Re: UnAnonymizer

["pdp (architect)" <pdp.gnucitizen () googlemail com>]

indeed it is fun, unfortunately not very neat :) IMHO... although I
quite like the idea, don't get me wrong. What would be nice is to
implement the same but with Flash. Flash is for sure enabled on most
browsers.

Also, it might be possible to unhide a tor user by starting an
application which will make a http request to your server regardless
where your browser proxy setting are pointing to. For example sending
back

Content-type: <some mime>

Content-type: application/pdf should start pdf reader on most
browsers. PDF documents are usually dynamic, so you can embed some
object into the pdf document that will point back to your webserver,
which as a result may unhide the current tor user. This might work on
platforms where the environment is not that much integrated
(Linux/Unix). On windows, however, setting the right proxy in internet
explorer should make most applications aware of it. :)

On 6/27/06, H D Moore <fdlist () digitaloffense net> wrote:
> A fun browser toy that depends on Java for complete results:
> - http://metasploit.com/research/misc/decloak/
>
> -HD
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


--
pdp (architect)
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/