Monday, July 11, 2011

The Truth About Cookies Exposed

When you are trying to bypass the security checks and login more times than you should at your favorite site, or create 100 MySpace accounts, then you know that cookies are there to track you. All cookies could potentially warn the administrators that you are coming, based on tracking your previous actions. This is so that they can block your requests and have minimal abuse on their server or site. Most people that are involved with bypassing these checks are aware that they have to delete ALL of their cookies or risked all of their requests being blocked. Many sites use this type of technology. However, the Internet is changing. You can't just get by with clearing your cookies anymore, big sites are hip to this game. Removing your standard HTTP cookies still leaves the possibility of being tracked by flash cookies, or LSO (Local Shared Object) cookies. These are relatively new, but still are an avenue for big sites to detect where the user is coming from, and what a user has done so far on the administrator's site.

I want to talk briefly about a new cookie I have come in contact with. Site administrators are calling it the Evercookie. Evercookie is a javascript API that allows site owners to create 'zombie' cookies that can be resurrected when a user deletes them. It does this by storing cookie data in locations that standard browsers have access to by default, and when it notices the user has deleted cookies, even Adobe LSO cookies, then it re sets the cookie from different locations on the local machine. This means that if you clear your cookies, remove Adobe LSO files, then you still have not deleted all of the cookies that are being used to track you. Why is this? Because of Evercookie. Evercookie was used by a javascript worm on MySpace and Facebook. This API is a complete hacker tool used to track the user's every move, regardless if the user wants that or not. I have mentioned in the past that I use BetterPrivacy to delete hidden adobe flash cookies, on top of deleting the standard cookies. Now I know why they call it Better Privacy. Even though Better Privacy add-on for Firefox works for most sites, some sites deploy the Evercookie Javascript api, and are able to track you regardless what cookies you think you are removing. It is BetterPrivacy, not the best privacy. In order to have the best privacy in Firefox I recommend people not only use BetterPrivacy add-on, but also use Nevercookie. Nevercookie is an add-on that has been developed that allows you to browse sites without Evercookie injecting cookies in weird locations so that the site can bring them back when you delete them. This is an awesome plugin and is the final line of defense to date, when it comes to being tracked. Have fun!

Here is a link to download the Firefox plugin Nevercookie:
Nevercookie download

Evercookie Wikipedia Page:
Evercookie in WikiPedia

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Monday, May 9, 2011

Delete Hidden Flash Cookies Aka Local Shared Objects


Have you ever wondered why your favorite site is still tracking how many e-mail accounts you have created, or how many times you have viewed a video on YouTube, even though you are deleting your HTTP cookies with the browser? It is because of Flash. They have what is called Local Shared Objects or LSOs that allow you to be tracked just like cookies, but aren't as easily removed. With conventional cookies you can always clear your cookie cache from within your favorite browser, however with the plugin for Mozilla called BetterPrivacy, you are able to get rid of those hidden LSO files so that big sites can't track what you are doing so easily. Even advertisers take advantage of LSOs via Adobe Flash embedded programs. This is your best defense. You can set it so that it removes every Flash LSO file when you close the browser, this way in conjunction with clearing your cookies, you can do many things that you could not before. Experiment with this add-on and have fun. Create as many of those e-mail accounts as you want. This is the answer. Have fun!

Download this plug-in for Mozilla Firefox here: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Monday, March 7, 2011

How To Use PHP Proxy/CGI Proxy/Web Proxy To Bypass Firewalls


Web proxies are a great way to bypass firewalls. They are scripts setup on people's web server, that allow you to redirect HTTP traffic so that you can bypass your school, or company's firewall. I have gained access to MySpace, Craigslist, and YouTube while they have been blocked at certain locations. You can respond to messages, check your messages, and even engage in status updates, or even blog posts. Their is one problem with this method though, I have found that if the websites contain flash applications, or java applications that the embedded programs written in these languages will not use the PHP Proxy to access their data. This means that although you can check your messages on YouTube, or Facebook, you still cannot play Facebook games, or YouTube videos unless their destination servers have been allowed by your firewall. In most cases they are blocked as well, so you cannot do things like this. However, this is still a great way to bypass the firewall if all the traffic is HTTP requests. I recommend that everyone use these proxies when behind a very strict network.

Here is a free Web Proxy list: here

I recommend you visit that site, and see if any of those domain names allow you to access them from behind your firewall. If the above site has been blocked, I recommend writing down some of the domain names from a connection that isn't blocked, like your cell phone, and then trying to get access from behind the firewall. Have fun!

