Forum

MAC address detection by eb/pp.. Possible?
 

Found an old thread from 2012 that all participants agree this is not possible..

Would like to have an updated input on the matter by members..

Has eb/pp technology/techniques progressed that far so they are today able to detect their users mac address?

Re: MAC address detection by eb/pp.. Possible?
 

No absolutely no. They can't see your MAC address.

Re: MAC address detection by eb/pp.. Possible?
 

Nope not MAC detection, as yet. :) :amen:

Re: MAC address detection by eb/pp.. Possible?
 

Yes. It's possible to get your MAC with following scenarios.

1. Internet Explorer ActiveX
2. Flash & Silverlight
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell.

Re: MAC address detection by eb/pp.. Possible?
 

I want to add another method. There is another way to get this using Bruteforcing but this requires a lot of computer power.

Lastly, Some advertisers can see your mac address when you log in to manage the router. This depends on your ISP. I do not think they share that info with PayPal. I just talking about possibilities.

Re: MAC address detection by eb/pp.. Possible?
 

Do you work for the government or hide from the government?

Re: MAC address detection by eb/pp.. Possible?
 

The thing is we access these "WEBSITES" using a web browser. The apps/plugins that were weak before are generally not used anymore because people could learn more about you than what is allowed by your web browser.

Your web browser protects you believe it or not. Now if you use a web app or mobile app, those are not web browsers.. those generally give a lot more information about you away.

Currently, unless you purposely give away permission, mac address is not given away by your web browser.

Re: MAC address detection by eb/pp.. Possible?
 

:attention:I know that these plugins not enabled by default, but some people tend to click on it and enable on some sites and there are flash exploits that begin sold by Zerodium to companies.

I know one exploit being used by Iovation, that they use flash and inject DLL into your system and that DLL gather everything from hard drive to mac.

Re: MAC address detection by eb/pp.. Possible?
 

I have a PhD in browser fingerprinting.

Re: MAC address detection by eb/pp.. Possible?
 

What was you old username? MLADen?

He wrote more elegantly than you do though.

Re: MAC address detection by eb/pp.. Possible?
 

I do not remember it either.

Re: MAC address detection by eb/pp.. Possible?
 

That was a joke... He's the one who created the Canvas Fingerprint Chrome addon.

You said you had a PHD in browser fingerprinting....

Re: MAC address detection by eb/pp.. Possible?
 

That addon produces ⊗⊗⊗⊗ canvas fingerprint that easily can be analyzed and mark as ⊗⊗⊗⊗.

I did not make any add-ons, but most canvas add-ons are produced ⊗⊗⊗⊗ canvas which not looks real to analytic systems.

Re: MAC address detection by eb/pp.. Possible?
 

It's good that we tell people not to do that not only in eBay Stealth but throughout this forum. This is a non issue.

Re: MAC address detection by eb/pp.. Possible?
 

ActiveX is more or less dead at this point, so this is not something to be worried about.

No, you cannot get MAC address from either of these.

This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.


People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances.

Re: MAC address detection by eb/pp.. Possible?
 

You need to understand that you have to go into School. There are many Flash & Silverlight tricks to get your mac address, hard drive id, as well as there, are zero-day exploits that can escape browser sandbox and do anything.

[1] http://consideredharmful.info/papers...%20Monster.pdf

This [1] article shows how they use Flash and Silverlight to access Mac


[2] https://krebsonsecurity.com/

Brian Krebs everyday post news about Flash, Silverlight exploits. You can follow him.

Re: MAC address detection by eb/pp.. Possible?
 

Passwords can get using brute force. Nowadays people brute-force even your card details so it's not surprising.

MAC address is not a big thing. so no software company cares. Nowadays you can view your mac address from xnfiity.com and you may able to see third-party scripts loaded on xnfitiy.com grab and record everything.

Re: MAC address detection by eb/pp.. Possible?
 

I hate when people say no to everyone. Everything is possible, and I posted options that can be used to get this MAC address. I also mentioned that PayPal unlikely do illegal things to get this mac.

Re: MAC address detection by eb/pp.. Possible?
 

I have a PhD in browser fingerprinting.

