[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Warnings on the download page
Looks like the "Practical Onion Hacking" paper covered many features I
was working on, as well as touching on the warez/movie/music leeches and
the child pornography traffic. I should have released this back in August
when I presented on it the first time :-)
The big differences are:
1) They use iptables to modify and reinject traffic, I use an embedded
Ruby interpreter in the Tor software.
2) They perform DNS tracking, but don't actually record or cross-reference
the data.
3) They use Flash instead of Java to obtain the real external address of
the user.
Similarities include:
1) Web-bug injection via HTML response
2) DNS tracking via wildcard domain
3) Use of JS/Java bridge to get the internal address
Seems like two big items I need to add to decloak are Flash and the shiny
no-proxy Java connection mode (which seems to apply to TCP sockets only).
-HD
On Thursday 08 March 2007 19:02, James Muir wrote:
> You should read the Fort Consult White paper "Practical Onion Hacking"
> as some of things you mention (SMB, CIFS) are mentioned there, I think.
> VB and ActiveX are probably worth exploring.