1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Operating System for Anonymity and BH Work?

Discussion in 'Black Hat SEO Tools' started by CashMoneyMantra, Mar 31, 2016.

  1. CashMoneyMantra

    CashMoneyMantra Registered Member

    Joined:
    Feb 25, 2016
    Messages:
    64
    Likes Received:
    83
    Location:
    mom's basement
    Hello everyone, sorry if this is in the wrong forum but I felt this was the winner between here, proxies and programming.

    I'm looking for an operating system that allows me to create profiles, basically. Each one with it's own assigned private proxy, list of accounts and MAC address. I'm not expecting some all in one package where I can be so lazy I can enter the account details in a box and automate the rest, but an isolated browser for each one with proxy and MAC settings assigned. I don't want to end up getting caught out with cookies and would like a paranoid tier level of protection from this sort of web profiling. Is MAC spoofing on the cards with a wireless router? I understand it is the router that displays the MAC and not the individual computer, but MAC addresses have never come up for me prior to this so it's a bit of a blind spot for me.

    Tails and Whonix are what google is telling me, but I don't know much about them. I've been weighing up getting Kali Linux purely for messing around with networks and maybe even screwing with my buddies a little, and it would seem like the support community for it would be less likely to scoff and eyeroll at blackhat advertising. I have only really used Windows though, so a little guidance would be much appreciated.

    Many Thank good Sirs
     
  2. mackay22

    mackay22 Regular Member

    Joined:
    Jul 22, 2009
    Messages:
    244
    Likes Received:
    93
    1 - sites don't really look at your MAC address. For them to do so you would usually need to accept it via your browser from a Java applet or from an active x control. There may be a piece of JavaScript that can detect MAC address but I don't think there is, and if there is then running Javascript disabled browser stops that.

    2 - if you do want to change your Mac on your router periodically, it really does not matter what OS you use, as it will be router-side commands you will be running. Depending on your router will depend on how easy that task is, and if you can do it from command line with a bash or batch file (depending on os). Also depending on your router you may want to look at loading some custom firmware to unlock more options and tools. DD-wrt is the main open source firmware for routers, but it may be overkill for what you need and updating firmwares etc is just a bit of fun really and not usually needed for our BH spam work ;)

    ** bonus note - Most ISP assign IP based on the Mac connecting to there network. If you plug straight into the network via modem (no router) changing your MAC address on your PC and rebooting your PC and modem will usually give you a new IP. Same if you use a router, change router MAC address and reboot and usually you will have a new IP. This depends on your ISP I suppose, for the ISP I am with this works and it works on some others too.
     
    • Thanks Thanks x 1
  3. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    Depends what you want:

    - Tails -> Amnesic focused, leave no trace.
    - Whonix -> Tor focused, everything goes through Tor.
    - Qubes -> Compartmentalization focused, everything is run in a dedicated virtual machine (can be used with Whonix)

    So if you don't give us more info we can't help you, but if you want to learn more about anonymity and security you can start by reading the Whonix wiki (even if you don't use Whonix it's filled with a lot of very important information).

    ps: Stop worrying about MAC spoofing, the only time you should take this in consideration is when you are using a public network. More info here.
     
    • Thanks Thanks x 1
  4. Galleta

    Galleta Regular Member

    Joined:
    Dec 7, 2015
    Messages:
    270
    Likes Received:
    89
    If you have dynamic IP, as most people with DSL should have, you get a new IP everytime you Release WAN Lease / Reboot router / reconnect through modem or wait 24 hours.

    To OP I would recommend to just use many VMs with VirtualBox.

    Regards
     
    • Thanks Thanks x 2
  5. CashMoneyMantra

    CashMoneyMantra Registered Member

    Joined:
    Feb 25, 2016
    Messages:
    64
    Likes Received:
    83
    Location:
    mom's basement
    Thanks for your reply. With regards to your first point, you have mentioned my exact fear. I saw a thread here on BHW just a week ago with many pages that said that google was using javascript to profile users, but having a look around for it I can't find it and can't remember any of the specifics of what it was they were doing to try and search for it properly. I do remember having javascript enabled would allow them to reveal your true IP from behind a proxy, using a packet request that is not covered by HTML5. I could turn off javascript but I'm just curious if I can insulate myself now from any sneaky tricks later on.

    As for #2 and the bonus, as I would be using a private static proxy and recycling them once each one is made, wouldn't I be at liberty to spoof my MAC as I control the highest level of the network infrastructure? I wouldn't be connecting through the ISP assigned IP or the router, but someone's server. Would that force upon me the server's MAC?

    Sorry if some of this is outright technologically illiterate, I've learnt this stuff as I've gone along.
     
