Note: whenever you see
something like this: blah(1) it means that if you don't understand the meaning
of the word blah there's an explanation for it just for you, located on the
newbies corner on section 1.
Author's notes If you have
any comments or questions regarding this tutorial (no flames(10) or spam,
please) Email me at barakirs@netvision.net.il. Visit
blacksun.box.sk for more tutorials, free hacking/programming/unix books to
download and much more.
Disclaimer We do not encourage
any kinds of illegal activities. If you believe that breaking the law is a good
way to impress someone, please stop reading now and grow up. There is nothing
impressive or cool in being a criminal.
Contents
Anonymity? * You mean I have absolutely zero anonymity on the web? *
So what? Why would I wanna be anonymous anyway? * Okay, I see your point.
Anonymize me.
Proxies? * What are proxies? * What are public proxies? * Where
can I find lists of public proxies? * Are they good for anything besides
anonymity? * Okay, so how do I use them?
Wingates? * What are Wingates? * How can I use them to anonymize
myself? * Wingates sound useful. I wanna run one on my own computer. How do
I do it without turning it into an "anonymity hive"? * How can I tell IRC
clients, instant messangers such as ICQ, etc', to use them?
Anonymous Remailers? * What is an anonymous remailer? * How can I
use them to be more anonymous? * Why would a person start an anonymous
remailing service? Where's the catch?
Encryption? * Why should I encrypt my Email? * How can I encrypt my
Email?
Cookies? * What are cookies? * Can they risk my privacy?
.chk files? * What are they? * How can they risk my privacy?
The Anonymizer? * What is the anonymizer? * How can I sign up?
Where can I learn more about anonymity? * Useful URLs. * Other
useful tutorials by Black Sun.
Appendix A: Using Altavista as a "proxy" * How can I use Altavista's
web translation service to anonymize myself?
Appendix B: Spoofing browser history * How can I spoof my browser's
history?
Appendix C: the +x mode
Appendix D: The Proxomitron
Bibliography * http://www.theargon.com * Anonymizer.com * Various
tutorials
Anonymity? Whether you realize it or
not, the Internet is not as anonymous as you might think. Here are a few
examples:
1) You enter a website. Once you hit any one of the files on
the webserver, the website owners can find out these pieces of information about
you, and much more:
1. Your IP Address. 2. Your hostname. 3. Your
continent. 4. Your country. 5. Your city. 6. Your web browser. 7.
Your Operating System. 8. Your screen resolution. 9. Your screen
colors. 10. The previous URL you've been to. 11. Your ISP.
And
this is just the tip of the iceberg. Go to our homepage at blacksun.box.sk and
find the web statistics button (later addition: we have terminated our account
on our webstats provider because they were quite buggy, and we've decided to use
a php3-based text counter). There you will be able to see how much we can tell
about our visitors
2) Another example: you're connected to an IRC
network and you are chatting with your friends. Right now all a person needs to
find information on you is nothing but your nickname. He doesn't even have to
know you, or be in the same channel/channels you are. Here are a few examples of
what you can find by simply knowing a person's nickname (in the most optimal
conditions):
1. Your real name. 2. Your Email address. 3. Your IP
address. 4. Your hostname. 5. Your ISP. 6. Your continent. 7. Your
country. 8. Your city.
And much much more.
The same goes for
online games that allow players to view the other players' IP addresses.
3) Suppose my name is Paul Matthews, and my Email address is
pmatthews@boring.ISP.net. It is extremely easy to figure out that the first
letter of my first name is P and that my last name is Matthews, but that's not
all. Some ISPs give their entire listings to web directories. Meaning, people
can go to, say... whowhere.com, punch in the words Paul Matthews or search for
people with Matthews as their last name on boring.ISP.net and find out that
pmatthews@boring.ISP.net does actually belong to Paul Matthews, hence
discovering your real name. But it is also possible to use these web
directories for 1,001 uses. Therefore you should go to whowhere.com as soon as possible, try to
track down yourself and then tell whowhere.com to delete your listing.
4) Some ISPs also run finger daemons. A daemon is a program that
waits for incoming connections on a specific or several ports. The finger
daemon is a daemon that waits for open connections on port 79. Once you get in,
you need to punch in a username on the system the daemon runs on and you will
get tons of information about him. For example: a while ago my ISP was
running a finger daemon on their servers (until I forced them to take it off
because it was a privacy invasion). Now, suppose you know nothing about me
besides my Email address, which is barakirs@netvision.net.il. The first thing
you should do is to go to netvision.net.il on port 79 and hope there's somebody
there. If there is, you can find the following information by typing in my
username, barakirs:
1. My real name. 2. When was the last time I was
online. 3. If I'm online right now, since when have I been online. 4.
