Manual: Setting up real configs from scratch. Working with logs: Tips and tricks when working with logs and using antidetect
Obtaining basic information about the system from the log
In the log, the most basic information about the system is contained in the file System.txt, or Information.log. Screenshot: https://prnt.sc/lx4rp1. In the screenshot I have highlighted the parameters that we need to configure the system.
1. Windows – This parameter contains information about the version of Windows and the bitness of the system (32-bit or 64-bit, 64-bit is much more common). Most often you will see logs from Windows 7, Windows 10, less often from Windows 8, 8.1, XP.
We will need this parameter to configure “navigator.UserAgent”, and some derivatives.
2. Display Resolution – This parameter contains information about
the user’s screen resolution. Necessary for setting all parameters related to screen resolution and browser window size and related parameters.
3. Display Language, Keyboard Languages - These parameters contain information about the system language/languages. Needed to configure “navigator. Language",
"navigator. Languages" and HTTP_ACCEPT_LANGUAGE.
4. CPU Count - This parameter contains information about the number of processor threads. Needed to configure the “navigator.hardwareConcurrency” parameter
5. RAM - This parameter contains information about the amount of RAM.
Required to configure “navigator.deviceMemory”
6 Videocard - This parameter contains information about the system video card.
Required to configure WebGL. Please note that the system can contain two video cards: one discrete and the other integrated. This is usually used on laptops. And which of them is launched for the browser is 100% unknown.
Firstly, the user can manually set which video card will be used, and secondly, for example, it can be like this: if the laptop is charging, a discrete video card is used, but if it is on battery, then an integrated one.
Therefore, in laptops you should not rely 100% on this parameter.
7. [Network] We take almost all parameters except Geo (Latitude and Longitude); This information will be useful for you to more competently select a Socks/SSH tunnel. There is no ZIP in my log, but it is not difficult to break through it. To do this, you just need to look up the IP address in the MaxMind database, or find the user’s home address in the browser’s autofill, or at the post office or in the store. It is advisable to select an IP not only as close as possible to the ZIP address, but also, if possible, with the same IP mask and the same Internet provider.
Our next step is to determine the browser type and browsers to create the configuration. It happens that PC owners use several browsers, and not just one.
Therefore, if necessary, it is better to create two sessions in the sphere, i.e. two configurations, rather than loading cookies into one. To do this, we look at the sites we need with logins and passwords in the file “passwords.txt” parameter “Soft” Screenshot: https://prnt.sc/lx5ofi , as well as files in the “Cookies” folder for the presence of the necessary sites (files in this folder are divided into browsers; it is possible that Cookies files can be stored in a shared folder. It all depends on which stealer the log is from). Example: http://prntscr.com/lx5oag
In my case, there is only one Google Chrome browser in the log, so I mark only 1 browser. Let's move on to more interesting information that does not lie on the surface.
We determine whether FLASH is in the system and its version, determine the browser version (if possible).
To do this, go to the System.txt or Information.log file and in the installed programs [Software] section look for “Adobe Flash Player”. If found, we mark that Flash is available and record its version. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for the Firefox browser. Adobe Flash Player ** PPAPI – for Opera/Chrome browser. Screenshot: http://prntscr.com/lx5ztv
Next in the same screenshot we see the version of Google Chrome, if not, then we try to find it in the file by searching “Google Chrome”. We also mark the version for ourselves. We will need the browser type and its version to configure the “navigator.UserAgent” parameter, and in exceptional cases, to disable Canvas substitution. We search for the Mozilla Firefox browser using the query “Firefox”, we should find something like “Mozilla Firefox 64 (x64 en-US) [64.0]”. The name of the Firefox browser contains the bit size of the program (32 or 64 bit), which is also useful in the “navigator.UserAgent” setting. We search for the Opera browser using the query “Opera”, we should find something like this “Opera Stable 57.0.3098.106 [57.0.3098.106]”.
For various reasons, the browser version cannot always be determined, one of which is that the browser may be Portable, i.e. not installed on the system. The IE browser will not be visible, because... it is already native in Windows, with Edge in Win 10 the same hat.
We will need the presence of Flash and its version in order to add it to the plugins and, if necessary, enable its physical version in the antidetect.
We determine whether the user has a desktop computer (Desktop) or a Laptop (Laptop).
This can be determined using various options.
1. From the screenshot in the log. In the screenshot, we are looking for something that is typical for a laptop on the taskbar in the lower right corner, or on the desktop for something that is typical for a laptop (application icons for a laptop, etc.).
On the taskbar you can find the Battery icon, Wi-Fi connection icon. I will now show this with examples.
Examples: http://prntscr.com/lx86z7 https://prnt.sc/lx871y
2. According to information about the processor in the system . To do this, go to the System.txt or Information.log file and look at the “Processors” parameter Screenshot: https://prnt.sc/lx88az
Copy the value and google information about the processor. Here is an example of information on this processor from the Intel website, which shows us that the user has a desktop
computer. Screenshot: https://prnt.sc/lx89jp
Example of information about a laptop processor. Screenshot: http://prntscr.com/lx8g8y
Well, another option is to look in the processes or installed programs in the System.txt file, or Information.log for processes/programs that relate to the laptop.
For example, these are processes in which the keyword “Bluetooth” appears, programs specific to a particular laptop manufacturer (ASUS, DELL, MSI, ACER, etc.)
Examples of processes: “Intel (R) Wireless Bluetooth (R)”, “Dell Touchpad "
It is necessary to know several options, because sometimes there may not be a screenshot, or the screenshot is taken of a certain area without the taskbar, or the taskbar
is hidden.
Taskbar: determine the position of the taskbar on the screen, the size of the icons and whether the taskbar is hidden (if possible)
The first question that comes to mind is: “Why the hell is this necessary?” I will answer: this is necessary in order to set the screen dimensions; browser window sizes and browser workspace sizes in full-screen browser mode (parameters “window.innerWidth”, “window.innerHeight”, “window.outerHeight”, “window.outerWidth”).
Of course, not every log will have such an opportunity to look and understand everything 100%.
Sometimes there may be no screenshot, sometimes the screenshot is not of the entire screen area.
Now I will show you how to correctly evaluate these parameters. Screenshot: https://prnt.sc/lxy3x0
These examples were made on OS Windows 7. If you wish, you can then look and play with these settings on any OS Windows.
1) Position of the taskbar . It happens: horizontal and vertical. For most users, the default position is horizontal.
2) Size of taskbar icons. There are two sizes of icons: large and small. The default icon size is large. Large icons are installed for most users. There is a peculiarity on Windows 7: if the icons are small, then the Start button icon protrudes beyond the taskbar area. Sometimes it is not always possible to understand the size of the icons even from a screenshot; I also advise you to pay attention to the Display Resolution in the log; A screenshot of screen size “1024 x 768” is one thing, “2560 x 1440” is another thing
3) Hidden taskbar . By default, the taskbar is not hidden for most users. A hidden taskbar doesn't mean it doesn't exist at all. It is just not displayed on the screen, but appears when you hover the mouse cursor. If you have a full screenshot of the screen in your log and there is no taskbar there, then it is hidden.
4) If in the screenshot the PC owner has the type of browser you need open, mark this as well, it will be useful in setting it up. Screenshots with the browser open are quite common.
User’s network: determine the approximate router and its model (if possible)
Sometimes, from the log, you can determine the brand of the user’s router or its approximate model.
This may be necessary for more precise configuration of WebRTC, or more precisely, Local IP Address.
To do this, you need to look in the log in the file with logins/passwords or in the file where the browser history is stored, popular IP address masks of routers. Here is a link to the table of brands of the most popular routers and default local IP addresses: https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
The most popular masks for searching in the log: “192.168.”, "10.0.", "10.1.", "10.90.". I have highlighted the most popular brands in the table in light blue.
If the login and password are also indicated there, you can try here to look at the standard login/password combinations by brand: https://192-168-1-1ip.mobi/default-router-passwords-list/
Here’s an example : https:/ /prnt.sc/ly3sww we can assume that the PC user has a D-Link router. But this is not 100%, since several other routers have the same connection.
Sometimes the browser history file can show us much more accurate information. Here is an example: https://prnt.sc/ly41tw
In the browser history we see the Local IP Address and plus the page title, which gives us a huge advantage in identifying the router. If you google “B593s-931”, you can determine
that this is the name of the router “HUAWEI B593s-931”. Another example: https://prnt.sc/ly49nx
If you google “userRpm/DdnsAddRpm.htm”, you can see that the router is TP-Link TL-WR741N / ND, or TL-WR841N or some others.
In addition to the Local IP Address WebRTC, the information will be useful if someone changes the MAC address, since the “beginning” of the MAC address is different for each manufacturer.
Browser plugins: identify popular plugins that are installed in the browser.
Plugins in any program are add-ons that allow you to expand its capabilities. Most popular browsers have the ability to install plugins
that allow you to expand its capabilities. For example, this could be a Flash plugin from Adobe, the ability to read PDF pages in a browser; in Chrome this plugin is already included by
default; the ability to run any Audio/Video codecs.
With each new update, the number of new functions and variations of supported content increases, so plugins gradually lose their relevance. As a result, in the Chrome, Firefox, Opera, Edge browsers there were only built-in plugins and one added one: Adobe Flash Player. Therefore, when searching for plugins, it is more relevant for the Internet Explorer browser, or for older versions of Firefox (UP TO version 52), Chrome, Opera.
The most popular plugins: Flash, Java, Microsoft Office, Adobe PDF Reader, Windows Media Player, Real Video/Audio.
