VPN & Proxy Detection, Browser Spoof Detection using TCP

iloveghosts · #45 05-24-2018

Quote:

Originally Posted by MM78

Keep your pants on....

How you fixed it?

MM78 · #46 05-24-2018

Quote:

Originally Posted by iloveghosts

How you fixed it?

Fixed what?

iloveghosts · #47 05-25-2018

it looks like that what leaks not recognized passive print. Can you please go to witch.valdikss.org.ru and see "Detected OS"?

iloveghosts · #48 05-25-2018

Admin can close this Theard, I found a tool that can be used to spoof TCP print.

"Fingerprint F u c k e r" is the tool name, you can google and download, deploy on your system!

MM78 · #49 05-25-2018

Quote:

Originally Posted by iloveghosts

it looks like that what leaks not recognized passive print. Can you please go to witch.valdikss.org.ru and see "Detected OS"?

I can, send me $20 via PayPal....wasting my time, my time cost money.

iloveghosts · #50 05-25-2018

Quote:

Originally Posted by MM78

I can, send me $20 via PayPal....wasting my time, my time cost money.

Sure, send me your PayPal email and i will do rest.

MM78 · #51 05-25-2018

Quote:

Originally Posted by iloveghosts

Sure, send me your PayPal email and i will do rest.

bigdaddy@pimp.com

iloveghosts · #52 05-25-2018

F a k e email! Evildaddy!

nate · #53 06-18-2018

To hide the OpenVPN tunnel from whatleaks.com all you have to do is stop the VPN from listening on TCP port 1194

You can let the VPN listen in on UDP 1194 and use any other tcp port (preferably tcp 443). All whatleaks.com does is check to see if your OS is listening on tcp 1194 to detect a OpenVPN tunnel, you can even leave tcp 1194 open for incoming and outgoing packets in you iptables rules on the server running the VPN software.

It doesn't do deep packet inspection like the Great Firewall of China does so you dont even have to wrap it in SSL. So even when you do encrypt the tunnel in SSL and are listenening in on multiple ports and one is tcp port 1194 it will detect the OpenVPN tunnel.

The MTU value comming through the VPN you cant get to 1500 bites as far as I can tell so far because of the headers and footers placed by the encryption, but it doesn't matter. VPN's arent the only thing that will give you a MTU value less than 1500 according to someone I know that runs a few large data centers.

Even some online video games suggest you lower the MTU to get rid of lag from the packets fragmenting so I wouldnt worry about it...

But if someone does figure out how to spoof MTU in headers I'd love to know.

nate · #54 06-19-2018

Quote:

Originally Posted by nate

The MTU value comming through the VPN you cant get to 1500 bites as far as I can tell so far because of the headers and footers placed by the encryption, but it doesn't matter. VPN's arent the only thing that will give you a MTU value less than 1500 according to someone I know that runs a few large data centers.

Oh Sh!t.... I'm a f#ckin' genius... I solved the MTU issue using SoftEther VPN protocol...

In SoftEther Client under the VPN connection properties < advanced settings < Disable UDP acceleration.

MTU=1500 Ethernet or Modem all the way through the VPN tunnel now....

Now I officially have a VPN that is 100% undetectable besides the Corporate IP address from the data center....

Quick someone one or new VPN detection site... Give me another challenge.

I think I have the same fix for OpenVPN client too but I have some testing to do on that. I think some mods need to be made to the OpenVPN.confg file.

@Aspkin, If you knew this all along and made me burn my brain trying to figure this out and didnt drop some knowledge Id be very sad and disappointed.

iloveghosts · #55 06-28-2018

https://www.akamai.com/us/en/multime...hite-paper.pdf

HTTP2 & TLS Fingerprinting. There was a cool demo, cant find it now :D

iloveghosts · #56 06-28-2018

Quote:

Originally Posted by nate

To hide the OpenVPN tunnel from whatleaks.com all you have to do is stop the VPN from listening on TCP port 1194

You can let the VPN listen in on UDP 1194 and use any other tcp port (preferably tcp 443). All whatleaks.com does is check to see if your OS is listening on tcp 1194 to detect a OpenVPN tunnel, you can even leave tcp 1194 open for incoming and outgoing packets in you iptables rules on the server running the VPN software.

It doesn't do deep packet inspection like the Great Firewall of China does so you dont even have to wrap it in SSL. So even when you do encrypt the tunnel in SSL and are listenening in on multiple ports and one is tcp port 1194 it will detect the OpenVPN tunnel.

The MTU value comming through the VPN you cant get to 1500 bites as far as I can tell so far because of the headers and footers placed by the encryption, but it doesn't matter. VPN's arent the only thing that will give you a MTU value less than 1500 according to someone I know that runs a few large data centers.

Even some online video games suggest you lower the MTU to get rid of lag from the packets fragmenting so I wouldnt worry about it...

But if someone does figure out how to spoof MTU in headers I'd love to know.

There are UDP fingerprinting, ICMP fingerprinting. Its lot of ****, the only way is to build custom Linux router. I'm going to build this with my buddy. I gotta to use AI to analyze fingerprints then generate realistic ****

nate · #57 06-28-2018

Quote:

Originally Posted by iloveghosts

There are UDP fingerprinting, ICMP fingerprinting. Its lot of ****, the only way is to build custom Linux router.

If the information used to detect the VPN or Proxy is in the packet I have another way I figured out but the program is only for Windows... But there are similar programs for Linux... For VPN or Proxy you would probably need to use server side.

WinDivert 1.4: Windows Packet Divert
====================================

1. Introduction
---------------

Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.

WinDivert allows user-mode programs to capture/modify/drop network packets
sent to/from the Windows network stack.
In summary, WinDivert can
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers,
firewalls, NAT, VPNs, tunneling applications, etc., etc..

https://github.com/basil00/Divert

Im using it on my Mining Software running on Windows 10 to capture the developers Ethereum address in the packet for his DevFee and replace it with mine.

iloveghosts · #58 06-28-2018

Quote:

Originally Posted by nate

If the information used to detect the VPN or Proxy is in the packet I have another way I figured out but the program is only for Windows... But there are similar programs for Linux... For VPN or Proxy you would probably need to use server side.

WinDivert 1.4: Windows Packet Divert
====================================

1. Introduction
---------------

Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.

WinDivert allows user-mode programs to capture/modify/drop network packets
sent to/from the Windows network stack.
In summary, WinDivert can
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers,
firewalls, NAT, VPNs, tunneling applications, etc., etc..

https://github.com/basil00/Divert

Im using it on my Mining Software running on Windows 10 to capture the developers Ethereum address in the packet for his DevFee and replace it with mine.

Go to PayPal and capture packet, but they clever.

hiwazup · #59 06-29-2018

What year is it

lol

rsot · #60 06-29-2018

Quote:

Originally Posted by hiwazup

What year is it

lol

We are in 2018

mrbitty · #61 08-04-2018

I have no idea what is being discussed on this thread, This is like an M.Night Shylaman thread, too many complexities.

Mayhard · #62 03-10-2019

Hey yo sup Neos,

I just set up my proxy server and I am facing the same issue iloveghosts has been paranoing here about, and I actually just spent an entire day looking for a solution but could not find one.

I have that mismatch of passive OS fingerprint and my browser OS, has anyone come with a solution on how to fix this?

Mayhard · #63 03-12-2019

I have fixed the ping issue, but am still looking for a solution to Passive OS fingerprints!

Mayhard · #64 03-14-2019

Fixed Passive OS Fingerprints issue too!

@NasterXchange · #65 03-16-2019

Quote:

Originally Posted by aspkin

If it's not broken, don't fix it.

Fresh VPNs work. I use VPN for all my accounts. Thousands of people on this forum use VPNs without any issue. It's more about the quality of that IP rather than whether you're using a VPN or not.

Mifi device works too and as you mentioned it's used by millions of people without issue.

We know about browser fingerprinting and there are ways around that as well. It's not in PayPal's interest to be overly strict about browser fingerprinting; it would block or give trouble to too many good people. Amazon is strict about it but VMs help here.

When things get harder we adjust.

I would be more concerned about other areas of stealth which you can't spoof. Everything else is easy.

Perfectly said! I share the exact same view of things!

There is nothing wrong about using VPN - not to mention that a VPN is not primary made to make you totally anonymous.

@NasterXchange · #66 03-16-2019

Quote:

Originally Posted by iloveghosts

It's broken that's why we have to fix it. Your account maybe running but my accounts getting worse every day. They actually can fingerprint your whole router with this stuff.

Like I said, I do not care about browser fingerprinting, because I already fixed that one myself.

Using VM properly configured, you are using virtual routers. So which routers are here fingerprinted?