Whether I have new mail or not.
And much much more (some finger daemons
might give out any pieces of information, such as my home address and phone
number). Besides the obvious uses (finding a person's real name and other
private information), you can use this information for various purposes, such
as:
1. Most instant messangers, such as ICQ, AIM, YAHOO Instant
Messanger and MSN Instant Messanger, allow you to add people in or outside your
contact list to an "invisible list", so they won't be able to know whether
you're online or not and you'll appear to be offline to them. If they have your
Email address, and your ISP is running a finger daemon, they are able to know
whether you're really offline or just trying to fool them. 2. Your friend
promised you to do something for you on the net, but when you finally go online
to ask him if he's done it he says that he just got back from work and that he
just got online. Using finger, you can test this and see when he really got
online.
These were just a little out of many examples. During this
tutorial I will explain to you how to prevent people from finding out
information about you (there will always be new tricks, but blocking the most
basic / common ones will hold off most attackers and make it harder for the more
experienced ones). If you really wanna learn how to do these things, as well as
some really cool and advanced tricks, then read the 'Info-Gathering' tutorial.
Proxies? Proxies were first invented in order to speed
up Internet connections. Here's how they work: You are trying to connect to a
server on the other side of the planet. Your HTTP requests are sent to your
proxy server, which is located at your ISP's headquarters, which are a lot
closer to you than that far-away server. The proxy first checks if one of it's
users has accessed this website lately. If so, it should have a copy of it
somewhere on it's servers. Then the proxy server starts the connection only to
check if his version is not outdated, which only requires him to look at the
file size. If it has the latest version, it will send the file to you, instead
of having the far server send it to you, thus speeding up the connection. If
not, it will download the requested files by itself and then send them to
you. But proxies can also be used to anonymize yourself while surfing the
web, because they handle all the HTTP requests for you. Most chances are that
your ISP has a proxy. Call tech support and ask them about it. But the problems
with proxy access given to you by your ISP is: 1. Some ISPs don't even have
proxies. 2. The website owner would still be able to know what ISP you are
using and where do you live, since this kind of proxies are not public and they
can only be accessed by users of that ISP. For such cases, there is a solution -
public proxies. You can find a list of public proxies everywhere. Here are
two good URLs to start from:
To configure your web browser to use a proxy server, find the
appropriate dialog box in your settings dialog box (it varies from different
browsers).
Note: some proxy servers will also handle FTP sessions (some
might handle FTP only).
Wingates? Wingate is a program
that is used to turn a PC running Windows 9x or NT into a proxy server. Here are
several reasons for why a person would want to run such an application and turn
his computer into a proxy:
1. If he owns an ISP and he wants to set up a
proxy for it. 2. If he wants to turn his computer into a public proxy. 3.
If he wants to give Internet access to a whole bunch of computers that are
connected by a Local Area Network, but he can provide Internet access for only
one computer. In that case, he would turn his computer into a proxy server and
set all the other computers on the network to use him as a proxy. That way all
the rest of the computers on the network will relay their HTTP and FTP requests
through a single computer, a single modem and a single Internet account.
The problem with Wingates is that they're highly... well... they're
very... how should I say this? Stupid. Just plain stupid. Why is
that? EVERYONE can connect to your little proxy by simply connecting to port
1080 on your computer and typing 'target-ip-address-or-hostname port' (no
quotes) and replace target-ip-address-or-hostname with the IP address or the
hostname they want to connect to, and replace port with the destination port.
The "wingated" mahcine will then relay your input through it, but it will seem
like the wingated machine is connecting to the target computer, not
you. Sure, the sysadmin of the wingated machine can change that port to a
different one, but this is the default, and if you're stupid enough to use
Wingate you probably won't want to play with the defaults. First of all, if
you need to use Wingate for some reason, use SyGate instead. It does exactly
what Wingate does, only it won't serve EVERYONE like Wingate does. Now, these
Wingates can be used to anonymize practically anything. Also, every program that
can be set to run behind a SOCKS firewall (most IRC clients, most instant
messangers and most web browsers) will automatically do the dirty work of
routing your stuff through it if you'll give them the IP/hostname and the
appropriate port for the wingated machine. Wingates can also be used to get
into IRC channels you got banned from (by faking your IP).
WARNING: some
IRC networks run bots that will kick out people using Wingates. These bots try
to connect to random people on port 1080. If they succeed, they kick you out.