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Use Forum Proxy Leecher to Find Working Proxies


Forum proxy leecher is powerful software that allows you to scan for proxies. It downloads the proxies from a list on any proxy site, or proxy forum. Forum proxy leecher will also download attachments on proxy forums where the users submit proxies as an attachment to their threads. It is a very intelligent piece of software. The beauty of it is, you don't even have to pay for it. If you download the trial software, the only limitation is that you can only download proxies from 2 pages/urls at once.

You can download the trial here: Forum Proxy Leecher

Another great reason to download Forum proxy leecher is that it comes with a free utility bundled with it called Bleach. Bleach is a great multi-threaded way to test web proxy lists that you may have from any source. It scans files in the "proxy:port" format, and uses a 3rd party check called the "azenv.php". You don't have to worry about installing this PHP file on any web server. All you have to do is search Google for it and find someone hosting it. Once you have found it you enter it into the "Proxyjudge" field in Bleach's settings. Here is an example of a script that is installed on someone's web server that you can use for Bleach.

http://www.cship.info/azenv.php

If that URL doesn't load for you, then that mean the proxy judge is down, and you have to find another one. If you need to find another one go to Google and search "inurl:azenv.php" without the quotes. This should pull up a number of different URLs that you can try. Try to find one that loads the quickest if you can.

One last thing I want to mention about Forum Proxy Leecher is your ability to add in more proxy site URLs so that you can have a better leech list than what it comes with. The sites that Forum Proxy Leecher displays are kind of outdated. I recommend adding your own sites that have proxies and see if they work better. In order to add your own sites, you need to close Forum Proxy Leecher and edit a text file located in the working directory. Click on the Start button in Windows in the lower left hand corner of the screen, then click Run, and type "C:\Program Files\My-Proxy\" without quotes and press Enter. If you didn't change your installation directory, this is the default directory that it should of installed to. Edit the file "customlist.txt", or "forumlist.txt" and you can add your own proxy sites to leech from. This is especially useful when using the Trial version because you are able to leech from better sites, and get a better quality of proxies. Have fun, and remember you shouldn't do anything illegal from public proxies, you can still be tracked.

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Monday, January 31, 2011

Using a 4g Phone with Wireless Hot Spot to Bypass IP Bans

If you have an HTC EVO 4g on the Sprint Network it is very easy to change your IP when using it as a hot spot. More and more smart phones nowadays are coming with the the ability to turn into a hot spot for your wireless devices so you don't have to go into Starbucks, or worry if your hotel is going to have wireless Internet. This is awesome. Sprint makes you pay more to enable this feature of your phone but it is very valuable if  you need to change your IP address on the go, to circumvent IP restrictions on certain websites. On the HTC you can turn on and off 4g wireless. This allows you to conserve battery if you don't need to be going blazing fast all of the time. There is a trick to changing your IP. Every time that you turn on and off your 4g, you are assigned a different IP address. If you do this before you turn on your wireless hot spot, you change your IP address just like that. I love this feature, and I have even used it when increasing views on my own videos via YouTube and other video sites. This is just one example of the luxury of being able to change  your IP on the fly. I wouldn't do anything illegal, but breaking the IP rules is fun. Happy Hacking!

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Tuesday, January 4, 2011

Using the TOR project instead of Finding Fresh Proxies

The Tor project is a great way to stay anonymous online. I love the fact that you don't have to look for fresh proxies just to stay anonymous. The Tor Project is an open source network software that allows you access to multiple nodes or tors as they are sometimes called, so that you may bounce requests off of them so that other sites or instant messaging clients do not know your true IP address. Although, I would not try doing something illegal with a Tor just because they are open nodes does not mean they don't know who you are. The Tor Project keeps a log of all traffic, and what people are actually doing with their nodes. However, this is a great solution for getting around IP restrictions or bans on your favorite forum or whatever. Stay anonymous and do it easy with Tor. Just download the free software, and its fairly easy to set up. There is even browser add-ons that the tor project has developed so that you can turn on tors for browsing, and turn them off just as easily. Its not the fastest system in the world, and is sometimes abused by spammers, so that they can get around restrictions. I think the Tor Project has been better about banning IPs of the users that our abusing their service. This is a great alternative to scanning for proxies all the time. Happy surfing anonymously!

If you wish to download the Tor Project software simply follow this link:

Tor Project Download Page

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !