MAC address detection by eb/pp.. Possible?

[iloveghosts]

How would knowing the user's MAC address be helpful in any way or form for its intended purposes provided by Javascript/Silverlight/Flash? (Hint: it doesn't.)

- Flash/Silverlight are only used to Inject DLL into your system, and that DLL can go to a deeper level of your system to get everything from MAC to windows registry. You can't get MAC address solely through Flash/Silverlight, that's why they use some Flash Functionalities to Inject DLL into your system.

- JS has exploits too, Look at recent Intel exploits that gone wild over the web.

https://react-etc.net/entry/exploiti...via-javascript

- https://www.theregister.co.uk/2018/0...vulnerability/


Anyways, DLL gather all info about hardware information, not just MAC and this can be used to track you easily. That's all it about!

[iloveghosts]

I do not think there are still dumb people who do IP ban. They use fingerprinting too because IP's are dynamic and innocent users will have impact from this.

[BiN4RY]

Quote:

Originally Posted by iloveghosts

1.https://techcrunch.com/2016/12/05/a-...n-six-seconds/

2. That's why we have proxies to prevent IP ban.

And what exactly does this have anything to do with a website being able to find your MAC address exactly?

Quote:

Originally Posted by iloveghosts

3. Yes, there are countries where you can do Ph.D. in Browser Fingerprinting. I have more degrees than this one.

And I'm the king of Nigeria, among with several other thrones in the world.

Quote:

Originally Posted by iloveghosts

4. You are lazy, CTRL+F does not work 100% on PDF's

That PDF is entirely searchable. You just didn't even bother reading what you linked, as the keywords "MAC" and "silverlight" were simply not mentioned at all.

Quote:

Originally Posted by iloveghosts

Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix

What exactly are these? Googling these exact lines yields nothing.

Quote:

Originally Posted by iloveghosts

A part of that researcher paper which describes DLL Injection through Flash/Silverlight :

[omitted]

And once again, what does any of this anything to do with your MAC address being seeable by websites under normal circumstances? Security exploits within application frameworks has nothing to do with regular website tracking, and hackers have much better uses for them than trying to figure out what your MAC address is (at the risk of having a zero-day exploit being discovered and patched).

Quote:

Originally Posted by iloveghosts

I do not think there are still dumb people who do IP ban. They use fingerprinting too because IP's are dynamic and innocent users will have impact from this.

By your logic, you're literally calling every single server host dumb. Banning IPs (usually for an extended period of time) is simply the most straightforward and effective way to mitigate malicious network activities.

The firewall in your very own router in your house even bans remote IPs to mitigate potential attacks such as packet flooding, if it detects such pattern of activity. Are you also calling yourself dumb in this case?

[iloveghosts]

For those who think Canvas Add-ons can fix Canvas Problems, Check this http://kkapsner.github.io/CanvasBloc...ctionTest.html

[iloveghosts]

Quote:

Originally Posted by BiN4RY

And what exactly does this have anything to do with a website being able to find your MAC address exactly?



And I'm the king of Nigeria, among with several other thrones in the world.



That PDF is entirely searchable. You just didn't even bother reading what you linked, as the keywords "MAC" and "silverlight" were simply not mentioned at all.



What exactly are these? Googling these exact lines yields nothing.



And once again, what does any of this anything to do with your MAC address being seeable by websites under normal circumstances? Security exploits within application frameworks has nothing to do with regular website tracking, and hackers have much better uses for them than trying to figure out what your MAC address is (at the risk of having a zero-day exploit being discovered and patched).



By your logic, you're literally calling every single server host dumb. Banning IPs (usually for an extended period of time) is simply the most straightforward and effective way to mitigate malicious network activities.

The firewall in your very own router in your house even bans remote IPs to mitigate potential attacks such as packet flooding, if it detects such pattern of activity. Are you also calling yourself dumb in this case?

I have never seen such an ignorant ever in my life. We live in 21 century with ML solutions. There are ML solutions that detect and block attacks without banning IP's. Machine Learning is powerful, Nowadays people copy your face and voice with machine learning. (Deep⊗⊗⊗⊗).

Keywords MAC and Silverlight not mentioned on that paper, because they used an alternative paragraph to describe the working of that company in lengthy. Do you think researchers use Simple Words to describe everything? It will be not a research paper based on your logic.

Refer :

"are able to reveal information belonging to layers “below” the user’s browser –
including but not limited to hardware identifiers, machine name, Windows installation date and Digital Product Id, installed system drivers and so forth. "



Learn how to read Doctor. Nigerian Prince!

[iloveghosts]

Originally Posted by iloveghosts View Post
Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix


What exactly are these? Googling these exact lines yields nothing.


Answer - You are dumb Canadian who does not listen to other people. You clearly can see what are those if you read that paper or you do not understand about Windows or Flash.

These all are trackers, that gets information from a deeper level of your system,

BLUECAVA tracker use SFP to get Windows Registry, and that article described they also inject DLL to get the more deep level of hardware information using Injected DLL.

iovation ReputationManager use SFP to get MSIE Product key, and that article described they also inject DLL to get the more deep level of hardware information using Injected DLL.


ThreatMetrix use Flash to get OS & kernel version, and Real IP (Demo http://browserleaks.com/flash)

[iloveghosts]

And what exactly does this have anything to do with a website being able to find your MAC address exactly?


