[ABD] Proxy Revealer Olympus 0.3.3

Any abandoned MODs will be moved to this forum.

WARNING: MODs in this forum are not currently being supported or maintained by the original MOD author. Proceed at your own risk.
Forum rules
IMPORTANT: MOD Development Forum rules

WARNING: MODs in this forum are not currently being supported nor updated by the original MOD author. Proceed at your own risk.
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by Danielx64 »

any update?
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
Gyiyg
Registered User
Posts: 8
Joined: Mon Jul 13, 2009 10:55 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by Gyiyg »

*Daniel wrote:any update?
I spoke with Jasmine at the beginning of the month. I hope she doesn't mind me pasting what she had to say:
Current status:
Complete rewrite of perl scripts (xmlsockd scripts for flash), better handling of multiple connections in all three versions of the script (xmlsockd, xmlsockd-basic, xmlsockd-threaded). A lot of changes (and testing) already done and just awaiting a final review before committing it to svn.

Todo (before packaging & release of new version):
  • Rewrite flash/actionscript plugin to use Socket() rather than XMLSocket(), bundle as flex project, rather than flash project, this way it could be compiled with free/open-source tools and not exclusively dependent on Adobe Flash Professional to author the .swf
  • Backporting some changes/additions made to the Java plugin portion of the standalone version, particularly:
    - Detection of NIC interfaces, and associated MAC (hardware) Addresses
    - Optional detection of IPv4/IPv6 addresses of the detected NICs (if possible)
  • Adding Microsoft Silverlight 4 plugin, using either "Client HTTP Handling" or Sockets, though most likely the latter because ClientHTTP probably still inherits "system-wide" proxy settings (if set) regardless of browser used; ex. IE proxy settings (== network settings in control panel) in Windows. And so, the changes made to the flash plugin will allow both flash & silverlight to use the same perl daemon script (both can use plain sockets, no xml), though only flash will use the XMLSocketPolicy authorization part.
Why Silverlight 4? Why not all Silverlight versions? why not v3 as well?
See: Network security access restrictions in Silverlight
In Silverlight version 3 for a connection request using System.Net.Sockets to the site (cross-domain or site of origin), the Silverlight runtime tries to open a connection using TCP to a well-known port (port 943) on the target site.
That means another custom socket policy server script listening on port 943 is needed to authorize connections, which is undesirable. Port 943 is below 1024, and so the script will also need to be run as root (on *nix systems at least) to be able to listen on that port, which is not possible in many virtual hosting environments.
On the other hand:
In Silverlight version 4 for a connection request using System.Net.Sockets, an application can choose instead to retrieve the policy file via the HTTP protocol on TCP port 80 instead of the custom TCP protocol on port 943.
It is a safe assumption that most phpbb forums would be running on HTTP server listening on port 80 (the standard), and so publishing a socket policy file would be as easy as FTP uploading a file to the site.
Though, first, I need to verify that Microsoft really means what it said in the following statement:
The policy file for sockets must be stored in the "clientaccesspolicy.xml" file at the root of a web server that responds for the resolved IP address of the target connection request.
Because if that is as it sounds, that means Silverlight would be requesting http://ip.ad.dr.ess/clientaccesspolixy.xml rather than http://virtualhostdomain.tld/clientaccesspolicy.xml (similar to the relatively-new crossdomain.xml support for Java's HTTPRequest class) which could be troublesome in many virtual-hosting environments.
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by Danielx64 »

Well I can't wait till it go live and end up in the Mod DB
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
happy_user2
Registered User
Posts: 5
Joined: Sat Nov 27, 2010 9:20 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by happy_user2 »

This mod is actually that what I was looking for !
Im looking forward for some new release (which I hope will be soon :) )

Thanks to the author for working on it :geek:
superj707
Registered User
Posts: 1136
Joined: Thu Feb 26, 2009 12:20 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by superj707 »

I really want this mod as well. I hope there will be some updates soon. please don't give up on us mod author.
User avatar
jasmineaura
Registered User
Posts: 275
Joined: Mon Jun 30, 2008 2:18 pm
Location: Cairo, Egypt
Name: Jasmine

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by jasmineaura »

Thanks gyig for posting the update.
Apologies, I've been out of the loop for a while.
Will resume finalizing the upcoming release soon as I'm done with a fix for AutoMOD ticket #62336 and forking and making branch for a bunch of AM patches I made last July/August which have yet to be merged. Thanks to tumba25 for resurrecting AutoMOD maintenance and for turning my attention to the possibility of merging those AM patches in github. :)
Hopefully these patches will make everyone's life easier, especially when using FTP write method in AM..
User avatar
Neuropass
Registered User
Posts: 1162
Joined: Fri Apr 17, 2009 2:02 pm
Location: SciTE4AutoIt3

