Forum

VPN & Proxy Detection, Browser Spoof Detection using TCP
 

I recently came across this new tool that leaks a lot of information about your network and browser.

Please have a look at this http://witch.valdikss.org.ru/ and this article as well
https://medium.com/@ValdikSS/detecti...e-1bcc59742413


I'm 100% verified that PayPal uses TCP OS Fingerprinting using a software called NetScanTools. I saw PayPal IP requesting TCP OS Fingerprint.

Anyone knows how to spoof this TCP OS fingerprint?

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Use virtual machines with a different OS and browser on each.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

it does not work. This is TCP Fingerprint which uses your Router to get info.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Virtual Machine also can be detected using JavaScript Timing.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

The virtual network adapter of my VMs DHCP it's own local IP from the router. So my router sees each VM as a different host. Unless TCP is sending info about all connected devices on my network I don't see why this would be an issue.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

How?

I think using a bunch of different computers on different networks is the only workaround then.


Regardless, it's never been an issue for me.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

This over the top paranoia for ebay and paypal is only for people trying to do some really sketchy stuff and hiding from the law.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

MTU value for VPN is a known issue. You can see it on whoer.net under extended version > TCP/IP. Its been that way forever and nothing has come of it yet. There must not be enough solid info that comes from this to determine you are using a VPN unless are using LT2P/IPsec client to connect. The info LT2P/IPsec gives, gives you away.

If you build your own VPN servers like I do you can always set your own MTU value on the server side from 1500 MTU to something lower to make the MTU numbers different from your other accounts. But why. Its not necessary.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

You are using VM under host machine. I think this needs a special kind router to spoof TCP fingerprint with special firmware.

Regarding VM leak, Please do view following articles :

https://www.blackhat.com/docs/asia-1...-Detection.pdf

http://www.securitygalore.com/site3/...d_vm_detection

http://citeseerx.ist.psu.edu/viewdoc...=rep1&type=pdf

https://packetstormsecurity.com/file...-Browsers.html

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

it's not about MTU man, Look at this whole TCP thing. It has a lot of different things such as Uptime, TCP Time, Language.

I know Mullvad VPN fix TCP problem but their VPN IP's are easy can be detected.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Yea, but your talking about something that can be detected by a opensource program like the tools in Kali Linux. To build something like that on the scale that ebay, PayPal, and amazon need could take years... and that's if its even possible to incorporate in their system.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

There are a lot of ways to detect VPN.

1. IP Network Intelligence.
2. IP Hostnames
3. They can also extract ISP name and scrape whole Google to find out who owns it. This can be done easily.

4. Ping Time: They can measure IP latency and detect VPN and Proxies.


I do not know much about TCP but I believe there are new TCP headers with additional info. Witch use p0f but p0f not updated since 2004 as I believe. TCP archived lot of advance since then. I can't find any new articles related to TCP fingerprinting.

There is one big company called TheartMetrix who heavily use TCP. PayPal also uses TheartMetrix as they defined in their Privacy Policy.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Why do you say that? It's already incorporated. I set up a small honeypot and PayPal does request TCP and ICMP details. It does not take years. It only takes about 1-2 days. Nowadays they use Big data and machine learning system to analyze everything under seconds. Both Amazon and PayPal heavily hire data scientists to build this impossible tools.

ML systems can be used to detect patterns. As an example how you move the mouse is only unique to you. Please see this new company who use Mouse and Behavior-based fingerprinting: www.biocatch.com

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

I do not use VPN's. I use AT&T hotspots. I just need a way to spoof this TCP stuff.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

A vpn shouldnt use a DNS name. There is an option to disable it. Its only needed if the IP of the server running the VPN software isnt static, or your behind a router.

The only way to get around these issues is to wait until they implement it, ban you, and try to find the loop hole with trial and error. Other wise its a waist of time and time is money.

Dont get me wrong. I appreciate the knowledge.... I've waisted hundreds if not thousands of hours working on VPN's to try and figure out everything there was to figure out. Problem is I think its never ending...

I literally wasted the whole day yesterday trying to fix my Chromebook because the built in Strongswan UI for OpenVPN got messed up by googles new update.

I tried all day to set up the VPN connection with Chrome OS's built in OpenVPN 2.4.4 through the command line in a shell. I was able to get connected but something was wrong with the DNS name server. I tried everything... Changing the name server on the VPN server that gets pushed by DHCP... I tried changing the DNS nameserver in /etc/resolv.config inside Chrome OS.... I tried pushing the DNS nameserver through the command line with echo "nameserver 8.8.8.8" >> "etc/resolv.config".... Nothing... it still took forever for the DNS to translate...

I ened up fixing the UI by disabling network config in Chrome OS by going to Chrome://flags/#disable-network-config-settings-config

That took me all the way up until 10pm to figure out. Waisted a whole day just to connect two of my accounts to their VPN's... Because I didnt want to use the built in Cisco (LT2P/IPsec) vpn client. Since it gives you away your behind a VPN.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Wow! Just read the "invisible challenges" on biocatch.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Why would you care. There are millions of people using a hotspot right this second for legitimate reasons.

You blend right in. A hotspot on a burner phone with no info connected to you is the best thing to hide behind.

Your best bet is to run Linux on the client side. then you can spoof MAC address and what ever else you are worried about.

