1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forcing flash through a proxy

Discussion in 'Proxies' started by A-Intelligence, Apr 16, 2010.

  1. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    I've tested on several sites & found that Flash is ignoring my browser based proxy settings & flash still reveals my actual ip. Anyone else ever run into this issue, or even notice?

    What is the way around this? (other than sockscap)
     
    • Thanks Thanks x 1
  2. shankarax

    shankarax Regular Member

    Joined:
    Oct 18, 2008
    Messages:
    375
    Likes Received:
    476
    Location:
    proxy-heaven.blogspot.com
    Home Page:
    Yep, I noticed that too.
    And I haven't found any solution yet (besides disabling flash of course).
     
  3. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Ok well lets put our heads together on this guys.

    From google results "8 Jul 2009 ... By default, the Adobe Flash Media Server uses port 1935 for the RTMP (Real-Time Messaging Protocol)"
    Although I'm sure there are different ports being used as well.

    This is important to all you guys out there (who are changing ip's/accounts)

    You might very well be logging in using a diff http/https/socks proxy even....but the flash is loading in your RAM & its bypassing your standard browser settings (at least in firefox)

    I've read a couple of articles saying that it obeys Internet Explorer's proxy settings but I don't buy it.

    All these programs, & all the elite proxies in the world aren't going to save anyone here shortly when they implement flash fingerprinting.

    And we need a solution, outside of a 1-proxy at a time program like sockscap, or proxycap.
     
  4. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Ok the existing solution is to use sockscap, or proxycap to load internet explorer. Of course the programmers only thought to make it use 1 ip.

    So that does no good for people with browser based programs/scripts.
    (yes many of the programs you buy run through IE controls & are based on those proxy settings)

    so lets say you've got 30,000 accounts somewhere, building up this massive network....then one day they start doing a simple flash fingerprint.......bam, they've got your entire network.

    I'm surprised there's not more interest in this thread....honestly.

    Did i post it in the right place?
     
  5. Damo8884

    Damo8884 Newbie

    Joined:
    Apr 28, 2009
    Messages:
    47
    Likes Received:
    13
    Occupation:
    A real job :(
    Location:
    Northern Earth
    Actually that explains alot, when my bot runs through a proxy the flash components don't load or act strangely.. Although It's not directly causing my accounts to get killed, yet..

    Is it definately possible to detect your actual IP through this?
     
  6. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Not only is it possible to detect your ip, but its also possible for Flash to fingerprint your entire pc by software versions & all kind of other methods.
    (THIS IS A TESTED FACT)

    I'm quite surprised this hasn't been brought up in the proxy section before.
    Code:
    [U]iovation.com/reputation-manager[/U]
    Here is a company that might very well be working in the near future (if not already in beta) with all the major social sites on the net.

    Regardless of how many IP's you've got they can now fingerprint your entire pc running the multiple ip's via flash.
     
  7. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    It has. many, many, many times..

    All of those fingerprints can still be controlled (and manipulated) by the client. It's still your PC you still have the final say on what's in your registry..

    Other then to disable flash, there is no quick fix solution. It requires lots and lots of reading and research. I myself have just begun to scratch the surface of what can be fingerprinted and you it can randomized from the client's end.

    It's a brave new world :D

    Also, don't forget about java!
     
    Last edited: Apr 16, 2010
  8. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Yea I've just scratched the surface as well.
    Off the top of my head......
    MAC Address (changeable but requires lan reset)
    Code:
    http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
    PC name (changeable but requires pc reset?)

    HD volume ids
    There is a free tool called Hard Disk Serial # changer which I think is misleading because it can ONLY change the volume ID but not the hardcoded serial number.
    Code:
    http://www.xboxharddrive.com/freeware.html
    Or a command line tool to change a hard disk volume serial number is VolumeID by Windows Sysinternals. It is a very small command line tool which is very straight forward. The command line to change a drive letter is as follow: volumeid [driveletter:] xxxx-xxxx
    Code:
    http://technet.microsoft.com/en-us/sysinternals/bb897436.aspx
    Now then, as far as mass-changing software versions on the fly....that's next up on my list of things to look for.
     
  9. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    It seems to me, that the only way in the future to do things on a massive scale, will be to actually edit information being sent out, on the tcp/ip level. Manipulating possibly encrypted packets that are sending out your pc fingerprint. This will have to be built into all of these scripts out there. Much like editing your browser header, you will need to spoof your PC header LOL

    It most definitely is a brave new world, as Grizzy put it.
     