At the beginning of the article, we already determined whether Flash is present in the system. So Flash Player is also a browser plugin. Therefore, if Flash is available, then in some types of browser it will be in plugins. Let's mark it if it exists.
We will also look for other plugins in the System.txt file, or Information.log in the installed programs [Software] section.
We find the QuickTime plugin by searching for “QuickTime”, the approximate name of the plugin is: “QuickTime 7 [7.79.80.95]”
The Silverlight plugin is found by searching for “Microsoft Silverlight”, the approximate name of the plugin is: “Microsoft Silverlight [5.1.50907.0]”
We find the Java plugin by searching “Java”, approximate name of the plugin: “Java 8 Update 191 [8.0.1910.12]”
Find the RealPlayer plugin by searching for “RealPlayer”, approximate name of the plugin: “RealPlayer [18.1.15.]”
Adobe Acrobat plugin (for reading PDF files) we find at the request “Adobe Acrobat Reader DC”, in the end it will be something like “Adobe Acrobat Reader DC [010/19/20064.]”
There are many other different plugins, this was just an example of popular plugins.
The list can be continued for a very long time.
This completes the collection of information from the log. As a result, we have collected the following information:
Windows: Windows 10 Home [x64]
Display Resolution: 1920x1080
Display Language: en-US
Keyboard Languages: English (United States)
CPU Count: 4
RAM: 8139 MB
VideoCard: NVIDIA GeForce GTX 970
[ Network]
IP: 38.104.174.234
Country: United States (US)
City: Pleasant View (California)
ZIP: 93260
ISP: Cogent Communications (Txox Communications)
--
Browser: Google Chrome ver. 68.0.3440.106
Flash: available, ver. 30.0.0.154
--
PC: Laptop
--
[Taskbar]
Position: Horizontal
Icon size: Large
Hidden taskbar: No
Is there a browser in the screenshot: YES
--
Router: ~TP-Link TL-WR741N or TL- WR841N
---
[Browser plugins]
Adobe Flash Player
RealPlayer
Adobe Acrobat
Of course, this example has too much information. In practice, it may be less.
A manual for setting up real configs from scratch
using antidetect.
Let's move on to the most interesting section of this article.
The basis of all basics - UserAgent
UserAgent is the basis for creating a config. Just as the construction of a house begins with the foundation, so the creation of a config begins with the UserAgent (abbreviated as UA). Let's start with the theory. Let's figure out what UA is.
UserAgent is a property (parameter) that contains properties that are used to determine what browser, what operating system, what version, and what specific software the user has.
In the configs of any Anti-Detect, this parameter is located in navigator.UserAgent and in HTTP_USER_AGENT.
Note: navigator.UserAgent and HTTP_USER_AGENT are always the same, but there is an exception: Internet Explorer browsers. Very often, in these browsers, navigator.UserAgent contains information about the user’s software.
Example:
HTTP_USER_AGENT: "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
navigator UserAgent: "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR
2.0 .50727; .NET CLR 3.5.30729; Media Center PC 6.0; rv:11.0) like Gecko"
Let's look at how to create UA for the most popular browsers in Windows. Let's start with the simplest one - Mozilla Firefox. UserAgent structure:
Mozilla/5.0 (< Windows version >; < bit tags >; rv: < Firefox version >) Gecko/20100101
Firefox/< Firefox version >
Above, I highlighted the parameters that you need to know to create a real UA.
<Windows version> - Operating system versions. Options:
Windows NT 6 – Windows Vista, Windows Server 2008
Windows NT 6.1 – Windows 7, Windows Server 2008 R2.
Windows NT 6.2 – Windows 8, Windows Server 2012
Windows NT 6.3 – Windows 8.1, Windows Server 2012 R2.
Windows NT 10 – Windows 10, Windows Server 2016&2019.
This parameter is available in all UA on Windows. Note: on Edge browsers it is static, i.e. does not change, because The browser is designed just for Windows 10
<bit tags> - “bit” of the system. I think everyone knows and everyone has encountered that there are two 32-bit Windows systems and a 64-bit one. It is the browser that transmits possible variations:
Win64; x64 – this value is transmitted if the system is 64-bit.
Empty value (nothing is transferred) if the system is 32-bit. Example UA: Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
WOW64 – this value is sent when a 32-bit browser application is running on a 64-bit system.
<Firefox version> – this value shows the version of your Firefox browser. Note: the value with only one digit after the dot is transmitted, even if the browser version is “63.0.3”, then
only “63.0” will be transmitted to UA. Here is a link to a list of all current versions of Firefox:
https://www.mozilla.org/en-US/firefox/releases/
By combining these values, we get different UserAgent's. Don't forget that the values of "rv:" and "Firefox/" must match.
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 – UserAgent Windows 10 [64bit] with Firefox 64 browser
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 0 – UserAgent Windows 7 [32 bit] with Firefox browser version either 52.0.1 or 52.0.2
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 – UserAgent Windows 7 [ 64 bit] with the Firefox browser, which is designed for 32-bit systems version 43.0.1, or 43.0.2, or 43.0.3, or 43.0.4
Let’s move on to the Google Chrome browser.
UserAgent structure Google Chrome:
Mozilla/5.0 (< Windows version >; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/< Chrome version > Safari/537.36
Despite the fact that UA Chrome seems more complicated, in reality it's even a little simpler, because... The chrome versions don't need to be duplicated twice.
<Windows version> and <bit tags> are exactly the same as in Firefox.
<Chrome version> – this value shows the version of your Chrome browser. Here is a link to a list of current versions of Chrome: https://filehippo.com/download_google_chrome/history/
Example: Chrome/71.0.3578.98
71.0.3578 is the browser version.
98 – Build. It shows how many fixes of various bugs and improvements were in this version.
Examples:
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/71.0.3578.98 Safari/537.36 – UserAgent Windows 8.1 [64 bit] with Google Chrome browser version 71.0.3578 with build 98
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/70.0.3538.110 Safari/537.36 – UserAgent Windows 10 [64 bit] with Google Chrome browser version 70.0.3538 with build 110
Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110
Safari /537.36 36 – UserAgent Windows 10 [32 bit] with Google Chrome browser version 70.0.3538 with build 110
Let’s move on to Opera.
Mozilla/5.0 (< Windows version >; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/< Chrome version > Safari/537.36 OPR/<Opera version>
The Opera browser is implemented on the WebKit engine and V8 in the Chromium shell, that’s why UA also has “Chrome/<Chrome version>”, we can say UserAgent is not much different.
<Windows version> and <bit tags> and <Chrome version> are absolutely all the same, as I described above. The only issue is with the chrome versions, but more on that below.
<Opera version> – this value shows the version of your Opera browser. Here is a link to the list of current versions of Opera: https://blogs.opera.com/desktop/
We are most interested in “Stable update”, “beta update, developer update, initial release” - to a lesser extent.
Example: OPR/56.0.3051.116
56 – browser version
3051 – Build browser
116 – Patch browser.
Let me clarify what is special about Chrome. A certain version of Opera has a certain version of Chrome.
You can’t write a Chrome version out of the blue, or vice versa. These two values must be consistent.
Here is a table with 11 versions of the Opera browser as examples.
https://docs.google.com/spreadsheets/d/1OglvdCpkWxr0GztpQ3Nzi3Ij0Ep4oEZxdfZn-
PVwdqU/edit?usp=sharing
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko
Chrome/) 68.0. 3440.106 Safari/537.36 OPR/55.0.2994.44 - UserAgent Windows 10 [64 bit] with Opera browser version 55
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/68.0.3440.106 Safari/537.36 OPR /55.0.2994.44 - UserAgent Windows 8 [64 bit] with Opera 32-Bit browser version 55
Let's move on to the Edge browser.
UserAgent Edge structure:
Mozilla/5.0 (Windows NT 10.0; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/< Chrome version > Safari/537.36 Edge/< Edge version >
<bit tags> and <Chrome version> absolutely the same, as I wrote above.
<Edge version> - this value shows the version of your Edge browser. Just like Opera, a specific version of Edge has a specific version of Chrome.
Here is a link to the latest versions of Edge: https://en.wikipedia.org/wiki/Microsoft_Edge
Note: We need the values "EdgeHTML version" and not "Version".
Example: Edge/17.17134
17 –EdgeHTML Version
17134 – Window Build.
Table with examples of Edge Chrome versions
https://docs.google.com/spreadsheets/d/1QkUj5f0oPIUGU6aGyZSS9DNUpGCaywv9W50y-
tvSVPM/edit?usp=sharing
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 - UserAgent Windows 10 [64 bit] with
Edge browser version 17
Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140
Safari/ 537.36 Edge/17.17134 - UserAgent Windows 10 [32 bit] with Edge browser version 17
Let's finish the topic of UA, there is a lot more that can be said about existing UA, since I only looked at the most basic browsers and the most popular and simple options. If this article is useful at all, I will reveal in more detail about more complex variations of UserAgent from different types of browser; about mobile UserAgent and new types of browsers.
Other options where you can get UA:
1) Real devices.
2) https://developers.whatismybrowser.com/useragents/explore/
Many different UA by browser type, by OS, mobile UA, etc. There are a lot of sampling options. The disadvantages are that there is a lot of “slag”; there are not so many newer versions; There is a UA popularity parameter, but I would not recommend focusing on it.
3) Config shops. Actually, in config shops you can easily see this parameter without purchasing a config. The option is very convenient, because you can make a selection according to the necessary parameters and the most current UA in the config shops. In some you can simply register calmly.