This works because the IRC network, as well as everyone on it, thinks that your
IP is the wingated machine's IP. If the bot tries to connect to your IP on port
1080, it will actually go to the wingated machine. The bot will then detect that
your IP is actually a wingate and kick you off (since it's being run by the IRC
network and given enough priviledges to kick out anyone).
You can find
lists of Wingates at http://www.cyberarmy.com/lists. There
are also tons of Wingate scanners out there that can scan whole subnets and look
for Wingates, but this might take some time (and make your ISP get suspicious),
so you'd just better go for CyberArmy's lists.
Anonymous
Remailers? Previously I have demonstrated to you what a person with
very little knowledge can find out about you just by knowing your Email address.
Now it is obvious that to keep your privacy, you need to sign up for a free
Email account (such as Hotmail [hotmail.com], Yahoo mail [mail.yahoo.com], ZDNet
Mail [zdnetmail.com], Net @ddress [netaddress.com], Bigfoot [bigfoot.com] etc').
But what if you had a special Email address on a free server that automatically
forwards all incoming Email to your real mailbox and keeps all the information
discreet? These are called Anonymous Remailers. Most of them are free and
live out of contributions and/or sponsor banners they place on their
website. You can find many many Anonymous Remailers at http://www.theargon.com/.
Here's a
good example for an Anonymous Remailer: First, head to http://anon.isp.ee/ (by the way, the extension
.ee stands for Estonia) and sign up your free account. Once you're a registered
user, send an Email to robot@anon.isp.ee with no subject and the following
content: user: your username pass: your password realaddr: your
recipient's Email address. realsubj: the subject of your mail. Example: if
I want to send an anonymous mail containing the following:
Subject:
ANONYMITY RULEZ!! Hi. This is an anonymous Email message. Let's see you
trace me now!
to bgates@microsoft.com, and your username is user and
your pass is pass, send the following Email to robot@anon.isp.ee (remember not
to enter a subject):
user: user pass: pass realaddr:
bgates@microsoft.com realsubj: ANONYMITY RULEZ!! Hi. This is an
anonymous Email message. Let's see you trace me now!
You'll receive
an Email notification from anon.isp.ee once your message has been
delivered. Once your recipient will reply to this Email, the message will
return to you.
You can also use web-based anonymous remailers such as
Replay Associates (replay.com/remailer/anon.html), but it won't let you receive
replies.
Encryption? Everyone can read your Email.
Whether it's some script kiddie who hacked your Hotmail account, a skilled
cracker (or a script kiddie with a lot of free time) that hacked your POP3
mailbox or a person who got your Email by mistake. If you don't want other
people to read your Email, use PGP. Everyone who uses PGP can have their own
PGP key. A key consists of tons of characters, whether they are lowercase or
uppercase letters, number or symbols. After you make your key, you need to
transfer it to everyone you want to send encrypted mail to. Once they have it,
you can start sending encrypted mail to them and they'll be able to use your key
to decrypt it. More info on www.pgpi.com.
Note: PGP is very strong
and can only be broken with giant supercomputers. The longer your key is, the
harder it is to break the encryption.
Cookies? Have you
noticed how all those websites on the net are getting "smarter" all of a sudden?
You know, like the way message boards remember your nickname, some sites
remember your password so you won't have to retype it every time, electronic
malls remember what you last put in your virtual shopping cart etc'. This is
all because of cookies. Cookies are small files which a website can request your
browser to create and then retrieve information from them. Websites can put your
password or any other information in these files. If you don't want your
co-workers or other people to sniff around and see where you've been visiting,
what items you've been buying etc', you should delete them when you don't need
them. On Unix, your cookies would usually be stored somewhere in your home
directory (usually /home/your-login, /usr/your-login or /usr/local/your-login if
you're a regular user and /root if you're root, but anyone with write access to
/etc/passwd can change that).
On Windows and Mac, cookies are stored on
a sub-directory at your browser's directory called cookies.
Note 1: you
can tell your browser to ask you before accepting a cookie. Just play around
with it's preferences menu, you'll find it (there are so many browsers out there
so I can't give a detailed explanation for every single one). Note 2: if
you're browsing from a public computer, do not save any cookies, or other people
will be able to snoop around and look at your cookies or even enter various
websites with your passwords, your credit card number etc'.
A reader
called Stone Cold Lyin Skunk has pointed out to me that the cookies.txt file may
be found in the netscape\users\default directory. This happens when you register
your user (Netscape let's you have multiple users for the same program, each
user with his own settings etc') without giving it a username. He also
pointed out to me that some websites will require you to accept cookies in order
to enter them. Also, he recommended to beware of your browser's history file
(information on removing it can be found on the "Where Can I Learn More About
Anonymity?" chapter), as well as your cache and your preferences.js files,
because they may reveal your browsing habits (where have you been, etc').
