Warnings on the download page

H D Moore torspam at metasploit.com
Thu Mar 8 23:40:43 UTC 2007


Thanks for the feedback! Keep in mind this is the first applet I have ever 
written :-) Any information about the new API would be appreciated. Do 
you happen to know what versions it is compatible with? Bizzare that they 
would explicitly allow non-proxied connections. I used the Datagram 
Socket was so that I could send requests directly to the DNS server and 
not have to do any extra processing on the server side. 

The next version of decloak should be able to avoid Java/Javascript 
completely by loading up streaming media, PDFs, and so on within IFRAME 
tags inside the HTML. These media files would reference the magic DNS 
domain or custom services running on my server. An easy hack would be to 
stick a fake SMB service on the server and then embed UNC paths into the 
HTML. The tricky part is implementing enough of CIFS that I could extract 
a unique identifier from client's request.

-HD

On Thursday 08 March 2007 17:30, James Muir wrote:
> I discovered this back in January 2006 and wrote about it in a tech
> report.  I can give you a pointer to the tech report if you are
> interested.  I also have a demo which I will eventually post a URL for
> here once I clean it up a bit.



More information about the tor-talk mailing list