[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warnings on the download page
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Thu, 08 Mar 2007 18:30:16 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 08 Mar 2007 18:34:13 -0500
In-reply-to: <200703081612.10419.torspam@metasploit.com>
References: <200703081612.10419.torspam@metasploit.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (X11/20051201)

Decloak:
 - http://metasploit.com/research/misc/decloak/ (this starts Java)

Your Java applet could be improved. (hmm... I see you are using a Datagram Socket...)

The latest Java API includes functionality for making non-proxied connections (i.e. you can specify directly whether the applet's connection out will be proxied or non-proxied; this setting overrides any browser settings and any settings in the Java Control panel). What is particularly interesting about this is that this behaviour is intentional.

I discovered this back in January 2006 and wrote about it in a tech report. I can give you a pointer to the tech report if you are interested. I also have a demo which I will eventually post a URL for here once I clean it up a bit.

-James

Follow-Ups:
- Re: Warnings on the download page
  - From: H D Moore

References:
- Re: Warnings on the download page
  - From: H D Moore

Prev by Author: Re: Building tracking system to nab Tor pedophiles
Next by Author: Re: Warnings on the download page
Previous by thread: Re: Stripping code with Privoxy (was: Warnings on the download page)
Next by thread: Re: Warnings on the download page
Index(es):
- Author
- Thread