I won’t post links here; if you really need them, write to me via PM or contacts.
Let's go through simple config settings in Linken Sphere (Extended session settings).
Navigator.vendor – this parameter shows the name of the browser vendor. In our browser types, the Value is empty, or “Google Inc.”. The parameter is static, i.e. does not change. Values in our browser types:
Firefox - blank
Edge - blank
Chrome - Google Inc.
Opera-Google Inc. [/QUOTE]
Navigator.ProductSub – this parameter shows the Build number of the browser. The parameter is static, i.e. does not change. Values in our browser types:
Firefox - 20100101
Edge - 20030107
Chrome - 20030107
Opera - 20030107
Navigator.hardwareConcurrency– this parameter shows the number of processor threads, and not the number of physical processor cores, as many believe. The parameter does not depend on the type of browsers we are considering. Popular values for this parameter: “2”, “4”, “8”, “12”.
For a better understanding, I’ll consider a new processor on laptops: Intel Core i7-8750H. This is a 6-core processor, but it has 12 threads, therefore the parameter will be set to “12” and not “6”. Sometimes the number of threads corresponds to the number of cores. By the name of the processor, you can always look up these values on the Internet. As for the information in the logs - there is information about the number of threads, so you can safely set this parameter, but double-check just in case (parameters: # of Cores and # of Threads)
Navigator.MaxTouchPoints - this parameter shows the maximum number of simultaneous touch presses, which the device supports, i.e. If the device
has several touch screens with different maximum values, then the maximum value is shown. The parameter does not depend on the type of browsers we are considering.
In general, they usually say that this parameter is more relevant for mobile configs and this is true, but not entirely.
Actually, an ordinary desktop computer or laptop with a connected mouse and keyboard will show the value “0”. Most often this is the value of the parameter.
But there are touch monitors in laptops and touch monitors for desktop PCs.
Therefore, in this case, the parameter value is usually “1” or “2”. Therefore, when setting up our config types, it is permissible to set these values.
Based on the information from the log, it is impossible to determine in 95% which laptop or which display, so it is better to set the default value to “0”.
Navigator.Platform - this parameter shows the platform on which the browser runs. Within our browser and OS types there can be two values: "Win32" and "Win64". But even if Windows is 64-bit and the browser software is 64 bit, the “Win32” value is still used. Therefore, we set only this value.
Navigator.doNotTrack – this technology allows you to enable or disable the ban on tracking by sites and various systems. The most popular values used are:
“Null” - the user did not set this parameter, therefore it is not enabled. This is the most commonly used option. “1”, “true” - the user has enabled this function, “0”, “false” - the user has disabled this function. In configs you can use all three values, preferably “null” or “0”.
As for substitution without antidetects, Google has instructions with pictures for each type of browser on how to enable/disable this technology.
Navigator.gamepads– this technology shows connected gamepads and their properties (joysticks like on Xbox and Playstation). By values in the sphere: “True” - the function is enabled, “False” - the function is disabled.
Feature: even if there are no gamepads connected to the system, this feature is enabled. So we basically use the value “True” for our browser types, regardless of the OS version.
Even on most mobile browsers the feature is also enabled.
Navigator.battery – this technology shows information about the battery status (whether charging is in progress, charge level in %, amount of time to fully charge/discharge, etc.). According to the values in Linken Sphere: “True” - this function is used without substitutions, “False”, “Fake” - identical to True, only the parameters of the battery itself are replaced.
By use: in Edge, Firefox (after version 52) we set only “False”, in Chrome and Opera we set either “true” or “fake”.
This function, as you might think, applies not only to laptops. On desktop computers, the Battery feature is enabled. The difference is that the parameters will be static, as if it were a laptop charging at 100%.
Information on setting this parameter from the log: if you determine that the PC user is from a laptop, you can enable “fake”, but if on your system where Linken Sphere is installed, the Battery parameters are static and the log user has a desktop computer, then it makes sense to enable “True” "
On real systems, if you have a laptop, it is very easy to change this parameter; you just need to discharge/charge the battery. Then the values of this function will change.
Navigator.webdriver. Webdriver in a browser is a software library (driver) that allows other programs to interact with the browser; control the browser. This technology appeared in the browser not so long ago, so it is experimental, and there is not much information on it. Webdriver technology is supported by all major types of latest browsers. The main values of the Webdriver property are "true", "false" and "undefined". For use in Linken Sphere: if we make configs for older versions of the browser (below 63 Chrome and 50 Opera, then we use the “undefined” value). In other cases, it is allowed to use the value “true” and “false”. But taking into account the specifics of this technology and how it is implemented in browsers, I advise you to use “false” in 95% of cases.
Navigator.Online - this parameter shows the browser status. Parameter options: “True”, “False”, “1”, “0”. Here it’s a no brainer that the value should be “True” or “1”. The area has specifically established the ability to set only these parameters.
Navigator.deviceMemory - this parameter shows the amount of RAM in GB.
Values: 0.25 – 256 MB of RAM, 0.5 – 512 MB, 1 – 1024 MB, etc. to value 8 If there is more than 8 GB of RAM (12 GB, 16 GB, 32 GB, 64 GB), then the value will still be “8”.
If you are setting up the Firefox browser config, then set the value to “False”, because... there is no this parameter. If you are setting up the config of Chrome, Edge, Opera, then set this parameter
(Works in Chrome from version 63, Opera 50 and in Edge version 17). The most popular values are “2”, “4”, “8”.
Incognito - the parameter shows whether incognito mode (private mode) is enabled or disabled in the browser. To work, set only “False”.
Incognito mode in the browser is when the history of visits in the browser, cookies, autofill, etc. are not saved. An excellent option for schoolchildren to watch porn so that mom or dad doesn’t get burned))
Setting the language in the config
Three parameters are responsible for the language in the config in antidetects. Two in the navigator (language, languages) one in the browser headers (HTTP_ACCEPT_LANGUAGE)
Navigator.language – this parameter shows the browser interface language (that is, roughly speaking, what language your browser, not the system, will display in this parameter.) Example: “en-US”, “en-GB”, “ru-RU”, etc. This parameter is compiled as follows:
[Name of Language]-[Country codes]
Name of Language – below is a link to a list of all languages and designations:
http://www.loc.gov/standards/iso639-2/php/code_list.php ( take the value from “ISO 639-1 Code”)
Country codes – below is a link to the list of all languages and designations:
https://www.iso.org/obp/ui/#search/code/ (take the value from “Alpha-2code ")
Navigator.languages – this parameter shows the user’s preferred languages and is taken from HTTP_ACCEPT_LANGUAGE
Example: “en-US,en,ru-RU,ru”, “de-DE,de,en-US,en”
The parameter is compiled this way for EVERYONE language (each language is separated by a comma without a space):
[Name of Language]-[Country codes], [Name of Language]
HTTP_ACCEPT_LANGUAGE - this parameter shows the preferred languages that the user can understand (system language, browser interface language) and “preference »
language.
Example: “ru-RU,ru;q=0.9,en-US,en;q=0.7”
The parameter is composed like this for EACH language (each language is separated by a comma without a space):
[Name of Language]-[Country codes], [Name of Language]; q=[quality values]
quality values – language “preference” value. Can have a value from 0.1 to 0.9. The higher, the preferred language. I advise you to set it for the main language from 0.6 to 0.9, for the second from 0.4 to 0.7.
In the sphere, to configure language settings, you only need to configure HTTP_ACCEPT_LANGUAGE ( https://prnt.sc/lypoyp). The easiest way to change the language without AD is to simply change the language in your browser. The log also contains information about the user's language and keyboard layout languages.
Setting screen parameters
Let's move on to setting parameters that relate to the user's system screen. I won’t go into much theory; I’ll try to explain these parameters very simply in practice.
To begin with, let's see the main screen parameters in Linken Sphere clearly in the screenshot: http://prntscr.com/lz6cwt
Screen.width| device-width – these parameters show the width of the screen in pixels. Of course, in some subtleties these are different parameters, but for the purposes of our article I have combined them, since the values will be the same.
Screen.height| device-height – these parameters show the height of the screen in pixels.
Combined for the same reason.
device-width and device-height can be configured in general settings (Physical screen size).
Screen.width and Screen.height can be configured in the session screen settings (NOT in Extended settings)
Screen.availWidth – this parameter shows the screen width in pixels that the browser can occupy. In the screenshot, the taskbar is located at the bottom, therefore, it is related not to the width, but to the height; browser may take full length. Therefore Screen.availWidth=Screen.width| device-width
Screen.availHeight – this parameter shows the screen height in pixels that the browser can occupy. In the screenshot, in order for the browser to take up its full height, the taskbar “gets in the way,” so this parameter will be calculated as Screen.width MINUS the height of the taskbar.
Let's look at the examples from the first part of the article, when we looked at the taskbar there.
Now in even more detail and with an example. Let's take a Full HD 1920x1080 screen. If the taskbar is by default (at the bottom, with large icons as in the screenshot), then its height will be 40 px. With these values, “Screen.availWidth” will be 1920, and “Screen.availHeight” will be 1040 px (1080-40 = 1040)
If the icons in the taskbar are small, then the height of the taskbar will be 30 px, and the value of “Screen.availHeight” will be 1050 px
If the taskbar is hidden, the “Screen.availHeight” value will be 1080 px.
Exactly the same story will happen if the taskbar is placed not at the bottom, but at the top.
Further, the taskbar can be placed on the right or left and then the “Screen.availWidth” parameter will change. By default it will be 1858 (1920 MINUS 62px taskbar width).
