Overclock.net › Forums › Industry News › Software News › [TR] Uncensored/Anonymous Web Browser TOR Released! (DOWNLOAD LINK)
New Posts  All Forums:Forum Nav:

[TR] Uncensored/Anonymous Web Browser TOR Released! (DOWNLOAD LINK) - Page 3

post #21 of 81
I'm not sure about the difficulty, or the little knownness of spoofing a MAC address. For people who care about stuff like this it's too easy.

Get a New MAC Address
The first thing you’ll want to do is retrieve the intended MAC address. If you have one in mind then use that, but if you aren’t trying to spoof a specific address and just need a random one, use the following command to generate one with openssl:

openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

MAC addresses are always in the format of xx:xx:xx:xx:xx:xx, yours must conform to this format in order to work. For the purpose of this walkthrough the randomly generated address of “d4:33:a3:ed:f2:12 ” will be used.
Changing the MAC Address

If you aren’t in the Terminal yet, open it now. We’ll use the interface en0 for this, but yours could be en1 (read notes at bottom). The command for changing the MAC address is as follows:

sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx

Replace “xx:xx:xx:xx:xx:xx” with the desired MAC address, in the example case this will look like:

sudo ifconfig en0 ether d4:33:a3:ed:f2:12

Hit return and enter the administrators password to set the new address. To confirm it has been changed, type the following:

ifconfig en0 |grep ether

You can also find it in Network preferences, though the GUI doesn’t always report the MAC change immediately, instead waiting until the network connection has been cycled.

About 30 seconds in the CLI in OSX i'm sure it's no different in Windows or Linux. all graciously posted on the web by a favorite site for Mac users
http://osxdaily.com/2012/03/01/change-mac-address-os-x/
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
post #22 of 81
MAC addresses don't make it beyond routers. The MAC address is only used for node-to-node communication in an Ethernet network. Spoofing a MAC address will only matter on your local subnet.

Suppose an IP packet needs to travel from PC 1 to Router 1 to Router 2 to Web Server 1. The Ethernet frame starts with PC 1 as the source MAC and Router 1 as the destination MAC. When it gets to Router 1, the source changes to Router 1 and the destination changes to Router 2. Then it's sent down the wire, and when Router 2 gets it the source changes to Router 2 and the destination changes to Web Server 1.
post #23 of 81
Quote:
Originally Posted by GermanyChris View Post

I'm not sure about the difficulty, or the little knownness of spoofing a MAC address. For people who care about stuff like this it's too easy.
Get a New MAC Address
The first thing you’ll want to do is retrieve the intended MAC address. If you have one in mind then use that, but if you aren’t trying to spoof a specific address and just need a random one, use the following command to generate one with openssl:
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
MAC addresses are always in the format of xx:xx:xx:xx:xx:xx, yours must conform to this format in order to work. For the purpose of this walkthrough the randomly generated address of “d4:33:a3:ed:f2:12 ” will be used.
Changing the MAC Address
If you aren’t in the Terminal yet, open it now. We’ll use the interface en0 for this, but yours could be en1 (read notes at bottom). The command for changing the MAC address is as follows:
sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx
Replace “xx:xx:xx:xx:xx:xx” with the desired MAC address, in the example case this will look like:
sudo ifconfig en0 ether d4:33:a3:ed:f2:12
Hit return and enter the administrators password to set the new address. To confirm it has been changed, type the following:
ifconfig en0 |grep ether
You can also find it in Network preferences, though the GUI doesn’t always report the MAC change immediately, instead waiting until the network connection has been cycled.

About 30 seconds in the CLI in OSX i'm sure it's no different in Windows or Linux. all graciously posted on the web by a favorite site for Mac users
http://osxdaily.com/2012/03/01/change-mac-address-os-x/

As easy as this is, they average person isn't going to do it, they just aren't that smart. Of all the times we have had to track people trading child pornography or copy-written material we have yet to find one who does any of this.

Which isn't a surprise considering we get people who call complaining about their internet not working when they have a house wide power outage. Due to a tree falling across a power line or other event that causes power loss.....

