lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 13:42:10 2006 From: pdp.gnucitizen at googlemail.com (pdp (architect)) Subject: UnAnonymizer indeed it is fun, unfortunately not very neat :) IMHO... although I quite like the idea, don't get me wrong. What would be nice is to implement the same but with Flash. Flash is for sure enabled on most browsers. Also, it might be possible to unhide a tor user by starting an application which will make a http request to your server regardless where your browser proxy setting are pointing to. For example sending back Content-type: <some mime> Content-type: application/pdf should start pdf reader on most browsers. PDF documents are usually dynamic, so you can embed some object into the pdf document that will point back to your webserver, which as a result may unhide the current tor user. This might work on platforms where the environment is not that much integrated (Linux/Unix). On windows, however, setting the right proxy in internet explorer should make most applications aware of it. :) On 6/27/06, H D Moore <fdlist@...italoffense.net> wrote: > A fun browser toy that depends on Java for complete results: > - http://metasploit.com/research/misc/decloak/ > > -HD > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- pdp (architect) http://www.gnucitizen.org
Powered by blists - more mailing lists