decloak works successfully but i get a JAVA general Exception and crashes my
browser
XPSP2, IE, latest security patches
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Salut,
On Tue, 2006-06-27 at 12:37 +0100, pdp (architect) wrote:
Also, it might be possible to unhide a tor user by starting an
application which will make a http request to your server regardless
where your browser proxy setting are pointing to.
On a sane Tor setup, this will simply time out
sure, you are right!!! but there is always a chance to screw up :) and
when somebody do that, we must have the right tools to detect it
On 6/28/06, Tonnerre Lombard [EMAIL PROTECTED] wrote:
Salut,
On Tue, 2006-06-27 at 12:37 +0100, pdp (architect) wrote:
Also, it might be possible to unhide a
H D Moore wrote:
A fun browser toy that depends on Java for complete results:
- http://metasploit.com/research/misc/decloak/
Fun indeed:
Field DataDependency
External Address: 24.199.198.152 None
Internal Host: unknown Java
Internal
Is there a security issue hidden somewhere in there or is it just a bug report sent to the wrong mailing list address? :-)- Original Message From: Peter Besenbruch [EMAIL PROTECTED]Cc: full-disclosure@lists.grok.org.ukSent: Tuesday, 27 June, 2006 1:42:33 PMSubject: Re: [Full-disclosure]
Cardoso wrote:
If the app uses an unknow DNS server, I think it's enough of a risk to
worry about.
I refer folks to the following page on TOR:
Using privoxy is necessary because browsers leak your DNS requests when
they use a SOCKS proxy directly, which is bad for your anonymity.
indeed it is fun, unfortunately not very neat :) IMHO... although I
quite like the idea, don't get me wrong. What would be nice is to
implement the same but with Flash. Flash is for sure enabled on most
browsers.
Also, it might be possible to unhide a tor user by starting an
application which
If your real internal and external NAT addresses did not appear when using
a proxy, either the Java applet did not load or a race condition failed.
From browsing the database backend, it looks like just over 1,000 people
were successfully identified (internal + nat gw + external + dns). The
H D Moore wrote:
If your real internal and external NAT addresses did not appear when using
a proxy, either the Java applet did not load or a race condition failed.
From browsing the database backend, it looks like just over 1,000 people
were successfully identified (internal + nat gw +
Michael Holstein wrote:
The 'trick' is to obtain this information regardless of proxy settings
and in the case of SOCKS4, be able to identify your real DNS servers.
This is accomplished using a custom DNS service along with a Java
applet that abuses the DatagramSocket/GetByName APIs to bypass
A fun browser toy that depends on Java for complete results:
- http://metasploit.com/research/misc/decloak/
-HD
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
11 matches
Mail list logo