There's no such degree. Why don't you post your doctoral dissertation. We'd all LOVE to read it. :)

And your diploma too, we'd love to see that "Browser Fingerprinting Doctorate" of yours. :)

To the OP, no, they don't see your MAC address. Otherwise we'd all be toast, wouldn't we?

Re: MAC address detection by eb/pp.. Possible?
 

LOL, Now iloveghosts is on this thread.

Re: MAC address detection by eb/pp.. Possible?
 

What this post actually translates to:

"I have absolutely no idea what I'm talking about, so I'm going to pretend to know what I'm saying by berating others and linking a generic paper on some completely unrelated topic, as well as the homepage to some popular security website but not any particular articles".

FYI, a quick ctrl+f on "silverlight" and "MAC" returned literal results on that paper of yours. Good job reading your own sources before even posting it.

lmao no, nobody brute forces CC numbers or passwords across a network. You'll get IP banned after only a few tries, and the number of possible combinations would take you years to even count to.

Hmm, your ISP knows the MAC address of the modem/router they provided for you that forms a direct connection to your house. Yeah I have NO IDEA how they can possibly know the MAC address.

Then maybe should step down your ⊗⊗⊗⊗ high horse and stop being so pretentious first? You have absolutely no idea what you're talking about, you're just assuming how technology works. Funny how you're telling others to go back to school :lol:

Before you post anything else purely out of uneducated specualtions, go read about the OSI network models first and learn how the different networking layers work with each other. When you're done, try answering these questions to check your understandings:

Which network layer is the MAC address used in, and why is it needed?

What networking layer would Javascript/Silverlight/Flash reside in, and (roughly speaking) what functionalities do they provide?

How would knowing the user's MAC address be helpful in any way or form for its intended purposes provided by Javascript/Silverlight/Flash? (Hint: it doesn't.)

Re: MAC address detection by eb/pp.. Possible?
 

1.https://techcrunch.com/2016/12/05/a-...n-six-seconds/

2. That's why we have proxies to prevent IP ban.

3. Yes, there are countries where you can do Ph.D. in Browser Fingerprinting. I have more degrees than this one.

4. You are lazy, CTRL+F does not work 100% on PDF's.


Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix


A part of that researcher paper which describes DLL Injection through Flash/Silverlight :

Nikiforakis et al. found that some vendors (BlueCava and Iovation) attempted
to gain additional information about “deeper” layers of the user’s system. This was achieved through special plugins, which were distributed with (and able to invoke) DLLs that function essentially as native fingerprinting libraries. These libraries have access to a great amount of information about the user’s system, and are able to reveal information belonging to layers “below” the user’s browser – including but not limited to hardware identifiers, machine name, Windows installation date and Digital Product Id, installed system drivers and so forth. While this highly intrusive method requires the
user to “opt-in” at some point (as the plugins have to be installed first), it is possible to bundle them with “desired” software (as has been done with e. g. browser toolbars in the past) and thereby place
them onto a user’s system. Nikiforakis et al. furthermore found that the plugins may attempt to conceal their purpose (by identifying themselves as “identity shields” or similar, which is only technically true), casting this practice in a very questionable light. (cf. Nikiforakis et al. 2013 p. 5) However, the information obtained through these plugins is highly machine-specific (possibly unique) and likely to change frequently and is therefore extremely useful for fingerprinting.



I told everyone this method only works if you click "ALLOW ACCESS TO FLASH OR SILVERLIGHT" otherwise these methods not works.


Your ISP knows MAC address of every device that connected to a router and this includes NetBIOS Name (Your computer name), Computer Model, Running OS too.


If you want to prevent ISP leak, just use extended wifi router. This way ISP can't get your devices MAC's, they only able to get MAC of extended wifi router.


There are browser exploits including VM Escape begin sold by Zerodium to Government's and companies which can be used to infect your system with a virus. So anyone who has access to special exploits can view your mac address and hack into your computer. It's not a big mystery, and man you have no idea what you talking about. The Brian Krebs clearly mentioned on his blog about Flash/Silverlight exploits that were used to infect your computers with a virus and other dozens of proposes. So it's 100% possible to get MAC anyway but PayPal not willing to use Illegal exploits to get this, PayPal only able to get this with your own permission or ISP like Comcast share data with advertising companies then PayPal can use them too.