- you said that card Bruteforcing is impossible, so I provided you sources that make it possible...

[BiN4RY]

At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.

PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means

[iloveghosts]

What does any of this anything to do with your MAC address being seeable by websites under normal circumstances?

This can be used to track you uniquely across users or make tracking your computer easier. Iovation can track you even you change your OS, Browser.

See page 2 :

https://djnvkv0aa8g5w.cloudfront.net...tion-brief.pdf


Cookies are dead, Now people do not need care about Cookies. Honestly, I do not have access to source codes of Commerical Tracking Companies show you demo but you can contact authors of that research paper.

[iloveghosts]

Quote:

Originally Posted by BiN4RY

At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.

PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means

I'm not trolling anyone. I answered TC Question in more detailed. I'm also tired fighting with you!

[iloveghosts]

Quote:

Originally Posted by BiN4RY

At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.

PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means

I actually came to this forum to ask about fixing TCP fingerprint. I still waiting for someone who can help me out.

[BiN4RY]

Quote:

Originally Posted by iloveghosts

I actually came to this forum to ask about fixing TCP fingerprint. I still waiting for someone who can help me out.

TCP fingerprinting is only useful for inferring what the target OS is, since every implementation of the TCP stack uses different parameters for the packet's header.

Why does this bother you in the first place? Websites can get your OS version easily through trivial means, and the target OS inferred through TCP's header parameters serves no usefulness for further tracking purposes.

[iloveghosts]

Quote:

Originally Posted by BiN4RY

TCP fingerprinting is only useful for inferring what the target OS is, since every implementation of the TCP stack uses different parameters for the packet's header.

Why does this bother you in the first place? Websites can get your OS version easily through trivial means, and the target OS inferred through TCP's header parameters serves no usefulness for further tracking purposes.

it bothers me because of TCP OS Mismatch with Browser Reported OS. I want to modify this. I heard this needed to modify in kernel level. PayPal definitely checks this one.

[iloveghosts]

TCP Fingerprint is still useful and is already used by dozens of companies including PayPal.

[iloveghosts]

TCP leaks Time, Language, Connection Type too not just OS.

[BiN4RY]

Quote:

Originally Posted by iloveghosts

it bothers me because of TCP OS Mismatch with Browser Reported OS. I want to modify this. I heard this needed to modify in kernel level. PayPal definitely checks this one.

You cannot change these parameters, and these inference does not always accurately identify your OS. You're honestly over-complicating things for yourself, and this isn't something you need to worry about.

If it makes you sleep better, use a virtual machine running the same OS as whatever OS you're trying to spoof.

Quote:

Originally Posted by iloveghosts

TCP leaks Time, Language, Connection Type too not just OS.

Information like system time and language are not part of the TCP header, thus it's not possible for them to be leaked by TCP itself. If this information does get out, some other networking services running above the transport layer leaked it instead.

[rsot]

Very nice IT talk going on back and forth with the lingo

[iloveghosts]

Not true. Check this tool witch.valdikss.org.ru as a demo.

Check this article too : https://wiki.mozilla.org/Fingerprinting

"Clock skew measurement exposed by the operating system at the TCP level"

[iloveghosts]

https://patents.google.com/patent/US9596238

In case, you need more information check this out!

[iloveghosts]

Holy moly. Patent was issued for Paypal. I just found that out!

[BiN4RY]

Quote:

Originally Posted by iloveghosts

https://patents.google.com/patent/US9596238

In case, you need more information check this out!

Do you ever read what you post, or do you always assume you know what an article is about just by reading the title alone?

This patent describes how your network latency (aka ping), not system clock, can be used to estimate your rough geographic location. If Paypal is in the US and you claim to be in the US, an average network latency of 500ms between you and Paypal indicates you may not be in the US after all.

This concept is nothing new, and will never be used as a strong indicator for tracking since it's also not reliable/consistent. A congested network route will also throw off your network latency, for example.

I'd expect you know about computers a lot better than this for someone that has a "PhD in Browser Fingerprinting".

[iloveghosts]

Quote:

Originally Posted by BiN4RY

Do you ever read what you post, or do you always assume you know what an article is about just by reading the title alone?

This patent describes how your network latency (aka ping), not system clock, can be used to estimate your rough geographic location. If Paypal is in the US and you claim to be in the US, an average network latency of 500ms between you and Paypal indicates you may not be in the US after all.

This concept is nothing new, and will never be used as a strong indicator for tracking since it's also not reliable/consistent. A congested network route will also throw off your network latency, for example.

I'd expect you know about computers a lot better than this for someone that has a "PhD in Browser Fingerprinting".

I highly doubt your reading skills. That patent talk about clock drift, clock skew, and network latency. So three things, They use TCP/ICMP Clock Skew and clock drift on Machine Plus they measuring network latency using one of following ways,

1. Time from the source sending a packet to the destination receiving it
2. Round-trip Time (the one-way latency from source to destination plus the one-way latency from the destination back to the source)


Clock Skew, Clock Drift, Network Latency are three different things and not related to each other.


To me, you are ignorant who don't want to believe in Advanced Fingerprinting. I honestly tell everyone that this guy is selfish, he does not want the truth to go out.