Introducing DeAnonymizer

Discussion in 'privacy technology' started by SteveTX, Jul 29, 2009.

Thread Status:
Not open for further replies.
  1. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    No long winded speeches. Come try out DeAnonymizer. We will be updating it regularly with new attacks.
     
  2. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Running DeAnonymizer Beta on Windows Vista Business SP1 with xB VPN and IE8 completes all 15 scans. However, the test ends with a “The website cannot display the page” error and no final results are reported, unfortunately.
     
  3. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    Hmmm I'm not sure what to say but i passed this test using nothing more than a simple cgi proxy and firefox with no-script and adblock plus. Hmmm steve, what was the test suppose to do?, I'm really confused as to what i'm suppose to get from the test. Maybe i got a false result but if i can get around this then this test does nothing to deanonymize anything not even a humble cgi proxy, not trying to be negitive but i'm alittle suprised that it didn't leak anything, given what you'd have said about it getting around no-script and exploits.

    Anyway a better alternative would be the JAP anonymity test; https://www.jondos.de/en/anontest and/or decloak.net. This will show what information your leaking into the web and if your browser is configed to handle any exploits.
     
  4. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Re: DeAnonymizer Beta

    Running DeAnonymizer Beta on Windows 7 Ultimate x64 (Activated) with OpenVPN 2.1_rc19 and Firefox 3.5.1 "passes" all 15 scans...

    http://drop.io/59jony4

    "It's dark outside and it's raining in Berlin."
     
  5. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    yea this is a real let down.for the last 6 months all steve did was brag about how this deanymizer would break down pretty much everything that wasnt xerobank and everything i have tried passes.another case of steve trying to make himself and xerobank out to be more than they are.
    also ultrasurf passed with flying colors and steve said in a thread 4 months ago when he came on here and warned everyone to not use it that deanonymizer would break thru it as well.well it didnt and what about this info hes been promising for the past 4 months about ultrasurf and how bad it really is.when is this supposed information going to be revealed.
     
  6. duk

    duk Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    28
    Good project, a reverse engineering seems more robust than we are accustomed. But I did the test with a single simple PPTP VPN tunnel (low encryption and security) and found no difficulty in going through all.
     
  7. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    Interesting project but it does not works and does not detect as it is probably supposed to do.

    Tested behind TOR without disabling Java or Javascript.

    1) IE8 hang up on test 6 and will not continue

    2) Firefox reported failed by test 14 and warn for leaking of my IP address but alarm is false because script show Tor IP address and not my real.

    Then i'm wonder that this test does not use any Java applet for testing.

    Anyway deanonymizer.com looks promising but even frostjedi testing is more powerful ( http://www.frostjedi.com/terra/scripts/ip_unmasker.php ) because of Java applet and IP address leaking in last test (through XSS and only for web proxy).

    I hope that you gonna to improve testing because right now test is not useful.
     

    Attached Files:

    Last edited: Jul 30, 2009
  8. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    lol i think we already new this was total crap steve was spouting anyway total pass so lets wait for round 2 from steve prolly around january 2010
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The scan framework doesn't work well with vista or later right now, regardless if you are running a cgi / simple proxy. it's designed for linux / XP at the moment, since >78% of the world are running those. And I've seen it crush XP hard. :) it does not currently run browser-data spamming, but it soon will. infact, kyle is adding a user-agent spoof breaker. He has developed a way to discover the browser and os you are really running. We're going to release it to the tor project mailing list shortly. It also includes an IE 5.5 - IE 8 0-day exploit for remote read.

    @MakePB, give me your test #. It may be something wrong with the report generator (uses arrays inside arrays, i wrote it in 1 night :D )

    When we add the advanced DNS buster your PPTP stuff will then get attacked too. If you are on a VPN, just sit tight. We've got a simple DNS leak test in it already (i think. i know i've seen it. but not all test we have are given to it). New DNS buster requires java i think, but we shall see.

    Your no-script addon is good against most of the test, but it may not be able to execute the tests with those addons since it might block them, allowing them would likely work. we do have a test that will bypass no-script but we haven't added it into the server. When defcon starts to see the deanonymizer, they will recognize some new anonymity exploits they've never seen.
     
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Just tested both IE v6 & FF v3.0.12 in the last 30 mins with & without a Proxy.

    FF with no Scripting/Java/Iframes etc, IE with no Scripting/Java/Iframes/ActiveX etc.


    Without Proxy -

    With FF i had to manually advance the redirects, with IE i got no options to do anything, so i didn't get further than that page.

    The FF tests obviously showed my true IP as i did it directly. As IE was no go, i now only used FF.

    So it showed passed, not to anonyimity, but rather the way i have FF set up which isn't leaking data/info, i presume !


    With Proxy -

    http://anonymouse.org = Same as IE

    http://w2.hidemyass.com =

    Bad Request

    Your browser sent a request that this server could not understand.
    Request header field is missing ':' separator.

