Warnings on the download page

H D Moore torspam at metasploit.com
Fri Mar 9 02:33:29 UTC 2007


 Looks like the "Practical Onion Hacking" paper covered many features I 
was working on, as well as touching on the warez/movie/music leeches and 
the child pornography traffic. I should have released this back in August 
when I presented on it the first time :-)

The big differences are:

1) They use iptables to modify and reinject traffic, I use an embedded 
Ruby interpreter in the Tor software.

2) They perform DNS tracking, but don't actually record or cross-reference 
the data.

3) They use Flash instead of Java to obtain the real external address of 
the user.

Similarities include:

1) Web-bug injection via HTML response
2) DNS tracking via wildcard domain
3) Use of JS/Java bridge to get the internal address

Seems like two big items I need to add to decloak are Flash and the shiny 
no-proxy Java connection mode (which seems to apply to TCP sockets only).

-HD

On Thursday 08 March 2007 19:02, James Muir wrote:
> You should read the Fort Consult White paper "Practical Onion Hacking"
> as some of things you mention (SMB, CIFS) are mentioned there, I think.
>   VB and ActiveX are probably worth exploring.



More information about the tor-talk mailing list