  10. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Also, is it possible to restrict flash from retrieving pc data on a software/hex level or some sort?

    I know there's already been a post on how block/remove lso files

    But what about actually blocking flash from obtaining pc info, or forging the info it retrieves, possible?
     
  11. Damo8884

    Damo8884 Newbie

    Joined:
    Apr 28, 2009
    Messages:
    47
    Likes Received:
    13
    Occupation:
    A real job :(
    Location:
    Northern Earth
    What are the implications of simply disabling flash, java etc? Do you think enough genuine users would still have these plugins disabled to put them off from restricting anyone who disables it?

    I mean most flash sites still have a html only option, and while it is still accepted that sites have to cater for non-flash users then we're not gonna get penalised too much if it's disabled? Alot of sites say cookies must be enabled, but never seen anything else mentioned?

    If it is this simple for sites to do then why aren't all the big ones implementing it?

    Sorry this has started to concern me now!
     
  12. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    They are starting to. All of the major dating sites are using it....next up, facebook, myspace, etc.
     
  13. Damo8884

    Damo8884 Newbie

    Joined:
    Apr 28, 2009
    Messages:
    47
    Likes Received:
    13
    Occupation:
    A real job :(
    Location:
    Northern Earth
    On one particular dating site I'm targetting I'm struggling to make new accounts stick at the moment (about 30-40% success right now), there's been alot of changes including new flash components added to the signup procedure (although it's not compulsory to actually use it)- but from the testing I've done I can't see it being the problem, surely if it was then ALL my accounts would fail.. Maybe it's because the flash mostly fails to load..

    Again though would they really block every real user who disables it?- at least not just yet anyway?..

    Definately needs looking into, can't believe I overlooked this
     
  14. shankarax

    shankarax Regular Member

    Joined:
    Oct 18, 2008
    Messages:
    375
    Likes Received:
    476
    Location:
    proxy-heaven.blogspot.com
    Home Page:
    By default, the Adobe Flash Media Server uses port 1935 for the RTMP (Real-Time Messaging Protocol).

    So a possible solution could be to block port 1935 by editing the user.js of Firefox as follows:

    Code:
    user_pref("network.security.ports.banned", "port1935");
    At least a quick verification through http://www.whoer.net/ext was successful.

    Any feedback is appreciated.
     
    • Thanks Thanks x 1
  15. Damo8884

    Damo8884 Newbie

    Joined:
    Apr 28, 2009
    Messages:
    47
    Likes Received:
    13
    Occupation:
    A real job :(
    Location:
    Northern Earth

    Good work! Works for me in Firefox .. But would this be any different to just disabling it?

    I'm using imacros browser so would need to block it in ie, or block the port with my firewall?
     
  16. Damo8884

    Damo8884 Newbie

    Joined:
    Apr 28, 2009
    Messages:
    47
    Likes Received:
    13
    Occupation:
    A real job :(
    Location:
    Northern Earth
  17. A-Intelligence

    A-Intelligence Registered Member

    Joined:
    Apr 4, 2010
    Messages:
    63
    Likes Received:
    12
    Occupation:
    A.I.
    Location:
    DC / NYC / ARGENTINA
    Home Page:
    Some firewalls may be able to block port 1935, but most of them are application specific & I'm not sure we're trying to exactly block flash on our entire PC's here are we?
     
    Last edited: Apr 17, 2010
  18. shankarax

    shankarax Regular Member

    Joined:
    Oct 18, 2008
    Messages:
    375
    Likes Received:
    476
    Location:
    proxy-heaven.blogspot.com
    Home Page:
    As far as I can see some flash elements are still working although port 1935 has been blocked.

    Anyway, possibly someone else has a better solution.
     
  19. NoSuchAgency

    NoSuchAgency Junior Member

    Joined:
    Oct 14, 2009
    Messages:
    124
    Likes Received:
    61
    I'm surprised nobody has mentioned using a VPN. ALL connections to/from your computer are routed through the VPN provider. Best solution.

    Or you can force all connections through a SOCKS proxy.

    Or assuming you don't need Flash, why not just use Flash block (firefox plugin)?
     
  20. shankarax

    shankarax Regular Member

    Joined:
    Oct 18, 2008
    Messages:
    375
    Likes Received:
    476
    Location:
    proxy-heaven.blogspot.com
    Home Page:
    A VPN should work for this, assumed you don't need hundreds of different IP's.

    By using a Sock 4/5 Proxy the real ip becomes revealed through flash.
     
    Last edited: Apr 17, 2010