If the icons are small, then with this placement of the taskbar, nothing changes in the width of the panel, and the value will be 1858; if the taskbar is hidden, then the value will be 1920
This is actually why we looked at the taskbar from the screenshot of the screen in the log.
Screen.availTop- shows the first top (vertical) pixel screen coordinate that is not occupied by the taskbar.
Screen.availLeft - Shows the first top (horizontal) pixel screen coordinate that is not occupied by the taskbar.
If the taskbar is located at the bottom or on the right, these parameters will have a value of “0”.
Exception: if there is a second monitor, then the “Screen.availLeft” parameter can be negative or even positive.
If the taskbar is located at the top or left, then these options will have meaning depending on whether the icons are large or small. If the taskbar is hidden, these parameters will have the value “0”.
Otherwise: if the taskbar is on the left by default, then “Screen.availLeft” will have a value of 62px, if the taskbar icons are small, then also 62 px (since the width does not change when placed sideways)
If the taskbar is at the top, then “Screen.availLeft” will have a value of 40 px, if the taskbar icons are small, then the value will be 30 px.
In simple terms, Screen.availTop shows the height of the taskbar if it is placed at the top, Screen.availLeft shows the width of the taskbar if it is placed on the left.
Knowing the placement of the taskbar about the screenshot in the log, we can calculate these parameters.
The above values are relevant for a Full HD screen of 1920 px by 1080 px.
In the topic attachments (at the very bottom) I have attached the simplest, but very convenient checker for calculating the parameters of the screen and browser window. I am not a programmer and am not interested in this, so the checker works correctly and stably only on Chromium browsers (Chrome, Opera). Therefore, this checker should not be used on Firefox. I hope there is someone who knows jQuery and will adapt this simple checker for Firefox.
Bonus link to the table where I indicated the most popular screen resolution values by OS and calculated the parameters for different browser resolutions:
https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM-
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing
Screen.colorDepth and Screen.pixelDepth – these parameters show the quality of color rendering.
The values of these parameters are the same. Possible values are “24” and “32”. For the purposes of our article, we set only “24”. The value “32” is used for devices such as iPhone, iPad, etc.
Screen.orientation – this parameter shows information about the screen orientation. The easiest way to explain this is with a screenshot. https://prnt.sc/lz7j8w
We use only the “landscape-primary” parameter within the PC; other parameters for mobile devices, tablets, etc.
Screen.angle– this parameter shows the screen rotation angle. "landscape-primary" value 0; "portrait-primary" value 90; "landscape-secondary" value 180; “portrait-secondary” value 270
Setting up browser window parameters
First, let’s look at all the main parameters of the browser window in Linken Sphere, clearly in the screenshot for a better understanding (the screenshot was honestly stolen and modified): https://prnt.sc/lz7r9g
We’ll look at the settings from two options:
1) Full screen mode, when we expand the browser to full screen.
2) Windowed mode, when the browser occupies only some part of the screen. The example screenshot shows exactly this option.
Window.outerWidth – This parameter shows the width of your browser window, including the scroll bar, toolbar, etc.
Window.outerHeight – This parameter shows the height of your browser window, including the toolbar, URL bar, browser tabs, loading area, etc.
The screenshot above perfectly demonstrates these parameters and how they differ from others. If our browser is in full screen mode, then we can specify the exact values. If we work in windowed mode, then there can be a huge number of values, the main thing is that the values are “coordinated” with other parameters (innerWidth, client.Width, innerHeight, clientHeight, screenLeft, screenTop, screenX, screenY). The best and easiest option to get the values for windowed mode is to use the script that I attached to the topic.
In full-screen mode, these parameters correspond to the parameters “availWidth” and “availHeight”
Window.innerWidth and body.clientWidth - these parameters show the value of the width of the browser’s working area, in other words, the entire width in pixels to which your sites are loaded, excluding the width of the scrollbar and panel tasks, if it is placed on the right and other elements that narrow this width. I combined these parameters, since within the framework of our article they will coincide.
Window.innerHeight and body.clientHeight - these parameters show the value of the height of the browser’s working area, in other words, the entire height in pixels to which your sites are loaded, excluding the height of the horizontal scroll, the height of the tab area, the height of the URL bar in the browser and other elements that reduce this width. I combined these parameters, since within the framework of our article they will coincide.
These parameters are the most dynamic and unpredictable compared to other parameters. Even in full-screen mode, in addition to outer.Width/Height, a bunch of other windows are affected.
For example, in Google Chrome, the browser appearance settings option (“Show bookmarks bar”) affects whether the downloaded files panel is displayed in the browser (Example: http://prntscr.com/lzd3r5) etc.
In Firefox, the settings in the “Customize” section are affected ( https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?redirectlocale=en-US&redirectslug=Navigation+
Toolbar+items).
Specifically, the Toolbars parameters (Menu, bookmarks, Header), the “Density” parameter.
And so in each browser, different settings affect these values.
In windowed mode, in addition to these parameters, the parameters “screenLeft, screenTop, screenX, screenY, outerWidth/Heght) also influence.
In any mode, the devicePixelRatio parameter is affected, but more about it below. Again, the best and easiest option to get the values is to use a script.
In the table I will give settings options for different screen resolutions in full screen mode with default browser settings.
https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM-
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing
window.dexicePixelRatio – this parameter shows the ratio of the physical to logical pixel size. Simply put, as we look at our browser types, this is a page scale setting. By default it is 100% and the parameter is “1”. If we zoom in or out on the page, this parameter changes. We increased the page scale by 125%,
the parameter changed to “1.25”, reduced the page to 90%, the parameter changed to “0.9”.
Clarifications: changes to this parameter affect the parameters “Window.innerWidth, body.clientWidth, Window.innerHeight, body.clientHeight) both in full-screen mode and
in windowed mode.
To change the parameter naturally, you need to use an increase or decrease step as in a real browser. Example:
Firefox browser scale values:
“50%”, “60%”, “70%”, “80%”, “90%”, “100%”, “110%”, “120%”, “130%” ", "140%", etc. (10% step)
Chrome browser scale values:
“33%”, “50%”, “67%”, “75%”, “80%”, “90%”, “100%”, “125%” ,“150%”, “175%”, “200%”, “250%”,
“250%”, etc. (The step is dynamic).
And so on for each browser.
One more subtlety with the values of this parameter. Let's take the Chrome browser:
100% is the value of the parameter “1”; 110% parameter value is not “1.1”, but “1.100000023841858”; 125% parameter value “1.25”. Those. the meaning may not always be exactly the same; in different browsers it is different.
The last subtlety: the size of the working window does not decrease or increase EXACTLY by the devicePixelRatio value. Those. if we increase the scale by 25%, it does not matter that the height of the browser working area will decrease by EXACTLY 25%. The percentage values will be different.
window.screenLeft and window.screenX – these parameters show in pixels how much the browser window in windowed mode is shifted to the right of the first pixel.
window.screenTop and window.screenY – these parameters show in pixels how far the browser window in windowed mode is shifted down from the first pixel.
In the screenshot I clearly showed these parameters. I combined these parameters because they coincide within the framework of our article. Chrome, Opera, Edge browsers use all these parameters. Mozilla Firefox browsers use only these parameters: ScreenX and ScreenY.
If the browser is in full-screen mode and the control panel is at the bottom or on the right, then these parameters are equal to “0”.
If you are using full screen mode in the browser and the control panel is on the left or top, then the values of these parameters are equal to the width or length of the control panel.
If you are using a windowed browser mode, the parameters will depend on how much they are shifted from the first left pixel of the screen and the top first pixel of the screen. It is best to use a script to calculate these parameters. These parameters do not have a direct relationship with the Outer.Width/Hegiht, innerWidthHeight parameters, i.e. the rule “Screen Width= screenLeft/ screenX+Outer.Width” DOES NOT WORK, since there are no parameters responsible for the right and bottom sides of the screen, and, therefore, the value of “outer.Width” with a value of screenLeft/ screenX 50 px can be the same 600 px, and 500 px, and 900 px - it all depends on how much we “stretch” the browser window in width. This rule also applies to screen height.
window.pageXOffset – this parameter shows how much the page is scrolled to the right (vertically in pixels) using the scroll bar relative to the top left window.
window.pageYOffset – this parameter shows how much the page is scrolled down (horizontally in pixels) using the scroll bar relative to the top left window.
For a better understanding, look at the screenshot.
In full-screen mode, the window.pageYOffset parameter is dynamic, because on almost any large popular site, we scroll the page down, rarely when the site completely fits into the working window, the main google search page does not count. Therefore , it is best to simply NOT replace
this parameter . In full-screen mode, the window.pageXOffset parameter is mostly equal to “0”, since sites are adapted to different screen resolutions, and scrolling to the side is wildly inconvenient. But if we have a windowed browser mode, then it can also be, depending on the site and the size of the browser window. Therefore, there is no point in setting constant values for these parameters. As for me, if we take a substitution, then the only possible meaning is to make it random within the limits of some values. Setting up plugins in the config
I talked about plugins in detail in section 1 of the article. In new versions of Chrome, Firefox, Opera, Edge, there are only built-in plugins and 1 plugin that can be installed - Adobe Flash Player. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for the Firefox browser. Adobe Flash Player ** PPAPI – for Opera/Chrome browser.
Now we will look in detail at how to configure plugins and what variations can be made.
Firefox has two built-in plugins by default, “Widevine Content Decryption Module” and “OpenH264 Video Codec provided”, but these plugins are not shown when prompted.