.chk files? Stone Cold Lyin Skunk has pointed out that
if you're running Windows and you do a quick reboot (hold down shift while
telling Windows to reset) Windows generates a file called FILE0001.chk,
FILE0002.chk etc' (usually found on c:\). You will be amazed to see how much
information you could find in these files! Delete them ASAP!
The
Anonymizer? The Anonymizer is an Internet service that helps you
anonymize yourself better. The Anonymizer's homepage is www.anonymizer.com.
Here's a snapshot from anonymizer.com:
+++++
Company
Overview Anonymizer.com is a pioneer in Internet privacy
technologies, and the most popular and trusted name in delivering online privacy
services. Anonymizer.com, today, has many thousand subscribers to its paid
services and makes anonymous over 7.5 million pages a month. Lance Cottrell,
founder and President of Anonymizer.com, authored the world's most secure
anonymous remailer, Mixmaster and has been active for many years in promoting
free speech. Lance received his undergraduate degree in physics from The
University of California, Santa Cruz and a masters in Physics from The
University of California, San Diego. Justin Boyan, while a Computer Science
Ph.D. student at Carnegie Mellon University, designed and implemented Anonymizer
surfing. Anonymizer Surfing is now in its 4th generation under development by
the Anonymizer engineering team.
Our Mission Our
mission is to ensure that an individual's right to privacy is not compromised
once they are online. We began this company as a means to protect this right as
embodied in the United Nations' Universal Declaration of Human Rights: "No
one shall be subjected to arbitrary interference with his privacy, family, home
or correspondence, nor to attacks upon his honour and reputation. Everyone has
the right to the protection of the law against such interference or attacks."
While written 50 years ago, article 19 of this document is now more than
ever applicable with the advent of the recent growth of the
Internet: "Everyone has the right to freedom of opinion and expression; this
right includes freedom to hold opinions without interference and to seek,
receive and impart information and ideas through any media and regardless of
frontiers."
You can use The Anonymizer to surf the web with anonymity
for free by going to anonymizer.com and typing in the target URL where asked, or
buy an Anonymizer package, which will give you more benefits. If you want some
of the money you pay to go to Black Sun, subscribe through the following URL: http://www.anonymizer.com/3.0/affiliate/door.cgi?CMid=12437. If
you want, you too can join their affiltrates program. Simply go to http://www.anonymizer.com/3.0/affiliate/afdoor.cgi?CMid=12437
for more information. If you will subscribe through this URL, you will still
receive all the cash you deserve, but we at Black Sun will also receive some
benefits.
Where Can I Learn More About
Anonymity? Useful URLs: http://www.theargon.com/. http://www.pgpi.com/ (for learning about PGP
encryption and how to use it to encrypt your Emails) IP Spoofing Demystified
- a long article from Phrack magazine on IP spoofing (faking your IP). You can
download it from our books section. http://www.cyberarmy.com/lists - for
lists of Wingates, Proxies and free shell accounts you can surf from to
anonymize yourself. http://2waymedia.hypermart.net/hh/browsers/index.htm
- how to completely clear your browser's history
Other useful Tutorials
by Black Sun: IRC Warfare by The Cyber God (for learning more on Anonymizing
yourself on IRC), Proxy/WinGate/SOCKS tutorial by Jatt and Sendmail by me, R a v
e N.
Appendix A: Using Altavista as a proxy If you go
to altavista.com, and under their tools section choose translation (or go
directly to the following URL:
http://babelfish.altavista.com/cgi-bin/translate?), you can ask Altavista to
translate web pages for you. But you can also use this as a proxy, since when
you tell Altavista to translate a web page, Altavista's CGI translation script
retrieves the page for you.
Thanks to Yoink for this information.
Appendix B: Spoofing browser history Here is something
I got by Email from a reader called Stone Cold Lyin Skunk:
set up a V3
redirect (http://www.v3.com or something like that) then build a quick
webpage with a link to the site you want to view discretely then go to your
webpage via the V3 redirect
all I know is that the URL indicater at the
top of the browser will not show the URL you visit even your own .index
page it will only show the URL name
so if there is URL logging at
your job or school or whatever, they can always surf to your homepage via the
V3, which they will have. But, by then, you will have erased or. Or maybe it
has "hidden" links (links the same color as the background)...
in any
case, they will not have your URLs and they certainly won't have proof you
surfed there...
for instance, you may not want, say, your local library
sysop to know about Black Sun...so you set up say, a Homestead homepage
(these are great because they feature password protected pages) ...you
then set up a V3 redirect to that page. Bingo- you can now surf to
the page via V3, log in with your password, hit all those cool
hidden links to Black Sun, CYberArmy, peacefire.org what wahtever, and
the URL snoop software will only record the original
http://surf.to/fakeoutname ... and don't forget, make the V3 URl
as innocuous-sounding as possible...eg. http://surf.to.backetweaving ...