    (,Woe¢

    http://www.proxeasy.com = Passed see screenie
     

    Attached Files:

  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    well I can't even get it to scan. I have even disabled no script and admuncher, all I get is a blank white screen. If I can't allow it to scan what chance could it Possibly have of gaining my real IP and detailso_O
     

    Attached Files:

    • gg.JPG
      gg.JPG
      File size:
      38.4 KB
      Views:
      2,818
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    why haven't you added this test into the server? are you going to later on?
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Adding the test isn't as easy as flipping a switch. When you have a vulnerability, you then have to exploit it. Typically an exploit is tailored to a specific machine and application. In this case, we have to tailor it to many machines and applications and OS types, which some it does not fit. Once we are there, then we have to fit it into the DeAnonymizer testing framework and get it to report back a result in a standard way. It's all a bunch of gobbledygook if you get to take a look at it. We're working on more features when kyle wakes up tomorrow. stay tuned.
     
  14. MakePB

    MakePB Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    85
    Location:
    Find-IP-Address.org
    I would suggest you to include moz-binding XSS test (similar or same to test from frostjedi) to warn people about leaking IP address by using of web proxies and of course Java applet to warn people about danger of Java for privacy.
     
  15. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
    I think you should take that site down. It gives a false sense of security.

    I tried it first with my browsers default values. That is java script enabled, java disabled. and media streaming requests being denied. I passed the test.

    I then tried the test again but ran all the media streaming requests. I still passed. I"M using xp and firefox. I bet my real IP could be determined via windows media and QT exploits, it's just your implementation doesn't' work.
     
  16. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    Erm! what is this supposed to do, exactly?

    I ran the test using fx 3.5.3pre on Windows 7 without any anonymizing and I passed everything. In fact it didn't detect anything?
     

    Attached Files:

    • test.png
      test.png
      File size:
      19.4 KB
      Views:
      2,611
  17. whoarestinkler

    whoarestinkler Registered Member

    Joined:
    Apr 24, 2009
    Posts:
    12
    500 internal error in the end
     
  18. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I got a few pop-ups. Like the Windows media player asking for permission. I denied every time.

    It got till test/pass 7, and it seemed it didn't want to go any further.
    I waited a while. Eventually, I gave up.

    I'm not using an anonymity service. Just a plain regular connection, Windows XP Home Edition, Avira security suite.

    Maybe Avira keeps me anonymous ? :D

    It could take some work. :p
     
    Last edited: Aug 2, 2009
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I see a lot of you aren't reading the text before the test, or on the results page. If you aren't using a privacy service, there is no point in running the test, it doesn't mean anything.
     
  20. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I guess one could question about what constitutes a 'privacy service'.

    Steve, you're the one emphasizing the difference between anonymity and privacy.

    I don't use a privacy/anonymity service that is called that way/advertized that way.

    The Avira security suite. While not an anonymity/privacy service per se, it can provide protection, not sure how.

    Why would or should the test not work if you don't use a 'privacy' service ? One would expect that would be easier for your software.
    o_O
     
  21. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Fly,

    If there is nothing to deanonymize, then there is no point in taking the test. You can't reveal something that isn't hidden. DeAnonymizer probes digital facades. If you don't have a facade via a privacy or anonymity service, then it isn't applicable and just reads out your real information because it isn't hidden at all, and gives you false "passed" as the IP is already your real IP, not a sturdy withstanding against a stress test.
     
  22. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
    It simply doesn't work. I cant' get it to work with any web based anonymous proxy or tor, or VPN. When I say 'work' I mean actually operate correctly OR reveal my real IP. I"m running the windows media and quick time streaming requests. Quicktime errors all the requests with a message saying "Couldn't open the file payload.qtl because it is not a file quicktime understands"

    At the end I either get 'passed' or a message saying something like 'hacker no cookies' even though session cookies are active. I also get that white screen of death on many services, where it wont run at all. It shouldn't be passing any web based anonymous proxy servers as there are scripts that will reveal your real IP.
     
  23. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    What OS / Browser / Plugin / Security combination are you using? For example, on Vista x64 / FF, I can't get the first 15 test to crack, but on XP and Linux I saw it crack wide open. Simply using noscript will get you through the test right now (most likely) but we also have a way to defeat noscript that will be included when all the defcon/blackhat hoopla is over.
     
  24. DiscoGuy2009

    DiscoGuy2009 Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    11
    Does not work at all on OS X 10.5 - either Firefox or Safari (no add-ons, standard configuration)
     
  25. Airflow

    Airflow Registered Member

    Joined:
    Jul 5, 2009
    Posts:
    39
    Passed the test:

    YOU PASSED

    Congratulations, our tests were unable to discover any implementation flaws! Be aware that testing is not exhaustive and false negatives are possible. To get as accurate results as possible:

    1. Make sure you are using an anonymity service when you visit the test.
    2. Do not change your browser settings for the test, as it may mask privacy leaks in your typical browsing behavior.
    3. If the test became frozen, such as in Windows Vista, results may be false positives. New tests will be added regularly, so test your system regularly.
    VPN Users: DeAnonymizer can prove that you are not anonymous, but it cannot prove that you are anonymous. DeAnonymizer tests your implementation for leaks, but is not a IP-based network threat assessment tool.

    Country:
    Your IP Address: ERROR ()
    ISP: Undetermined

    :cool: :D

    Your Xerobank tool was fooled too, lol:

    Your Status: NO PROTECTION DETECTED
    Country:
    Your IP Address:
    ISP: nullroute-me
    Network Legal Risk: High (fix)
    Warning: ISP Spying Risk (fix)
     
Thread Status:
Not open for further replies.