Quote:
Originally Posted by 0xZMan View Post

The MAC is useless if whoever your trying to track can download a program, enter a few numbers, and click a button. Correct me if I'm wrong but, just because you can SEE the data doesn't mean you know what it is. AFAIK Tor encrypts traffic, and uses any number of nodes before connecting to the actual endpoint. Doesn't this mean that you can see the data leave your network on the way to the first node, then see the data to your network from a node on the return trip, but not know what it is?

We can see what the actual traffic is, except in extremely rare situations with users who do use higher levels of encryption. Not to say we can't capture the data if we are actively tracking someone and break it, but again this is speaking towards the average user who doesn't exactly know what they are doing.
Quote:
Originally Posted by mott555 View Post

MAC addresses don't make it beyond routers. The MAC address is only used for node-to-node communication in an Ethernet network. Spoofing a MAC address will only matter on your local subnet.
Suppose an IP packet needs to travel from PC 1 to Router 1 to Router 2 to Web Server 1. The Ethernet frame starts with PC 1 as the source MAC and Router 1 as the destination MAC. When it gets to Router 1, the source changes to Router 1 and the destination changes to Router 2. Then it's sent down the wire, and when Router 2 gets it the source changes to Router 2 and the destination changes to Web Server 1.

There are ways of obtaining the MAC of the computer the user is sitting at, and it isn't that hard. It is very easy as an ISP to track it down as well.
Edited by PostalTwinkie - 8/13/12 at 11:33am
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
post #24 of 81
Quote:
Originally Posted by PostalTwinkie View Post

We can see what the actual traffic is, except in extremely rare situations with users who do use higher levels of encryption. Not to say we can't capture the data if we are actively tracking someone and break it, but again this is speaking towards the average user who doesn't exactly know what they are doing.
So your saying you can capture Tor traffic and figure out what it is? So if I use your ISP, connect to Tor, and go to overclock.net, you could (if you wanted to) tell that I went to overclock.net through Tor?
post #25 of 81
Quote:
Originally Posted by 0xZMan View Post

So your saying you can capture Tor traffic and figure out what it is? So if I use your ISP, connect to Tor, and go to overclock.net, you could (if you wanted to) tell that I went to overclock.net through Tor?

This is a yes and no answer.

Depending on how we are tracking you and what methods have been deployed, yes.

Now if I were to just randomly pull up one of my users and they happen to be using TOR, no I could only see that initial connection being made and nothing after it as it is being encrypted by TOR, I believe, as we wouldn't have been actively tracking that user and hadn't deployed means of tracking them. We could capture the encrypted data and work on break it, but that does take resources.

Let me sum it up as this....

If you are identified as a potential, uh, problem, and proper means are deployed, you can't hide. Even if you attempt to encrypt your traffic it is possible, with the right tools, to capture that data before being encrypted. Again, this requires that you are already identified and being tracked, which is the difficult part in some cases where you are dealing with someone who has high levels of knowledge. Think your super hackers....

But these type of people aren't going to be trading child pornography or pirated versions of Spider Man.

EDIT: There are a lot of crazy tools that have come out in the last couple of years that completely change the game. 15 years ago we, as an ISP, didn't think they would exist, but they do. If Law Enforcement wants someone they can find them, it is just a matter of resources.

Again! This applies to the average or even slightly above average user, not the high level government operated cyber terrorist and counter terrorist units. You have whole governments behind them....good luck.
Edited by PostalTwinkie - 8/13/12 at 11:50am
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
post #26 of 81
Quote:
Originally Posted by PostalTwinkie View Post

Even if you attempt to encrypt your traffic it is possible, with the right tools, to capture that data before being encrypted.
Wouldn't this require access to the machine of the individual your tracking? I thought all the encryption (at least for Tor) took place before the traffic is even sent across the network?
post #27 of 81
Quote:
Originally Posted by 0xZMan View Post

Wouldn't this require access to the machine of the individual your tracking? I thought all the encryption (at least for Tor) took place before the traffic is even sent across the network?

Yes, it requires access to the machine, just not physical. Thus falling back to the "Once we know who you are, your butt is ours" situation.

