Page 14 of 16

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sat Nov 20, 2010 1:59 am
by Danielx64
any update?

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sat Nov 20, 2010 2:14 am
by Gyiyg
*Daniel wrote:any update?
I spoke with Jasmine at the beginning of the month. I hope she doesn't mind me pasting what she had to say:
Current status:
Complete rewrite of perl scripts (xmlsockd scripts for flash), better handling of multiple connections in all three versions of the script (xmlsockd, xmlsockd-basic, xmlsockd-threaded). A lot of changes (and testing) already done and just awaiting a final review before committing it to svn.

Todo (before packaging & release of new version):
  • Rewrite flash/actionscript plugin to use Socket() rather than XMLSocket(), bundle as flex project, rather than flash project, this way it could be compiled with free/open-source tools and not exclusively dependent on Adobe Flash Professional to author the .swf
  • Backporting some changes/additions made to the Java plugin portion of the standalone version, particularly:
    - Detection of NIC interfaces, and associated MAC (hardware) Addresses
    - Optional detection of IPv4/IPv6 addresses of the detected NICs (if possible)
  • Adding Microsoft Silverlight 4 plugin, using either "Client HTTP Handling" or Sockets, though most likely the latter because ClientHTTP probably still inherits "system-wide" proxy settings (if set) regardless of browser used; ex. IE proxy settings (== network settings in control panel) in Windows. And so, the changes made to the flash plugin will allow both flash & silverlight to use the same perl daemon script (both can use plain sockets, no xml), though only flash will use the XMLSocketPolicy authorization part.
Why Silverlight 4? Why not all Silverlight versions? why not v3 as well?
See: Network security access restrictions in Silverlight
In Silverlight version 3 for a connection request using System.Net.Sockets to the site (cross-domain or site of origin), the Silverlight runtime tries to open a connection using TCP to a well-known port (port 943) on the target site.
That means another custom socket policy server script listening on port 943 is needed to authorize connections, which is undesirable. Port 943 is below 1024, and so the script will also need to be run as root (on *nix systems at least) to be able to listen on that port, which is not possible in many virtual hosting environments.
On the other hand:
In Silverlight version 4 for a connection request using System.Net.Sockets, an application can choose instead to retrieve the policy file via the HTTP protocol on TCP port 80 instead of the custom TCP protocol on port 943.
It is a safe assumption that most phpbb forums would be running on HTTP server listening on port 80 (the standard), and so publishing a socket policy file would be as easy as FTP uploading a file to the site.
Though, first, I need to verify that Microsoft really means what it said in the following statement:
The policy file for sockets must be stored in the "clientaccesspolicy.xml" file at the root of a web server that responds for the resolved IP address of the target connection request.
Because if that is as it sounds, that means Silverlight would be requesting http://ip.ad.dr.ess/clientaccesspolixy.xml rather than http://virtualhostdomain.tld/clientaccesspolicy.xml (similar to the relatively-new crossdomain.xml support for Java's HTTPRequest class) which could be troublesome in many virtual-hosting environments.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sat Nov 20, 2010 2:25 am
by Danielx64
Well I can't wait till it go live and end up in the Mod DB

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sat Dec 04, 2010 3:30 pm
by happy_user2
This mod is actually that what I was looking for !
Im looking forward for some new release (which I hope will be soon :) )

Thanks to the author for working on it :geek:

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Mon Dec 06, 2010 5:36 pm
by superj707
I really want this mod as well. I hope there will be some updates soon. please don't give up on us mod author.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Tue Dec 07, 2010 9:49 am
by jasmineaura
Thanks gyig for posting the update.
Apologies, I've been out of the loop for a while.
Will resume finalizing the upcoming release soon as I'm done with a fix for AutoMOD ticket #62336 and forking and making branch for a bunch of AM patches I made last July/August which have yet to be merged. Thanks to tumba25 for resurrecting AutoMOD maintenance and for turning my attention to the possibility of merging those AM patches in github. :)
Hopefully these patches will make everyone's life easier, especially when using FTP write method in AM..

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Wed Dec 08, 2010 4:03 pm
by Neuropass
cool i can't wait for the update..

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sun Dec 12, 2010 3:05 pm
by happy_user2
Will it be able to get real address of someone who is using TOR ?

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sun Dec 12, 2010 3:45 pm
by jasmineaura
happy_user2,

The MOD detects TOR usage.
Now depending on browser used, how the browser is configured to communicate through tor network (ex: how torbutton is configured), plugins available, it may or may not detect the real IP.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Mon Dec 13, 2010 10:11 am
by happy_user2
Firefox with default setting of TORbutton ? (most common)

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Mon Dec 13, 2010 1:56 pm
by jasmineaura
happy_user2,

Short answer: ff w/ default settings of torbutton (all plugins disabled), it is still possible to detect real IP, but not implemented.

examples:
1. javascript that triggers a connect-back (XHR) upon detecting tor toggling off, and so associating a previous (tor) session with a real IP. [1] With the default options of require-javascript + Tor-DNSEL masking block, this will very likely force the user to try other "masking" methods, and this means toggling off tor.
2. With an RSS forum MOD tied to proxy revealer, an RSS plugin in firefox can leak the tor-ified user's real IP even when torbutton is on (w/ default settings). [2]
3. (Malicious, illegal) Exploitation of browser vulnerabilities [3] via a - frequently updated - browser exploitation engine such as Browser Exploitation Framework - BeEF.

#1 and #2 are tedious tasks (and reliability/cross-browser support is questionable) and so not on my todo list.
#3 of course is not something that would ever be implemented in this MOD.

There are possibly other techniques, but if they were disclosed and/or publicly implemented in this MOD, it would be mitigated soon after (be it in browser or torbutton) and so it defeats the purpose :)

For this reason, "TOR-DNSEL" under "IP Masking Block" is on by default, and there's the option to defer this scan method (under "Defer Scan Methods") in case you wanted to exclude some usernames (under "Exceptions") so they can login over TOR. With this setup however, new registrations through TOR will still be blocked, and of course, non-excepted users will be unable to login over TOR.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Tue Dec 28, 2010 4:48 am
by jasmineaura
re: the Current status update as kindly quoted by gyig
A little bit more done and committed to SVN. :)
One bummer is that, after rewriting the flash/actionscript (.as) as flex project (.mxml) to be able to compile with free/opensource Flex SDK, the resultant SWF is a whooping 39KB, vs. 1.2KB when published from the bundled flash project. So scratch the flex idea.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sun Jan 30, 2011 4:57 am
by Flying Badger
First of all, I'm a total newbie - I apologise if I have posted in the wrong place, or for posting dumb questions! Our webmaster / main forum admin has left, so I am trying to help out by looking for mods and tools.

Would this MOD be useful for tracking / revealing banned users who attempt to re-register? I saw that detection of MAC addresses has been mentioned, and my limited knowledge of networking suggests that, if this is possible, it is perhaps the ultimate method of doing this.

Many Thanks

Badger

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sun Jan 30, 2011 3:02 pm
by 4_seven
if this is possible
detecting a mac-address via php or normal header is normally impossible.
also, even if this was some day possible, you can spoof a mac-address.

Re: [DEV] Proxy Revealer Olympus 0.3.3

Posted: Sun Feb 06, 2011 2:37 pm
by jasmineaura
for java 1.6+ (including MacOSX), yes, and it is implemented in a standalone version, which is to be incorporated in the java part of this MOD soon as I get a chance