Most people would think I'm lame using a Chromebook. They dont realize a Chromebook is a Linux machine that can do almost anything you can throw at it through the command line in shell. Just have to put the Chromebook in DEV mode.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

They've already implemented everything. They spent millions of dollars to build these things. Trust me, Aspkin people still have problems because of this little stuff like TCP. PayPal's people are Javascript gurus. Look at their obfuscated javascript scripts from here :

https://www.paypalobjects.com/websta...prod.pp.min.js
https://c.paypal.com/webstatic/r/fb/...rod.pp2.min.js

FB does not mean Facebook. It's PayPal own way to trick people to think script related to Facebook.

This script also uses HTML5 file API :

HTML5 FileAPI can be used to extract your computer name and file paths. Some companies use HTML5 FileAPI to get VBOX name to detect VM's.

Right now, Chrome has protections against FileAPI but Firefox & many other browsers are not.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

The problem is not fixed because no one cared. I do not need to spoof MAC address, I just want to fix TCP stuff to create better stealth accounts.

I know millions of people using a hotspot for legitimate stuff but I want it for Stealth accounts which are gray actually.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

If it's not broken, don't fix it.

Fresh VPNs work. I use VPN for all my accounts. Thousands of people on this forum use VPNs without any issue. It's more about the quality of that IP rather than whether you're using a VPN or not.

Mifi device works too and as you mentioned it's used by millions of people without issue.

We know about browser fingerprinting and there are ways around that as well. It's not in PayPal's interest to be overly strict about browser fingerprinting; it would block or give trouble to too many good people. Amazon is strict about it but VMs help here.

When things get harder we adjust.

I would be more concerned about other areas of stealth which you can't spoof. Everything else is easy.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

I'm confused... with stealth, the nail that stands out gets hammered. If you hide all your TCP info you would stand out. If you spoofed it to look like a regular user. You would look like you do now.

There is no one single finger print for a PC that I know of. There are only odds of how many other PC's have the same finger print. The more PC's have the same finger print the better off you are.

If you want to kill all this, why dont you run Windows or Linux with a GUI on a VPS and remote into it with teamviewer or something similar.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

It's broken that's why we have to fix it. Your account maybe running but my accounts getting worse every day. They actually can fingerprint your whole router with this stuff.

Like I said, I do not care about browser fingerprinting, because I already fixed that one myself.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Because VPS and Teamviewer can be detected by WebSockets and analyzing behavior. Your mouse will be slow at remote stuff, or sometimes you face glitches. The mouse is not smooth at all. This can be easily detected using Machine learning. You just need to send all data, then ML algorithm does the magic.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

You do not have JS knowledge based on your talk. They can fingerprint everything, from your behavior to browser. Look at Biocatch, they can detect you even you switch computers. I do not need to hide TCP, I just want to spoof it to look like a normal user.

A user with Linux TCP print looks strange to them expect an android phone.

I know PayPal also use their own Biocatch system. Look at their JS, Mouse events clearly programmed into the script.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

And the plot thickens. I feel like Im watching fight club.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Well, no fight club. Here is some simple example :

Browser Fingerprint: Mac OS X
TCP Fingerprint: Linux
ICMP Fingerprint: Linux

This, of course, gets a red flag from PayPal system. They have millions of users with millions of TCP & ICMP fingerprints, so I believe they can analyze everything better than WITCH or any other company.

Amazon is not using TCP/ICMP as per my research. They use another kind of stuff.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Browser Fingerprint: Android
TCP Fingerprint: Linux
ICMP Fingerprint: Linux

This is a legitimate example.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

I feel like we are getting trolled... This user joined today. Admin could run his IP and see how good he is at stealth to see what we're dealing with.

Either he has a big vocabulary as a troll or he works for someone.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

I do not troll anyone. I ask help from Experts. I used Proxy to sign up at Aspkin. I'm good at OpSec.

I had another account here but now I cant remember username or password.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Sounds like your the expert... Only reason I jumped on this thread is because it actually looked like it would stimulate my mind.... Instead you blew my brains out... And that doesn't happen to me on this forum anymore.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

This whole thread is pointless, we aren't hacking into the NSA or trying to do anything exotic.

By the way, I went to the site http://witch.valdikss.org.ru/ with my VMWare using my Portable Browser, while connected with my Proxy....and here are the results...

https://i.imgsafe.org/6e/6ea8ca9c1e.png

Every once in a while someone comes on here with some over the top bullsh*t when it isn't needed.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

That thing only knows if the MTU isn't 1500. If your MTU isnt 1500 it assumes your using OpenVPN even if you not.

Or its a phishing site...

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

What about your OS shows in TCP? This tool is not modified, He just made it for DEMO but other companies already use TCP. Ok, I talk bull****, I will go to do my business then. None of you care about it.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Compare your VM OS with TCP OS then see the difference.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

By the way, NSA hacked long-time ago. I hope you know about shadow brokers and Snowden.


Here an example of a company who use TCP to prevent fraud and ⊗⊗⊗⊗ accounts.

https://www.pymnts.com/assets/Upload...Network-WP.pdf

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Detection of a mismatch between the operating system information reported by the browser compared with operating system information reported by the TCP/IP operating system fingerprint.

This Pymtns paper clearly describe this on Page 11

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

MM78, The fact is your proxy os shows as Linux. This proves you are using Proxy/VPN.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

There is another site which use IP latency to detect proxies. You can see it from here https://whatleaks.com/

Scroll down to PING.

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Jesus Christ, it's like attempting to walk across a street by levitation instead of just using your feet. Stop trying to make it more complicated than it is.

https://i.imgsafe.org/6f/6fa95d51e0.jpeg

Re: VPN & Proxy Detection, Browser Spoof Detection using TCP
 

Ok but scroll down in the same site, and see passive os fingerprint then send me a screenshot.