In Firefox, the only plugin you can add is Flash. Subtleties: when installing on a Flash system, the default setting is “Ask to Activate”; with this setting, Flash is shown only when a site is requested; the plugin does not light up in the checkers; if the “Always
Activate” parameter is set, then the physical Flash and the plugin are lit. Therefore, by installing Flash into the system, we can uniquely identify a given fingerprint without anti-detection.
With antidetect we have two options: either we add the Flash plugin or not. If we add, then we have various variations in the form of Flash versions. This gives us the opportunity to create different Flash plugins in different configurations, rather than adding the same one. Below there will be a link to a table for the Firefox browser type of what the Flash setting looks like in the plugin, as well as a list of different versions. Let me remind you that in the field, plugins are configured in “Extended session settings”.
https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
Google Chrome has 4 plugins by default, some of them can be enabled/disabled; the only plugin that can be added is also Flash.
Plugin settings are static by default; they don't change. The Flash plugin has parameters that change depending on the version of the plugin and depending on the bit depth of the system: 32-bit; 64-bit. More details about the default plugins:
Chrome PDF Plugin and Chrome PDF Viewer - these plugins are responsible for PDF documents in Chrome and allow, for example, to open a PDF directly in Chrome online, without downloading the file to your computer.
These plugins are linked; so you either add both plugins to the config or neither. You can turn it on/off in a regular browser in Advanced settings --> Content settings --> PDF documents.
Widevine Content Decryption Module – this plugin is responsible for prohibiting copying of audio and video content by the copyright holder. As of version 57 of Chrome, the plugin cannot be disabled. But at the same time, I have seen more than once in systems and configs that this plugin did not light up, although the Chrome versions were one of the latest.
Native Client – the plugin is responsible for launching some online games and applications. It cannot be disabled, so we add this plugin 100%.
Here is a table for setting up plugins in the area for the Google Chrome browser type and variations
of settings with Flash: https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
In the Opera browser, everything is identical to Chrome, except for some subtleties.
1) The names of the plugins responsible for PDF differ. Instead of "Chrome PDF Plugin" the value is "Chromium PDF Plugin"; Instead of "Chrome PDF Viewer" the value is "Chromium PDF Viewer".
2) There is no Native Client plugin.
3) Plugin “News feed handler”. Responsible for feeds, i.e. for receiving content from the site directly to the browser using the RSS protocol. Activated by default. Therefore, we add this plugin.
Here is a table for setting up plugins in the area for the Opera browser type and variations with Flash: https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
Setting up the font list
All antidetects on the market allow you to replace the font fingerprint. The configs of most antidetects contain a list of fonts. The sphere allows you to conveniently edit the list of fonts in the config or create from scratch by loading font names from a file.
In the system itself, without antidetect, you can very easily edit the list of fonts. To do this, go to the control panel --> design and personalization --> fonts.
There you can add new fonts after downloading them, or delete existing fonts.
By performing such manipulations, we change our list.
In each system, due to the various programs installed and other factors, the list of fonts and the number of fonts will be different. But there are basic fonts for every version of Windows OS.
List of basic fonts and their styles for Windows 7
https://docs.microsoft.com/en-us/typography/fonts/windows_7_font_list
List of basic fonts and their styles for Windows 8
https://docs.microsoft.com/en-us /typography/fonts/windows_8_font_list
List of basic fonts and their styles for Windows 10
https://docs.microsoft.com/en-us/typography/fonts/windows_10_font_list
You can build on these basic fonts when creating your list. Some clarifications: all font family links are clickable. Inside you can find information about which Windows operating systems and programs use this font family. You do not need to specify all font styles in the list; you can only specify a font family. Check font families on the site; for example the "Wingdings" family actually contains 3 fonts.
Here's a great list for creating your font list. It lists a large number of fonts and which Windows operating systems and programs use them.
https://docs.microsoft.com/en-us/typography/font-list/
Configuring WebRTC and .MediaDevices.enumerateDevices substitution
.MediaDevices.enumerateDevices – this function allows you to get a list of all devices (audio and video devices of the system, USB cameras, microphones, etc.). You can get the deviceID of these devices, the device name and the device type.
The function in Linken Sphere has the following settings: “True” - the function is enabled, but the parameters are not changed. “False” - the function is disabled, “Fake” - the function is enabled; parameters
are changed.
In our browser types we only use the “Fake” parameter.
Let's move on to setting up WebRTC. We use substitution on all types of browsers, which we are going to discuss with you today. Let's look at some subtleties.
1) IPv6 checkbox . Enable this checkbox if there is an ipv6 leak on your system. You can check here: https://browserleaks.com/ip (item “IPv6 Address”)
2) External (Public) IP in WebRTC . Everything is simple here: the external IP matches the IP of your sock or tunnel. But when working with logs, I also came across this unusual approach. Its essence is that the external IP is set to the IP of the user’s system. Yes, at the same time, checkers will show that this is wrong, but this approach does exist.
3) Internal (Local) IP in WebRTC . Here, too, everything seems to be simple: there are local IP ranges that can be used.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
But again, there are subtleties. Let me remind you of this table: https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
So, there is a Default Local IP column. This is the default local IP of the router, which is how you can get into its settings. Therefore, it is better not to set these IPs when setting up the config.
The next trick is to work with logs and local IP. In the first part, we tried to find out the approximate brand of the router, and ideally its model. So in some cases, we can assume an approximate local IP address.
In general, where does this local address in WebRTC come from on your system? Most routers have a DHCH server in their settings. The DHCH server assigns a local IP to each device that connects to the router. Typically, the DHCH parameter settings are something like this, depending on the brand and model of the router: Starting IP, ending IP and the time for which the IP address is issued. Let's take, for example, that the router has the following settings:
Start IP: 192.168.0.2
End IP: 192.168.0.100
Time: 1440 min (24 hours)
We connect our laptop to the router, the DHCH server gives it a local IP: 192.168.0.2 for 24 hours; We connect our mobile phone, the DHCH server gives it a local IP: 192.168.0.3 for 24 hours; we connect our refrigerator with Wi-Fi to the router, the DHCH server gives it a local IP: 192.168.0.4 for 24 hours, etc. Let's say 12 hours have passed, the lights have been turned off, and the router has rebooted; and the refrigerator was the first to connect to our router. Now his DHCH server gives him a local IP: 192.168.0.2 for 24 hours; then the mobile phone connects - the DHCH server gives it a local IP: 192.168.0.3 for 24 hours; then the laptop connected - the DHCH server gives it a local IP: 192.168.0.4 for 24 hours.
Thus, this example shows that local IP is a dynamic parameter and can change within the limits specified in the DHCH server settings in the router.
Knowing the brand of the router and the approximate model, you can look at this IP range and set the approximate local IP in the log. Again, in the example above, the owner has a D-Link router; we have defined the start and end IP. The owner most likely has, in addition to the computer, 2-4 more devices that connect to the router (for example, a telephone and a TV). Therefore, we can easily set the local IP “192.168.0.2” or “192.168.0.3” or “192.168.0.4” or “192.168.0.5”. On the Internet you can find emulators of most popular routers and look at the basic IP range in the settings; in the table I also added start and end IP for some models.
Setting up substitutions in the config.
Although this does not relate to setting up the real config, I will go over some of the features. You can find a lot of different information about all the prints that the sphere replaces, so I won’t describe the same thing 10 times.
Regarding the use of substitutions: I advise you to use all substitutions in any of our browser types, but with some subtleties.
1) Enable Flash - turns on Flash. Every antidetect author does not recommend turning on flash unnecessarily, since this is an additional way to detect you. Regarding the use of Flash, they can advise the following options, no matter whether we are creating a config for working with the log or a config for any type of browser:
A) Add Flash to the config plugins, but leave the physical flash (enable flash) disabled. This creates an interesting situation: according to the plugins, we have it as is, but there is no physical version.
B) Add Flash to the config plugins and enable physical flash (enable flash). I described the disadvantages of this option above.
One more thing, in some antidetects you can configure Flash settings, so if there are such settings and you decide to use Flash, be sure to remember to configure them (parameters such as OC, language, screen resolution, Flash version and others).
2) Canvas substitution. We enable this substitution, but now I will write options when you can try to disable this substitution in our browser types.
There are only two of them: A) When the created config has the same browser type as the antidetect, i.e. Linken Sphere is written on Chromium, therefore, if you are creating a Chrome configuration, it is possible to disable substitution as an option. The second option is a little worse: this is when the browser is made in the Chromium shell. In our case, this is the browser type: Opera.
3) Substitution of AudioFingerprint . We will of course include the substitution. But audio also has parameters (http://prntscr.com/lyqeto). Some of them can be changed in the system, so below is some food for thought: as an option, in addition to the fingerprint, you can also replace them. For example, the first parameter on the screen (ac-sampleRate) is very easy to change: to do this, you need to change the Default Format (https://prnt.sc/lyqgop) in the default settings of your playback device .
Tips, tricks, lifehacks using the Linken Sphere antidetect and when working with logs.
1. Installing Linken Sphere: Virtual Machine or Base?
Should I install it on a Virtual Machine or on the Main Machine? Also a very popular question. Again, you can find the best option for yourself.
Linken Sphere on the Main Machine
Pros:
1) Ease of use
2) Does not require large RAM resources, puts less load on the computer compared to using a virtual machine, for example on Win 10 x64, especially if the page file is disabled for security and the PC is not very powerful.
3) If suddenly there is some kind of detection or virtual machine detection in the world that no one knows about yet, then this will undoubtedly be a plus compared to using an anti-detect on a virtual machine.
