/torbutton. My own testing with 
> torbutton shows it to be really solid (only tor exit and tor exit's DNS 
> servers show up).
> -HD