Reducing java leakage in windows
icmp30
icmp30 at yahoo.com
Tue Dec 4 08:51:31 UTC 2007
How's it do against the decloak tests at metasploit?
http://metasploit.com/research/misc/decloak/
--- Arrakis <arrakistor at gmail.com> wrote:
> It appears that Java attacks for causing external IP data to be leaked
> can be mitigated to some good degree. The upshot is that you can now run
> Java applets that even when attempting to phone home directly (revealing
> your IP), they are routed through the socks port and thus Tor or any
> other socks speaking application. What we are doing is changing the
> proxy settings of the Java Control Panel in windows. The following will
> shortly be applied to xB Browser after testing, and I highly suggest it
> for other proxy programs. Needs lots of testing of course, and I would
> also like to know if Java applets can acquire the authority to modify
> that file as well. May require administrative access, but I imagine
> Vista will popup a priv escalation window. There are probably variations
> in the directories and syntax if you are running JRE <1.4. A good
> indicator of old versioning is to see if your shoes employ the use of
> velcro, you have a pair of 'jams' in your closet, or you've found
> yourself to be too legitimate to quit.
>
> Regards,
> Steve Topletz
>
>
> -------------
>
>
> 1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
> If there is no deployment.properties file there, try all administrative
> usernames we can enumerate until we find the file. This is not a certianty.
>
> 2. Back up deployment.properties to a new file name.
> 3. Open it up
> 4. Read and store all lines beginning with "deployment.version"
> 5. Read and store all lines beginning with "deployment.javapi"
> 6. Close the file
> 7. Create a new file deployment.properties where the old one was.
> 8. Open the file
> 9. Insert the following lines
>
> #deployment.properties
> deployment.system.tray.icon=false
> deployment.browser.vm.iexplorer=false
> deployment.proxy.socks.host=localhost
> deployment.proxy.type=1
> deployment.proxy.same=true
> deployment.browser.vm.mozilla=false
> deployment.capture.mime.types=true
> deployment.proxy.socks.port=8080
>
> (where port 8080 is your socks port. in Tor, use 9050 by default)
>
> 10. Write all previously stored lines from old opened file.
> 11. Close the new deployment.properties
>
> Continue starting your proxy program
> On program exit...
>
> 12. Delete the deployment.properties file we created.
> 13. Restore the deployment.properties file we backed up.
>
____________________________________________________________________________________
Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/
More information about the tor-talk
mailing list