In modern cyber crime situations people who are "caught" aren't "just" caught, they were caught a long time ago and via legal authorizations tools are deployed. Gathering traffic over a period of time until law enforcement feels they have enough evidence to slam the door on them.
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i7 5820K AsRock Extreme6 X99 Gigabyte GTX 980 Ti Windforce OC 16 GB Corsair Vengeance LPX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO 250GB - HDD Speed Edtition Samsung SM951 512 GB - I still hate Samsung!  Noctua NHD14 Windows 10 
MonitorMonitorMonitorKeyboard
Achieva Shimian QH270-Lite Overlord Computer Tempest X27OC  Acer Predator XB270HU Filco Majestouch 2 Ninja 
PowerCaseMouseMouse Pad
Seasonic X-1250 Fractal Design R5 Razer Naga Razer Goliathus Alpha 
AudioAudio
AKG K702 65th Anniversary Edition Creative Sound Blaster Zx 
  hide details  
Reply
post #28 of 81
Quote:
Originally Posted by 0xZMan View Post

Wouldn't this require access to the machine of the individual your tracking? I thought all the encryption (at least for Tor) took place before the traffic is even sent across the network?

You have no idea what packets are leaving your computer...even when doing nothing..

Applications talk to the mother ship (adobe) SW updates are checked for etc. even if the data you are trying to hide goes out encrypted the other data does not and since it's using a different port your' most likely not seeing it.

People break encrypted data everyday what makes you think LE can't do it? Not all LE are Hoss' with guns.
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
post #29 of 81
Quote:
Originally Posted by PostalTwinkie View Post

Yes, it requires access to the machine, just not physical. Thus falling back to the "Once we know who you are, your butt is ours" situation.
In modern cyber crime situations people who are "caught" aren't "just" caught, they were caught a long time ago and via legal authorizations tools are deployed. Gathering traffic over a period of time until law enforcement feels they have enough evidence to slam the door on them.
So you'd have to gain unauthorized access to the user's computer. Which is basically hacking... which is illegal. Unless you have a court order perhaps.

EDIT:
Quote:
Originally Posted by GermanyChris View Post

You have no idea what packets are leaving your computer...even when doing nothing..
Applications talk to the mother ship (adobe) SW updates are checked for etc. even if the data you are trying to hide goes out encrypted the other data does not and since it's using a different port your' most likely not seeing it.
People break encrypted data everyday what makes you think LE can't do it? Not all LE are Hoss' with guns.
The other packets don't matter, they're harmless beyond identifying where the traffic is coming from. I imagine you could modify a Linux distro to minimize or remove all unnecessary traffic, then spoof your IP/Mac, and run Tor plus any number of other VPN's, proxies, etc. The point is the encrypted traffic, it doesn't matter if they know where you are if they don't know what your doing. As for breaking encryption, with the right resources, your right.
Edited by 0xZMan - 8/13/12 at 12:04pm
post #30 of 81
Quote:
Originally Posted by 0xZMan View Post

So you'd have to gain unauthorized access to the user's computer. Which is basically hacking... which is illegal. Unless you have a court order perhaps.

you missed the legal authorizations part.
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
 
DD Portable
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5 5675C Gigabyte GA-Z97X Gaming 5 XFX RX 480 GTR 32GB Corsair Vengeance 1600 
Hard DriveHard DriveHard DriveCooling
Samsung 840 Evo Western Digital Black RE4 2TB Western Digital Green 2TB bequiet! Silent Wings 2 140mm PWM 
CoolingCoolingCoolingOS
bequiet! Silent Wings 2 140mm PWM bequiet! Shadow Wings SW1 120mm PWM bequiet! Dark Rock Pro 3 Arch X64 / Gnome and OSX 10.11 
MonitorKeyboardPowerCase
Samsung 590D 4K KBC Poker II be quiet! Straight Power 10 400W bequiet! Silent Base 800 
MouseAudioAudio
Speedlink Omni VI  Sound Blaster Z  Bose Companion 2  
CPUMotherboardGraphicsRAM
i5 3427U The Googs HD4000 4GB DDR3 
Hard DriveOSMonitorKeyboard
32GB Flash / 128GB SanDisk Extreme SD card ChromeOS / Ubuntu 14.04 12" 2560x1700 bad 
PowerCaseMouseAudio
not much  Aluminium  Trackpad it makes noise I think  
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [TR] Uncensored/Anonymous Web Browser TOR Released! (DOWNLOAD LINK)