I’ll explain in more detail what I meant: Almost any antidetect in the world, if it does not change any parameter, then it is most likely taken from your system, or is simply disabled.
4) Security. I don’t presume to say 100%, but from a security point of view, in the anonymity chain, perhaps this option is worse than using Linken Sphere on a Virtual Machine or Server.
Linken Sphere on a Virtual Machine
Here it’s the other way around, and the minuses become a plus, and the pluses become minuses.
Option 3: some use Linken Sphere on a dedicated server, which is also, in its own way, an interesting option that has some advantages from the two options above.
2. What type of configs is best to use for driving. “Good” options for using configs for different types of OS.
Actually, taking into account the fact that this Antidetect is written on the source code of the Chromuim engine, it is ideal to use configurations with the Chrome browser and browsers based on the Chromium platform.
If Linken Sphere is installed on your Windows OS, then the “good” configuration options are:
1) Win XP, 7.8, 10 + Chrome
2) Win XP, 7.8, 10 + Opera
3) MAC OS + Chrome
4) Win 10 + Edge (Microsoft recently announced a replacement of the engine with Chromium)
Mobile options:
1) Android + Chrome
2) Windows Phone + IE (Internet Explorer)
3) Iphone, iPad + Chrome
If Linken Sphere is installed on your OS MAC X, then “ good" config options:
1) MAC OS + Chrome
2) MAC OS + Safari
3) Win + Chrome
Mobile options:
1) Iphone, Ipad + Chrome
2) Iphone, Ipad + Safari
Of course, you can use any configs on any OS, but these are preferable due to the fact that the OC and/or platforms are the same.
3 Life hack: Using “Non-standard” configs when entering
As a good and unusual alternative to the variations that I wrote above, there can be the use of “non-standard” configs. In my understanding, non-standard configs are those systems that are not common in general and that are rarely used for driving in. For Sphere and some other ADs, another criterion may be that these configs cannot be found in config shops. I will give examples of such configs: Xbox One, PlayStation 4, Blackberry, PlayBook, Kindle, etc. It is, of course, difficult to imagine holders using Playstation 4 or PlayBook, but nevertheless, these options take place in some topics and as one of the factors “non-standard” driving.
How to get these configs for the sphere? There is only one option - to do it yourself. After reading the entire manual, you will more or less understand how to make configs. The only problem is where to get all the data (UserAgent, WebGL, WebRTC, Window.Screen, Window.Navigator, etc.) for these devices? Everything is very simple here) Either look at the actual device for all the necessary checkers, or take it from the configs of another antidetect.
4. Using the “Web Emulator” tool
Web Emulator is a tool in Linken Sphere that allows you to automatically visit a list of sites, imitating human behavior. This tool is useful because it automates the process of obtaining cookies, thereby reducing our time spent on routine work, i.e. you enter a list of sites, turn on the emulator, and voila, we already have a browser of cookies for various sites.
In practice, this tool is very useful, because... Shop anti-fraud systems may well collect and analyze your cookies. Thus, using this tool correctly, we will be more like an ordinary user.
According to the settings of this tool (Screenshot: https://prnt.sc/jkvy3p)
Check the boxes for Disable popups and Enable alert after complete. MaxVisited Page is the maximum number of pages on each site that will be open. Here everyone decides for themselves how much to bet, I would recommend from 3-4 to 12-30. Max time on page, min – I would recommend setting it from 30 seconds to 2 minutes.
Start delay – this item is responsible for the delay (in minutes) before turning on the emulator itself. It's up to your discretion.
Each site must be specified on a new line and with http://.
About the list of sites. I would recommend that everyone make their own list of sites to crawl depending on the country you are typing in (in my case it is the USA). In my list, I would collect about 30-40 such sites, so that it would be possible to alternate between different sites, and not go around the same ones every time.
There you can select the TOP 500 sites in various countries, find out the average depth of page views, the average duration of users’ stay on the site over the past 3 months.
5. Detect Social Media Login
http://www.tomanthony.co.uk/tools/detect-social-network-logins/
Here is a regular public example demonstrating that sites can easily see whether you are logged in to popular social services. Therefore, in order to be more like a real user’s PC, you need to create accounts in popular networks and log in to them immediately before your work (or buy ready-made accounts). The most popular services: Facebook, Twitter, Gmail, Youtube, Google+, Instagram, Pinterest, Battle Net, Xbox, PSN, Tumblr, etc.
This rule also applies to logs. We look at the accounts to see what popular social services our user has, log in to them (if we don’t automatically log in using our cookies) and only then go to the sites we need.
Now let's move on to working with logs.
By all parameters, all logs can be divided by degree of importance (in descending order of importance):
1. A log that has a set of standard services complete with BA and crypto exchanges.
2. A log that has a set of standard services such as Paypal, Amazon, various shops
3. A log that has a couple of services/uninteresting small shops; The cookies in this log don't make us particularly happy.
4. Useless log
For beginners, first of all, the advice would be not to disdain logs of categories 2 and 3, treat them with the same seriousness as logs of the first category in order to gain experience, improve your skills, technically learn how to correctly use the log and the selected tool for processing it.
On forums, processed logs of different categories are often distributed; This option is also a good option for starting to work with logs.
You can determine the degree of importance by the Logins/Passwords of the log, auto-fills, and sometimes even by the screensaver on your desktop you can distinguish the log of a nerd student from a good log.
With experience, depending on your skills and financial situation, you will be able to determine for yourself which log to work with painstakingly, which not so much, and which one should be thrown away altogether and not waste your time.
Processing logs in Linken Sphere is very convenient because, using different tabs, you can process several logs at the same time, which also saves time.
Log processing can be complex, or processing for one specific request.
It often happens that beginners process logs for just 1 request, for example on Paypal, and if they fail to process them, they get upset and throw away the log. This is a bad approach to work, since you will not get normal profit and knowledge with it; if you have a lot of time and little experience, practice the log to the fullest, get better at it.
Let's move on to interesting tips and life hacks when working with logs.
1. Determine your “attack vector.” Simply put, you need to understand where the holder has money, what means of payment he uses most often. You can view popular means of payment for holder in Amazon, Paypal, Ebay, etc.). Once you have determined where the money is, you need to try to find out how much money the holder has, if possible. To do this, you need to go to online banking, look at Statesman, etc.
2. Operator services such as AT&T, Verizon and others may have the function of blocking a SIM card, losing the phone and other useful things that can complicate the restoration of the holder’s access, or even complete loss.
3. Always put messages from unwanted services and shops from which messages may come in the holder's mailbox in spam filters. Redirect the necessary messages through
filters to your email.
4. Check all cloud storages (Google drive, icloud, onedrive, dropbox, etc.) There is a high probability of finding Photo ID, Drive License, Credit Cards, Wallet Seed, 2FA and other useful information there.
5. Live the life of a holder. Having collected all the information on the holder, read his Facebook and other social networks. network, look where he’s going tomorrow, when he’s not at home, when he’s in the gym, when he’s eating, who he’s fucking with, this will help create a psychological portrait for psychological impact, as well as give you the opportunity to choose the best time of attack.
For example, you can urgently call the holder to work, send a wreath with threats (Having said that this is from the mafia, the insurance company will return everything, don’t rock the boat until we clean you out). It is important to understand the essence of these thoughts, and your imagination in the options for using useful information can be limitless.
6. Leave behind backdoors. Set your security questions to emails, connect your 2FA, phones, backup emails. Then, with a high probability, the holder will not be able to quickly and painlessly return his account, and even if he returns, he may not notice your backdoor, which you can use again.
7. Passwords. Many holders use the same passwords, so even if the required service is not in the log, you can find it yourself by brute force.
8. Activity. Based on letters in the mail, you can determine the most popular and most recent services used by the holder. From them, choose the ones you need that you know how to practice. These services will be more fraud-friendly, since the holder often uses them, and, therefore, they have more recent cookies compared to other services.
Contact the author: Jabber: [email protected]
Obtaining basic information about the system from the log
In the log, the most basic information about the system is contained in the file System.txt, or Information.log. Screenshot: https://prnt.sc/lx4rp1. In the screenshot I have highlighted the parameters that we need to configure the system.
1. Windows – This parameter contains information about the version of Windows and the bitness of the system (32-bit or 64-bit, 64-bit is much more common). Most often you will see logs from Windows 7, Windows 10, less often from Windows 8, 8.1, XP.
We will need this parameter to configure “navigator.UserAgent”, and some derivatives.
2. Display Resolution – This parameter contains information about
the user’s screen resolution. Necessary for setting all parameters related to screen resolution and browser window size and related parameters.
3. Display Language, Keyboard Languages - These parameters contain information about the system language/languages. Needed to configure “navigator. Language",
"navigator. Languages" and HTTP_ACCEPT_LANGUAGE.
4. CPU Count - This parameter contains information about the number of processor threads. Needed to configure the “navigator.hardwareConcurrency” parameter
5. RAM - This parameter contains information about the amount of RAM.
Required to configure “navigator.deviceMemory”
6 Videocard - This parameter contains information about the system video card.
Required to configure WebGL. Please note that the system can contain two video cards: one discrete and the other integrated. This is usually used on laptops. And which of them is launched for the browser is 100% unknown.
Firstly, the user can manually set which video card will be used, and secondly, for example, it can be like this: if the laptop is charging, a discrete video card is used, but if it is on battery, then an integrated one.
Therefore, in laptops you should not rely 100% on this parameter.
