Flash reveals real OS, any way around it?

Discussion in 'privacy problems' started by Blendin, Mar 1, 2014.

Thread Status:
Not open for further replies.
  1. Blendin

    Blendin Registered Member

    Joined:
    Mar 1, 2014
    Posts:
    3
    Hi everyone, I'm new here. :)

    I'm trying to spoof my operating system by changing the useragent, oscpu, etc, but Flash still reveals my real OS (supposedly) through actionscript. A good way to check this is by running the test at ip-check.info.

    I would like to know if anyone has come up with a way of tricking Flash into thinking that you're running a different OS.

    Thanks
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi Blendin,

    Welcome to Wilders Security Forums!

    Firefox spoofing is easy by adjusting the contents in about:config aka prefs.js in the user's profile.

    Adobe Flashplayer has a different approach to setup as they have a Management tool at their website to adjust settings for it. You should go to their website and look at the documentation for how to do this. I would be surprised if they allow such spoofing.

    -- Tom
     
  3. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    I use amongst other addons NoScript and Random Agent Spoofer. I haven't found a testing site ip-check.info/Panopticlick/Thismachine.info etc that this combo alone doesn't be-fuddle. IMO this is a vital part of setting up a privacy conscious browser.
     
  4. Blendin

    Blendin Registered Member

    Joined:
    Mar 1, 2014
    Posts:
    3
    Thanks for the welcome, lotuseclat79. :)

    I've been looking into this off and on for a few weeks. So far I've only been able to spoof the screen DPI. This can be done by creating a 'oem.cfg' file in the same folder where 'mms.cfg' is located (i.e. C:\Windows\SysWOW64\Macromed\Flash) and entering 'screenDPI=XX' in it. The Flash test at ip-check.info actually shows whatever value I enter here.

    I've tried changing a few of the classes listed at http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/Capabilities.html such as 'os' and 'screenResolutionX' but Flash appears to ignore them.

    That's as far as I've gotten so far. It would be nice to be able to completely spoof the OS without actually having to disable the Flash plugin.
     
    Last edited: Mar 1, 2014
  5. Blendin

    Blendin Registered Member

    Joined:
    Mar 1, 2014
    Posts:
    3
    Does your combo actually spoof your OS through Flash or does it only prevent Flash from seeing which OS you're using, returning a blank value instead?
     
  6. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Yes your correct, the OS is blocked from flash not spoofed. Sorry I mis-read your OP. I do like NoScripts approach though, especially with the likes of flash... give them nothing - block everything, that leaves no room for error.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    Just use VMs. You can use whatever OS you like, and each VM and persona can have its own. For example, mirimir likes Ubuntu LTS versions, with Firefox. Other personas use Whonix, with Tor-modified Seahorse. And so on.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Or use TBB in a Linux VM and be the exact replica of every generic bundle user on the planet. If they are bored they can come backwards 5 hops and have a cup of coffee with me. LOL!!
     
Loading...
Thread Status:
Not open for further replies.