Reducing java leakage in windows

icmp30 icmp30 at yahoo.com
Tue Dec 4 08:51:31 UTC 2007


How's it do against the decloak tests at metasploit?
http://metasploit.com/research/misc/decloak/


--- Arrakis <arrakistor at gmail.com> wrote:

> It appears that Java attacks for causing external IP data to be leaked
> can be mitigated to some good degree. The upshot is that you can now run
> Java applets that even when attempting to phone home directly (revealing
> your IP), they are routed through the socks port and thus Tor or any
> other socks speaking application. What we are doing is changing the
> proxy settings of the Java Control Panel in windows. The following will
> shortly be applied to xB Browser after testing, and I highly suggest it
> for other proxy programs. Needs lots of testing of course, and I would
> also like to know if Java applets can acquire the authority to modify
> that file as well. May require administrative access, but I imagine
> Vista will popup a priv escalation window. There are probably variations
> in the directories and syntax if you are running JRE <1.4. A good
> indicator of old versioning is to see if your shoes employ the use of
> velcro, you have a pair of 'jams' in your closet, or you've found
> yourself to be too legitimate to quit.
> 
> Regards,
> Steve Topletz
> 
> 
> -------------
> 
> 
> 1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
> If there is no deployment.properties file there, try all administrative
> usernames we can enumerate until we find the file. This is not a certianty.
> 
> 2. Back up deployment.properties to a new file name.
> 3. Open it up
> 4. Read and store all lines beginning with "deployment.version"
> 5. Read and store all lines beginning with "deployment.javapi"
> 6. Close the file
> 7. Create a new file deployment.properties where the old one was.
> 8. Open the file
> 9. Insert the following lines
> 
>  #deployment.properties
>  deployment.system.tray.icon=false
>  deployment.browser.vm.iexplorer=false
>  deployment.proxy.socks.host=localhost
>  deployment.proxy.type=1
>  deployment.proxy.same=true
>  deployment.browser.vm.mozilla=false
>  deployment.capture.mime.types=true
>  deployment.proxy.socks.port=8080
> 
> (where port 8080 is your socks port. in Tor, use 9050 by default)
> 
> 10. Write all previously stored lines from old opened file.
> 11. Close the new deployment.properties
> 
> Continue starting your proxy program
> On program exit...
> 
> 12. Delete the deployment.properties file we created.
> 13. Restore the deployment.properties file we backed up.
> 



      ____________________________________________________________________________________
Be a better pen pal. 
Text or chat with friends inside Yahoo! Mail. See how.  http://overview.mail.yahoo.com/



More information about the tor-talk mailing list