7. [Network] We take almost all parameters except Geo (Latitude and Longitude); This information will be useful for you to more competently select a Socks/SSH tunnel. There is no ZIP in my log, but it is not difficult to break through it. To do this, you just need to look up the IP address in the MaxMind database, or find the user’s home address in the browser’s autofill, or at the post office or in the store. It is advisable to select an IP not only as close as possible to the ZIP address, but also, if possible, with the same IP mask and the same Internet provider.
Our next step is to determine the browser type and browsers to create the configuration. It happens that PC owners use several browsers, and not just one.
Therefore, if necessary, it is better to create two sessions in the sphere, i.e. two configurations, rather than loading cookies into one. To do this, we look at the sites we need with logins and passwords in the file “passwords.txt” parameter “Soft” Screenshot: https://prnt.sc/lx5ofi , as well as files in the “Cookies” folder for the presence of the necessary sites (files in this folder are divided into browsers; it is possible that Cookies files can be stored in a shared folder. It all depends on which stealer the log is from). Example: http://prntscr.com/lx5oag
In my case, there is only one Google Chrome browser in the log, so I mark only 1 browser. Let's move on to more interesting information that does not lie on the surface.
We determine whether FLASH is in the system and its version, determine the browser version (if possible).
To do this, go to the System.txt or Information.log file and in the installed programs [Software] section look for “Adobe Flash Player”. If found, we mark that Flash is available and record its version. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for the Firefox browser. Adobe Flash Player ** PPAPI – for Opera/Chrome browser. Screenshot: http://prntscr.com/lx5ztv
Next in the same screenshot we see the version of Google Chrome, if not, then we try to find it in the file by searching “Google Chrome”. We also mark the version for ourselves. We will need the browser type and its version to configure the “navigator.UserAgent” parameter, and in exceptional cases, to disable Canvas substitution. We search for the Mozilla Firefox browser using the query “Firefox”, we should find something like “Mozilla Firefox 64 (x64 en-US) [64.0]”. The name of the Firefox browser contains the bit size of the program (32 or 64 bit), which is also useful in the “navigator.UserAgent” setting. We search for the Opera browser using the query “Opera”, we should find something like this “Opera Stable 57.0.3098.106 [57.0.3098.106]”.
For various reasons, the browser version cannot always be determined, one of which is that the browser may be Portable, i.e. not installed on the system. The IE browser will not be visible, because... it is already native in Windows, with Edge in Win 10 the same hat.
We will need the presence of Flash and its version in order to add it to the plugins and, if necessary, enable its physical version in the antidetect.
We determine whether the user has a desktop computer (Desktop) or a Laptop (Laptop).
This can be determined using various options.
1. From the screenshot in the log. In the screenshot, we are looking for something that is typical for a laptop on the taskbar in the lower right corner, or on the desktop for something that is typical for a laptop (application icons for a laptop, etc.).
On the taskbar you can find the Battery icon, Wi-Fi connection icon. I will now show this with examples.
Examples: http://prntscr.com/lx86z7 https://prnt.sc/lx871y
2. According to information about the processor in the system . To do this, go to the System.txt or Information.log file and look at the “Processors” parameter Screenshot: https://prnt.sc/lx88az
Copy the value and google information about the processor. Here is an example of information on this processor from the Intel website, which shows us that the user has a desktop
computer. Screenshot: https://prnt.sc/lx89jp
Example of information about a laptop processor. Screenshot: http://prntscr.com/lx8g8y
Well, another option is to look in the processes or installed programs in the System.txt file, or Information.log for processes/programs that relate to the laptop.
For example, these are processes in which the keyword “Bluetooth” appears, programs specific to a particular laptop manufacturer (ASUS, DELL, MSI, ACER, etc.)
Examples of processes: “Intel (R) Wireless Bluetooth (R)”, “Dell Touchpad "
It is necessary to know several options, because sometimes there may not be a screenshot, or the screenshot is taken of a certain area without the taskbar, or the taskbar
is hidden.
Taskbar: determine the position of the taskbar on the screen, the size of the icons and whether the taskbar is hidden (if possible)
The first question that comes to mind is: “Why the hell is this necessary?” I will answer: this is necessary in order to set the screen dimensions; browser window sizes and browser workspace sizes in full-screen browser mode (parameters “window.innerWidth”, “window.innerHeight”, “window.outerHeight”, “window.outerWidth”).
Of course, not every log will have such an opportunity to look and understand everything 100%.
Sometimes there may be no screenshot, sometimes the screenshot is not of the entire screen area.
Now I will show you how to correctly evaluate these parameters. Screenshot: https://prnt.sc/lxy3x0
These examples were made on OS Windows 7. If you wish, you can then look and play with these settings on any OS Windows.
1) Position of the taskbar . It happens: horizontal and vertical. For most users, the default position is horizontal.
2) Size of taskbar icons. There are two sizes of icons: large and small. The default icon size is large. Large icons are installed for most users. There is a peculiarity on Windows 7: if the icons are small, then the Start button icon protrudes beyond the taskbar area. Sometimes it is not always possible to understand the size of the icons even from a screenshot; I also advise you to pay attention to the Display Resolution in the log; A screenshot of screen size “1024 x 768” is one thing, “2560 x 1440” is another thing
3) Hidden taskbar . By default, the taskbar is not hidden for most users. A hidden taskbar doesn't mean it doesn't exist at all. It is just not displayed on the screen, but appears when you hover the mouse cursor. If you have a full screenshot of the screen in your log and there is no taskbar there, then it is hidden.
4) If in the screenshot the PC owner has the type of browser you need open, mark this as well, it will be useful in setting it up. Screenshots with the browser open are quite common.
User’s network: determine the approximate router and its model (if possible)
Sometimes, from the log, you can determine the brand of the user’s router or its approximate model.
This may be necessary for more precise configuration of WebRTC, or more precisely, Local IP Address.
To do this, you need to look in the log in the file with logins/passwords or in the file where the browser history is stored, popular IP address masks of routers. Here is a link to the table of brands of the most popular routers and default local IP addresses: https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
The most popular masks for searching in the log: “192.168.”, "10.0.", "10.1.", "10.90.". I have highlighted the most popular brands in the table in light blue.
If the login and password are also indicated there, you can try here to look at the standard login/password combinations by brand: https://192-168-1-1ip.mobi/default-router-passwords-list/
Here’s an example : https:/ /prnt.sc/ly3sww we can assume that the PC user has a D-Link router. But this is not 100%, since several other routers have the same connection.
Sometimes the browser history file can show us much more accurate information. Here is an example: https://prnt.sc/ly41tw
In the browser history we see the Local IP Address and plus the page title, which gives us a huge advantage in identifying the router. If you google “B593s-931”, you can determine
that this is the name of the router “HUAWEI B593s-931”. Another example: https://prnt.sc/ly49nx
If you google “userRpm/DdnsAddRpm.htm”, you can see that the router is TP-Link TL-WR741N / ND, or TL-WR841N or some others.
In addition to the Local IP Address WebRTC, the information will be useful if someone changes the MAC address, since the “beginning” of the MAC address is different for each manufacturer.
Browser plugins: identify popular plugins that are installed in the browser.
Plugins in any program are add-ons that allow you to expand its capabilities. Most popular browsers have the ability to install plugins
that allow you to expand its capabilities. For example, this could be a Flash plugin from Adobe, the ability to read PDF pages in a browser; in Chrome this plugin is already included by
default; the ability to run any Audio/Video codecs.
With each new update, the number of new functions and variations of supported content increases, so plugins gradually lose their relevance. As a result, in the Chrome, Firefox, Opera, Edge browsers there were only built-in plugins and one added one: Adobe Flash Player. Therefore, when searching for plugins, it is more relevant for the Internet Explorer browser, or for older versions of Firefox (UP TO version 52), Chrome, Opera.
The most popular plugins: Flash, Java, Microsoft Office, Adobe PDF Reader, Windows Media Player, Real Video/Audio.
At the beginning of the article, we already determined whether Flash is present in the system. So Flash Player is also a browser plugin. Therefore, if Flash is available, then in some types of browser it will be in plugins. Let's mark it if it exists.
We will also look for other plugins in the System.txt file, or Information.log in the installed programs [Software] section.
We find the QuickTime plugin by searching for “QuickTime”, the approximate name of the plugin is: “QuickTime 7 [7.79.80.95]”
The Silverlight plugin is found by searching for “Microsoft Silverlight”, the approximate name of the plugin is: “Microsoft Silverlight [5.1.50907.0]”
We find the Java plugin by searching “Java”, approximate name of the plugin: “Java 8 Update 191 [8.0.1910.12]”
Find the RealPlayer plugin by searching for “RealPlayer”, approximate name of the plugin: “RealPlayer [18.1.15.]”
Adobe Acrobat plugin (for reading PDF files) we find at the request “Adobe Acrobat Reader DC”, in the end it will be something like “Adobe Acrobat Reader DC [010/19/20064.]”
There are many other different plugins, this was just an example of popular plugins.
The list can be continued for a very long time.
This completes the collection of information from the log. As a result, we have collected the following information:
Windows: Windows 10 Home [x64]
Display Resolution: 1920x1080
Display Language: en-US
Keyboard Languages: English (United States)
CPU Count: 4
RAM: 8139 MB
VideoCard: NVIDIA GeForce GTX 970
[ Network]
IP: 38.104.174.234
Country: United States (US)
City: Pleasant View (California)
ZIP: 93260
ISP: Cogent Communications (Txox Communications)
--
Browser: Google Chrome ver. 68.0.3440.106
Flash: available, ver. 30.0.0.154
--
PC: Laptop
--
[Taskbar]
Position: Horizontal
Icon size: Large
Hidden taskbar: No
Is there a browser in the screenshot: YES
--
Router: ~TP-Link TL-WR741N or TL- WR841N
---
[Browser plugins]
Adobe Flash Player
RealPlayer
Adobe Acrobat
Of course, this example has too much information. In practice, it may be less.
