1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How the hell are they tracking me, is my proxy leaking?

Discussion in 'BlackHat Lounge' started by Chicilikit, Sep 17, 2013.

  1. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    There is this chatroulette style site I use to get traffic. I use few of them, but at this one I have received ban for like week or so. This means losing interesting amount of money. I have problems with these sites for more than year, so learned some tricks over time, but this time do not know where is the problem. I delete LSO cookies with better privacy plugin, I also delete cookies with kill cookies plugin. U use proxy switcher as proxy tool and private proxy from squidproxies. Still when I go to the websites after all this, I see Im banned. When I connect without proxy, but using wifi of shop across the street, there is no ban. I would use them, but the signal is too weak for my purposes. Any idea where might be the problem?
     
  2. Panther28

    Panther28 Elite Member

    Joined:
    May 2, 2010
    Messages:
    2,268
    Likes Received:
    3,405
    Occupation:
    Internet.
    Location:
    Internet.
    test another couple of proxy providers, see if its that. then try your messages, and then try the length of accounts.
     
  3. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    3 basic methods used to see through the veil of a proxy

    1. Web beacons - small transparent gif downloads to your computer through the browser and the server records the IP viewing the beacon.

    2. Javascript executing sniffing browser IP (your real IP) and computer footprint (plugins, screen resolution, active processes, etc.)

    3.) Flash plays a 1px X 1px movie which operates much like a web beacon. The server records the IP that downloaded the movie.

    Try installing no-script plugin to defeat methods 2 & 3. If using FF look at Tools and Page Info click the second tab for images and look at the list to see if a web beacon is being downloaded. You can selectively block image sources in FF rather than block all.

    That will get you started in the research - good luck.
     
    • Thanks Thanks x 6
  4. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    1. for some reason "better privacy" doesn't remove all flash cookies. run it, and then go here and you will see there are still lso files: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

    2. clear all of your pc's cache, it contains identifying files. you may have to do this manually.

    3. try a different pc, it sounds like you're being "fingerprinted".

    EFF Reveals How Your Digital Fingerprint Makes You Easy to Track

    Think that turning off cookies and turning on private browsing makes you invisible on the web? Think again.

    The Electronic Frontier Foundation (EFF) has launched a new web app dubbed Panopticlick (https://panopticlick.eff.org/) that reveals just how scarily easy it is to identify you out of millions of web users.

    The problem is your digital fingerprint. Whenever you visit a site, your browser and any plug-ins you have installed can leak data. Some of it isn't very personal, like your user agent string. Some of it is more personally revealing, like which fonts you have installed. But the what if you put it all together? Would the results make you identifiable?

    As the EFF says, "this information can create a kind of fingerprint -- a signature that could be used to identify you and your computer."

    The EFF's test suite highlights what most of us probably already suspect -- we're readily identifiable on the web. We ran the test on a Mac using Firefox, Safari and Google Chrome, all of which leaked enough data to make us identifiable according the EFF's privacy explanations.

    The purpose of Panopticlick is to show you how much you have in common with other browsers. The more your configuration mirrors everyone else's, the harder it would be to identify you.

    The irony is, the nerdier you are -- using a unique OS, a less common browser, customizing your browser with plug-ins and other power-user habits -- the more identifiable you are.

    For example, say you're running Firefox on Ubuntu with the Gnash plug-in instead of Flash -- way to stick it to the man -- but you're also showing up with a unique configuration of browser, OS, installed fonts, plug-ins and more which can be combined to identify you via a unique online fingerprint.

    So what can you do to make yourself less identifiable? Well, by disabling cookies, the Flash plug-in, the Java plug-in and most of our extensions we were able to blend in better. Actually, the fact that we didn't have Java or Flash turned on made us more identifiable in those categories, but it also denied the test access to our installed fonts and other bits of data, so overall, less identifiable.

    Obviously that approach has a downside -- without Flash there's not much in the way of online video, a lack of cookies will cause issues with logins, and without Java, you won't be able to crash your browser or cause it to get hung up for hours.

    In short, the disabling method isn't much fun. Strange though it may seem, the best way to lose the unique online fingerprint is to blend in with the herd. As the EFF points out, mobile browsers are hardest to identify since there are few customization options and, for the most part, one version of Mobile Safari looks just like another.

    By the same token, if you want to blend in, stick with stock system fonts, run Windows XP, use Firefox with no add-ons and turn off cookies. You'll be much harder to identify.

    We should point out that, no matter how well you blend in the fingerprint test, you are of course still identifiable by your ISP. Advertisers and websites generally can't access the information your ISP has on you, but of course governments -- with the cooperation of your ISP -- always can. So don't think just because you've eliminated your fingerprints no one knows who you are.
     