  6. mackay22

    mackay22 Regular Member

    Joined:
    Jul 22, 2009
    Messages:
    244
    Likes Received:
    93
    lol yes, sorry being on cable network for 15 years I always forget about DSL and dynamic IPs, in which case none of what I said matters :) lol
     
  7. mackay22

    mackay22 Regular Member

    Joined:
    Jul 22, 2009
    Messages:
    244
    Likes Received:
    93
    Basically my understanding of network infrastructure is this; the last thing you use to connect to your ISPs network is the thing that broadcasts the baseline info, like your IP and MAC address. So if you connect via a router, it doesn't matter about the proxy etc on the other end of your ISPs pipes, because you are still connecting through your ISP and therefore broadcasting your baseline info which can be sniffed using a number of protocols, most of which are not normal web server functions etc but basically the packets being broadcast will contain MAC addresses / baseline info etc.

    websites that use JavaScript detection or an activex or similar are basically sending something directly to your pc and asking it for its MAC address, and therefore the router spoofing and anything beyond that is irrelevant.

    You can spoof either router or pc or both, it is your choice. It is possible on all OS, but is easier on some of the Linux distributions that have tools to do this. You get tools on Windows but not always with command line options and therefore not good for scripted changing.


    My network knowledge is learned mainly from hacking cable modems years ago where MAC addresses etc where pretty important.

    When end it comes to certain things, like setting up your own proxy to clean the packets being sent, I'm not very well versed in those areas I'm afraid.


    I guess it boils down to this;

    As far as I know, there are two ways to find someone's MAC address,
    - sniffing and deciphering network packets
    - dropping something on your PC and asking it for its MAC address.

    when I said earlier sites don't check your Mac, that was based on the first item, sniffing packets, I'd guess most sites don't even have the means to do that and those that do I think it might be some kind of naughty thing they aren't really allowed to do?

    based on using a JavaScript etc, if that's what your concerned with, then you'd probably want to change every Mac you can control :). Personally I'm not sure if we need to be that concerned right now but I could easily be wrong, and I don't think paranoia is that bad of a thing ;)
     
    • Thanks Thanks x 1
  8. mackay22

    mackay22 Regular Member

    Joined:
    Jul 22, 2009
    Messages:
    244
    Likes Received:
    93
    Sorry mate ate just re-read my last reply and realised it probably doesn't help you out.

    on waffle mode today soz :(

    in in direct response to your question

    Im afraid I don't actually know the answer to that. I believe packets can be sniffed back some hops so it might not hide your baseline packets. That's just a guess though.

    Hope someone else can answer that question for you better.
     
  9. CashMoneyMantra

    CashMoneyMantra Registered Member

    Joined:
    Feb 25, 2016
    Messages:
    64
    Likes Received:
    83
    Location:
    mom's basement
    Sorry, I wrote a longer post originally but felt I was beginning to ramble so I cut it back. I'd like to have several browser windows open, each one isolated from the other unable to be profiled by cookies outside of the activity of that particular browser, each running a different private proxy. I'd like it if I could save the cookies to each individual browser to save having to log in every time along with the proxy I've assigned that group of profiles. I will likely be getting banned from adwords and plan to play cat and mouse with them with multiple online presences.

    Just to clarify, I have a static IP.

    I haven't used VMs before but know the gist of it, now you mention it it does seem to solve all the problems! Having not used them before they weren't at the front of my mind as a solution. I could even run different operating systems for each one to further throw off the scent. Is there an OS well optimised for running VMs? Much of this will be new territory for me, it's going to be badass.

    I think virtual machines with private proxies is a good way to go with this, I was approaching the problem from the wrong line of thinking. Thank you all for your replies, I've managed to learn something from each one.
     
  10. mackay22

    mackay22 Regular Member

    Joined:
    Jul 22, 2009
    Messages:
    244
    Likes Received:
    93
    Now this...

    can easily be achieved.

    Personally i use Firefox portable, with the portable version of a plugin called profilist to create multiple Firefox profiles that are fully portable ( and not loaded on your local folders), then I create one main profile with proxy plugin, canva plugin, webrtc plugin and header plugin. Then I copy+ paste that profiles folder multiple times (however many I need) and then use profilist plugin to create new profiles, and when prompted direct the profile to the new folders I created (1 folder for each profile)

    now you you have multiple profiles to browse with, you can open each one and assign them there personal settings, and they will remain with those settings.

    I do this using a Windows vps, although I setup my portable ff folder to be synced via mega and that way if ever I need to access those accounts/profiles on any PC I just sync up my mega folder and I known the browsers are cool.

    I think that is what your looking for really, if you want finer details just ask but the just if it is all there.

    :)
     
  11. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    Then you just need a bunch of virtual machines, each VM will only be used for one account/purpose, you boot it and you are ready to go. for what you want an OS like Qubes is probably an overkill especially if you are not familiar with Linux.
    I'm gonna assume you use Windows, so simply download VirtualBox, you'll find a lot of tutorial. For ease of use you can also install the guest additions that will allow you to run in seamless mode and share folders.

    If you are afraid of anonymity leak here what you need to do:
    - Disable WebRTC
    - Disable flash
    - Use OpenDNS
    - Make sure the proxy IP and timezone of the VM are matching
    - Run a test to make sure everything is ok
     
    • Thanks Thanks x 1
    Last edited: Mar 31, 2016
  12. rutkowski

    rutkowski Newbie

    Joined:
    Mar 7, 2016
    Messages:
    19
    Likes Received:
    1
    any one know of any good information about posting google plus reviews?