Appendix C: the +x mode In IRC, it is possible to put
yourself into mode x by typing '/mode yournick +x' (do not include the quotes
and replace yournick with your own nick. For example: /mode raven +x). This
tells the IRC server to hide your IP, so when others try to /whois you or /dns
you, they won't be able to get your IP (they will get a partial IP
instead). This will only work on some servers, but when you're on IRC, it is
recommended to use this option. Also, there is a way to bypass this. By
simply creating a DCC connection with someone else (either a DCC chat or a DCC
file transfer), you could then type 'netstat' (without the quotes) on either
Unix or Windows/DOS and see what connections your computer is currently
handling. One of them will be the DCC connection to that other guy. Why is
that? Because DCC stands for Direct Client Communication, which means that DCC
actions are not done through the server, but directly (think - why would the
owners of the IRC server want people to transfer files through their servers and
initiate private chats through their servers? It'll just chew up some
bandwidth). The netstat command shows all current connections (local or remote),
and one of them will be your DCC connection with that other guy. You will then
be able to see his/her IP or hostname.
Appendix D: The Proxomitron
/ Written by Penguin
(penguin20000@yahoo.com) The Proxomitron is an ace little program
written by Scott R. Lemmon program which allows you to change certain pieces of
information which web pages can find out about you just by going to their web
page. It also allows you to filter what happens when a page loads up eg. Like
when you go to a Geocities page and that annoying banner pops up? Well not
anymore as it allows you to kill it.
But i can't really do the program
justice so here's an extraction from the help file:-
+++++
Enter The Proxomitron, Re-Writing the web Your
way... It was out of my own personal frustration with such "browser
abuse" that the Proxomitron was born - at it's heart is a powerful text matching
engine specially designed to re-write web pages on the fly, as you view them in
your browser.
Getting rid of many common annoyances is as simple as
clicking on one of the filtering rules included with the program, but best of
all, the Proxomitron's rules aren't "hard-coded". You can look at them, modify
them, even write entirely new ones!
If you know some HTML, you'll find
the Proxomitron allows you to personally customize just about any web page you
view. You'll no longer be at some web-master's tender mercy. Even if you know no
HTML, you'll find the included rules give you far more control than you've ever
had before, and my hopes are that other Proxomitron user will contribute useful
rules they've written for the benefit of everyone.
Spies like
us... Besides filtering web pages, The Proxomitron also allows you to
control the normally hidden HTTP header messages that pass between your browser
and the outside world. Many people are unaware that this covert conversation is
even taking place, yet it can reveal all sorts of information. See exactly what
your web browser has to say, then have it tell the world only what you want!
Even those notorious "cookies" can be deleted or modified if you wish.
Don't get scaled by your Java... In the wrong hands
some JavaScript commands have been used to attack! Less ominous, but still
aggravating are commands that do things like add a page to your bookmarks
whether you want it there or not. More and more, disabling JavaScript entirely
just isn't a viable option - The Proxomitron allows you to selectively disable
specific JavaScript commands while leaving the rest working. It's even possible
to redefine a command's function entirely.
Here's a partial list
of what the Proxomitron can do "out of the box" (not that it was ever in a box
mind you)
Stop pop-up windows
Stop pop-up JavaScript message boxes
Remove web-branding and other scripts tacked on by "free" web providers.
Convert most ads and banner pictures into simple text links
Freeze all animated gifs
Make blinking text appear as bold instead
Remove slow web counters
Stop web pages from "auto-refreshing"
Prevent pages from changing fonts
Get rid of or replace web page background images
Protect against getting "trapped" inside someone else's frames!
Make background MIDI songs play only when you choose.
Remove status bar scroll-texts
Remove "dynamic" HTML from pages
Disguise your browser's identity and version from JavaScripts
Remove style sheets
Un-hide URLs when the mouse is over a link
Disable frames or tables altogether
Change or delete cookies
Change your browser's user-agent and other identifying fields
Hide where you've been previously from inquisitive web servers and, as
they say, much, much more.
+++++
Well as you can see it's well
worth it, it's free and it's only 854KB. Download it at http://proxomitron.cjb.net/
