Warnings on the download page
H D Moore
torspam at metasploit.com
Thu Mar 8 23:40:43 UTC 2007
Thanks for the feedback! Keep in mind this is the first applet I have ever
written :-) Any information about the new API would be appreciated. Do
you happen to know what versions it is compatible with? Bizzare that they
would explicitly allow non-proxied connections. I used the Datagram
Socket was so that I could send requests directly to the DNS server and
not have to do any extra processing on the server side.
The next version of decloak should be able to avoid Java/Javascript
completely by loading up streaming media, PDFs, and so on within IFRAME
tags inside the HTML. These media files would reference the magic DNS
domain or custom services running on my server. An easy hack would be to
stick a fake SMB service on the server and then embed UNC paths into the
HTML. The tricky part is implementing enough of CIFS that I could extract
a unique identifier from client's request.
-HD
On Thursday 08 March 2007 17:30, James Muir wrote:
> I discovered this back in January 2006 and wrote about it in a tech
> report. I can give you a pointer to the tech report if you are
> interested. I also have a demo which I will eventually post a URL for
> here once I clean it up a bit.
More information about the tor-talk
mailing list