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by Neuropass »

cool i can't wait for the update..
happy_user2
Registered User
Posts: 5
Joined: Sat Nov 27, 2010 9:20 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by happy_user2 »

Will it be able to get real address of someone who is using TOR ?
User avatar
jasmineaura
Registered User
Posts: 275
Joined: Mon Jun 30, 2008 2:18 pm
Location: Cairo, Egypt
Name: Jasmine

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by jasmineaura »

happy_user2,

The MOD detects TOR usage.
Now depending on browser used, how the browser is configured to communicate through tor network (ex: how torbutton is configured), plugins available, it may or may not detect the real IP.
happy_user2
Registered User
Posts: 5
Joined: Sat Nov 27, 2010 9:20 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by happy_user2 »

Firefox with default setting of TORbutton ? (most common)
User avatar
jasmineaura
Registered User
Posts: 275
Joined: Mon Jun 30, 2008 2:18 pm
Location: Cairo, Egypt
Name: Jasmine

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by jasmineaura »

happy_user2,

Short answer: ff w/ default settings of torbutton (all plugins disabled), it is still possible to detect real IP, but not implemented.

examples:
1. javascript that triggers a connect-back (XHR) upon detecting tor toggling off, and so associating a previous (tor) session with a real IP. [1] With the default options of require-javascript + Tor-DNSEL masking block, this will very likely force the user to try other "masking" methods, and this means toggling off tor.
2. With an RSS forum MOD tied to proxy revealer, an RSS plugin in firefox can leak the tor-ified user's real IP even when torbutton is on (w/ default settings). [2]
3. (Malicious, illegal) Exploitation of browser vulnerabilities [3] via a - frequently updated - browser exploitation engine such as Browser Exploitation Framework - BeEF.

#1 and #2 are tedious tasks (and reliability/cross-browser support is questionable) and so not on my todo list.
#3 of course is not something that would ever be implemented in this MOD.

There are possibly other techniques, but if they were disclosed and/or publicly implemented in this MOD, it would be mitigated soon after (be it in browser or torbutton) and so it defeats the purpose :)

For this reason, "TOR-DNSEL" under "IP Masking Block" is on by default, and there's the option to defer this scan method (under "Defer Scan Methods") in case you wanted to exclude some usernames (under "Exceptions") so they can login over TOR. With this setup however, new registrations through TOR will still be blocked, and of course, non-excepted users will be unable to login over TOR.
User avatar
jasmineaura
Registered User
Posts: 275
Joined: Mon Jun 30, 2008 2:18 pm
Location: Cairo, Egypt
Name: Jasmine

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by jasmineaura »

re: the Current status update as kindly quoted by gyig
A little bit more done and committed to SVN. :)
One bummer is that, after rewriting the flash/actionscript (.as) as flex project (.mxml) to be able to compile with free/opensource Flex SDK, the resultant SWF is a whooping 39KB, vs. 1.2KB when published from the bundled flash project. So scratch the flex idea.
Flying Badger
Registered User
Posts: 3
Joined: Sun Jan 30, 2011 4:31 am
Location: Nottingham (England)
Contact:

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by Flying Badger »

First of all, I'm a total newbie - I apologise if I have posted in the wrong place, or for posting dumb questions! Our webmaster / main forum admin has left, so I am trying to help out by looking for mods and tools.

Would this MOD be useful for tracking / revealing banned users who attempt to re-register? I saw that detection of MAC addresses has been mentioned, and my limited knowledge of networking suggests that, if this is possible, it is perhaps the ultimate method of doing this.

Many Thanks

Badger
User avatar
4_seven
I've Been Banned!
Posts: 5155
Joined: Wed Apr 30, 2008 1:41 am

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by 4_seven »

if this is possible
detecting a mac-address via php or normal header is normally impossible.
also, even if this was some day possible, you can spoof a mac-address.
Current Mods | Mod Base | php(BB) programming | No help via PM
User avatar
jasmineaura
Registered User
Posts: 275
Joined: Mon Jun 30, 2008 2:18 pm
Location: Cairo, Egypt
Name: Jasmine

Re: [DEV] Proxy Revealer Olympus 0.3.3

Post by jasmineaura »

for java 1.6+ (including MacOSX), yes, and it is implemented in a standalone version, which is to be incorporated in the java part of this MOD soon as I get a chance
Locked

Return to “[3.0.x] Abandoned MODs”