    • Thanks Thanks x 7
    Last edited: Sep 17, 2013
  5. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,875
    Likes Received:
    7,477
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Flash cookies should be illegal. Flash disregards browser privacy settings and conducts its own undetectable tracking.
     
    • Thanks Thanks x 1
  6. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    And doesn't listen to browser connection settings (proxy).
     
    • Thanks Thanks x 1
  7. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    or... people could learn how to configure their pc! :cool:
    "carelessness" + "technology" = "a bad mix".

    Man gets 3 years in prison for stealing IDs over LimeWire

    A Washington state man who admitted using the LimeWire file-sharing program to steal tax returns and other sensitive documents has been sentenced to more than three years in federal prison.

    Frederick Eugene Wood of Seattle was ordered to serve 39 months for a fraud scheme that prosecutors said was a "particularly pernicious and devious one." In it, Wood would search the hard drives of LimeWire users for files that contained words such as "statement," "account" and "tax.pdf."

    He would then download tax returns, bank statements, and other sensitive documents and use them to forge counterfeit checks and steal the identity of the individuals who filled out the documents.

    Seattle detectives and federal agents found documents on Wood's computers belonging to some 120 victims, according to court documents. During a search of Wood's vehicle, they found eight different driver licenses in his wallet, each bearing Wood's picture with the names, addresses, and birth dates of different individuals.

    The case highlights the risk assumed by countless people who install LimeWire or other file sharing software on their computers and don't take the time to properly configure it. It seems a surprisingly large percentage of users share their entire hard drive over the services, rather than a select folder or two containing only the files they want shared.

    http://www.theregister.co.uk/2009/08/12/limewire_scammer_sentenced/
     
  8. cricket1

    cricket1 Senior Member

    Joined:
    Jul 5, 2011
    Messages:
    1,086
    Likes Received:
    459
    Combined with all the information above, I highly suggest you set a virtual machine and work on that too.
     
    • Thanks Thanks x 1
  9. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    Thanks a lot for informative posts, did not expect that :) Tried another computer with same proxy and no ban is there, as I mentioned before, banned computer connected via wifi of shop across the street works also, so its really weird.. Cleared everything with ccleaner, deleted lsos by hand (there were lots of them!) changed proxy.. ban still there. No script plugin probably cannot help me, because i need to run the site in imacros browser. VPS I use for different sites, but for this one i need real computer running my script.
     
  10. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    No ban on same pc with chrome, in imacros browser and firefox still ban...
     
  11. eventheodd

    eventheodd Newbie

    Joined:
    Jun 8, 2012
    Messages:
    0
    Likes Received:
    5
    Being too generic can be an issue too. Some sites block users who have too clean of a cookie profile.
     
  12. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    Two options:

    1.) Modify script to run in iMacros for FF

    2.) Check your IE settings. iMacros Browser uses IE settings ;)
     
  13. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    Yeah I have just changed the proxy right in the IE and then imacros shows im connected via proxy with no proxy detected.. I really start to think they use something different than cookie, but I still dont have any idea what could it be. so what I know so far:
    1. using different browser - no ban
    2. using different internet connection(someone elses via wifi) - no ban
    3. using different computer on same ip adress - no ban
    4. delete all cookies + proxy - ban
     
  14. Rebecca Astley

    Rebecca Astley BANNED BANNED

    Joined:
    Sep 11, 2013
    Messages:
    14
    Likes Received:
    14
    I get it!
     
  15. Radog

    Radog Registered Member

    Joined:
    Nov 21, 2009
    Messages:
    77
    Likes Received:
    44
    Sounds like the proxy is full or partial transparent maybe port 80/8080 is open. Some services attempt to connect to common open ports. If the port is open the service auto bans you, because they were able to issue successful a connection request on that proxy ip.
     
  16. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    And how to solve the problem with the open port?
     
  17. Radog

    Radog Registered Member

    Joined:
    Nov 21, 2009
    Messages:
    77
    Likes Received:
    44
    Look for proxy free or service that requires a odd port number to connect to like 2345. Run a port scanner on the proxy ips before use and see if the port 80/8080 returns as open. There may be a couple of free sites online that can test the transparency of the proxy you are currently using. If the test reveals the comp ip/browser info/cookies then the proxy is not fully anonymous.
     
  18. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    Just for those who are interested how this ended up. Well, it did not yet, I have tried completely new proxy provider, but they still know that the bastard that is using their chat for advertisement is me..
     
  19. DarkPixel

    DarkPixel Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 4, 2011
    Messages:
    1,328
    Likes Received:
    1,239
    Location:
    ↓↓↓↓
    Home Page:
    This is obvious, but have you tried firefox private browsing + different proxy?
     
  20. Mimosa Shu

    Mimosa Shu Newbie

    Joined:
    Nov 15, 2013
    Messages:
    9
    Likes Received:
    0
    What proxy server are you using? Maybe you can try CCProxy. It works well in our company.