A manual for setting up real configs from scratch
using antidetect.
Let's move on to the most interesting section of this article.
The basis of all basics - UserAgent
UserAgent is the basis for creating a config. Just as the construction of a house begins with the foundation, so the creation of a config begins with the UserAgent (abbreviated as UA). Let's start with the theory. Let's figure out what UA is.
UserAgent is a property (parameter) that contains properties that are used to determine what browser, what operating system, what version, and what specific software the user has.
In the configs of any Anti-Detect, this parameter is located in navigator.UserAgent and in HTTP_USER_AGENT.
Note: navigator.UserAgent and HTTP_USER_AGENT are always the same, but there is an exception: Internet Explorer browsers. Very often, in these browsers, navigator.UserAgent contains information about the user’s software.
Example:
HTTP_USER_AGENT: "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
navigator UserAgent: "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR
2.0 .50727; .NET CLR 3.5.30729; Media Center PC 6.0; rv:11.0) like Gecko"
Let's look at how to create UA for the most popular browsers in Windows. Let's start with the simplest one - Mozilla Firefox. UserAgent structure:
Mozilla/5.0 (< Windows version >; < bit tags >; rv: < Firefox version >) Gecko/20100101
Firefox/< Firefox version >
Above, I highlighted the parameters that you need to know to create a real UA.
<Windows version> - Operating system versions. Options:
Windows NT 6 – Windows Vista, Windows Server 2008
Windows NT 6.1 – Windows 7, Windows Server 2008 R2.
Windows NT 6.2 – Windows 8, Windows Server 2012
Windows NT 6.3 – Windows 8.1, Windows Server 2012 R2.
Windows NT 10 – Windows 10, Windows Server 2016&2019.
This parameter is available in all UA on Windows. Note: on Edge browsers it is static, i.e. does not change, because The browser is designed just for Windows 10
<bit tags> - “bit” of the system. I think everyone knows and everyone has encountered that there are two 32-bit Windows systems and a 64-bit one. It is the browser that transmits possible variations:
Win64; x64 – this value is transmitted if the system is 64-bit.
Empty value (nothing is transferred) if the system is 32-bit. Example UA: Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
WOW64 – this value is sent when a 32-bit browser application is running on a 64-bit system.
<Firefox version> – this value shows the version of your Firefox browser. Note: the value with only one digit after the dot is transmitted, even if the browser version is “63.0.3”, then
only “63.0” will be transmitted to UA. Here is a link to a list of all current versions of Firefox:
https://www.mozilla.org/en-US/firefox/releases/
By combining these values, we get different UserAgent's. Don't forget that the values of "rv:" and "Firefox/" must match.
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 – UserAgent Windows 10 [64bit] with Firefox 64 browser
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 0 – UserAgent Windows 7 [32 bit] with Firefox browser version either 52.0.1 or 52.0.2
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 – UserAgent Windows 7 [ 64 bit] with the Firefox browser, which is designed for 32-bit systems version 43.0.1, or 43.0.2, or 43.0.3, or 43.0.4
Let’s move on to the Google Chrome browser.
UserAgent structure Google Chrome:
Mozilla/5.0 (< Windows version >; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/< Chrome version > Safari/537.36
Despite the fact that UA Chrome seems more complicated, in reality it's even a little simpler, because... The chrome versions don't need to be duplicated twice.
<Windows version> and <bit tags> are exactly the same as in Firefox.
<Chrome version> – this value shows the version of your Chrome browser. Here is a link to a list of current versions of Chrome: https://filehippo.com/download_google_chrome/history/
Example: Chrome/71.0.3578.98
71.0.3578 is the browser version.
98 – Build. It shows how many fixes of various bugs and improvements were in this version.
Examples:
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/71.0.3578.98 Safari/537.36 – UserAgent Windows 8.1 [64 bit] with Google Chrome browser version 71.0.3578 with build 98
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/70.0.3538.110 Safari/537.36 – UserAgent Windows 10 [64 bit] with Google Chrome browser version 70.0.3538 with build 110
Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110
Safari /537.36 36 – UserAgent Windows 10 [32 bit] with Google Chrome browser version 70.0.3538 with build 110
Let’s move on to Opera.
Mozilla/5.0 (< Windows version >; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/< Chrome version > Safari/537.36 OPR/<Opera version>
The Opera browser is implemented on the WebKit engine and V8 in the Chromium shell, that’s why UA also has “Chrome/<Chrome version>”, we can say UserAgent is not much different.
<Windows version> and <bit tags> and <Chrome version> are absolutely all the same, as I described above. The only issue is with the chrome versions, but more on that below.
<Opera version> – this value shows the version of your Opera browser. Here is a link to the list of current versions of Opera: https://blogs.opera.com/desktop/
We are most interested in “Stable update”, “beta update, developer update, initial release” - to a lesser extent.
Example: OPR/56.0.3051.116
56 – browser version
3051 – Build browser
116 – Patch browser.
Let me clarify what is special about Chrome. A certain version of Opera has a certain version of Chrome.
You can’t write a Chrome version out of the blue, or vice versa. These two values must be consistent.
Here is a table with 11 versions of the Opera browser as examples.
https://docs.google.com/spreadsheets/d/1OglvdCpkWxr0GztpQ3Nzi3Ij0Ep4oEZxdfZn-
PVwdqU/edit?usp=sharing
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko
Chrome/) 68.0. 3440.106 Safari/537.36 OPR/55.0.2994.44 - UserAgent Windows 10 [64 bit] with Opera browser version 55
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/68.0.3440.106 Safari/537.36 OPR /55.0.2994.44 - UserAgent Windows 8 [64 bit] with Opera 32-Bit browser version 55
Let's move on to the Edge browser.
UserAgent Edge structure:
Mozilla/5.0 (Windows NT 10.0; < bit tags >) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/< Chrome version > Safari/537.36 Edge/< Edge version >
<bit tags> and <Chrome version> absolutely the same, as I wrote above.
<Edge version> - this value shows the version of your Edge browser. Just like Opera, a specific version of Edge has a specific version of Chrome.
Here is a link to the latest versions of Edge: https://en.wikipedia.org/wiki/Microsoft_Edge
Note: We need the values "EdgeHTML version" and not "Version".
Example: Edge/17.17134
17 –EdgeHTML Version
17134 – Window Build.
Table with examples of Edge Chrome versions
https://docs.google.com/spreadsheets/d/1QkUj5f0oPIUGU6aGyZSS9DNUpGCaywv9W50y-
tvSVPM/edit?usp=sharing
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 - UserAgent Windows 10 [64 bit] with
Edge browser version 17
Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140
Safari/ 537.36 Edge/17.17134 - UserAgent Windows 10 [32 bit] with Edge browser version 17
Let's finish the topic of UA, there is a lot more that can be said about existing UA, since I only looked at the most basic browsers and the most popular and simple options. If this article is useful at all, I will reveal in more detail about more complex variations of UserAgent from different types of browser; about mobile UserAgent and new types of browsers.
Other options where you can get UA:
1) Real devices.
2) https://developers.whatismybrowser.com/useragents/explore/
Many different UA by browser type, by OS, mobile UA, etc. There are a lot of sampling options. The disadvantages are that there is a lot of “slag”; there are not so many newer versions; There is a UA popularity parameter, but I would not recommend focusing on it.
3) Config shops. Actually, in config shops you can easily see this parameter without purchasing a config. The option is very convenient, because you can make a selection according to the necessary parameters and the most current UA in the config shops. In some you can simply register calmly.
I won’t post links here; if you really need them, write to me via PM or contacts.
Let's go through simple config settings in Linken Sphere (Extended session settings).
Navigator.vendor – this parameter shows the name of the browser vendor. In our browser types, the Value is empty, or “Google Inc.”. The parameter is static, i.e. does not change. Values in our browser types:
Firefox - blank
Edge - blank
Chrome - Google Inc.
Opera-Google Inc. [/QUOTE]
Navigator.ProductSub – this parameter shows the Build number of the browser. The parameter is static, i.e. does not change. Values in our browser types:
Firefox - 20100101
Edge - 20030107
Chrome - 20030107
Opera - 20030107
Navigator.hardwareConcurrency– this parameter shows the number of processor threads, and not the number of physical processor cores, as many believe. The parameter does not depend on the type of browsers we are considering. Popular values for this parameter: “2”, “4”, “8”, “12”.
For a better understanding, I’ll consider a new processor on laptops: Intel Core i7-8750H. This is a 6-core processor, but it has 12 threads, therefore the parameter will be set to “12” and not “6”. Sometimes the number of threads corresponds to the number of cores. By the name of the processor, you can always look up these values on the Internet. As for the information in the logs - there is information about the number of threads, so you can safely set this parameter, but double-check just in case (parameters: # of Cores and # of Threads)
Navigator.MaxTouchPoints - this parameter shows the maximum number of simultaneous touch presses, which the device supports, i.e. If the device
has several touch screens with different maximum values, then the maximum value is shown. The parameter does not depend on the type of browsers we are considering.
In general, they usually say that this parameter is more relevant for mobile configs and this is true, but not entirely.
Actually, an ordinary desktop computer or laptop with a connected mouse and keyboard will show the value “0”. Most often this is the value of the parameter.
But there are touch monitors in laptops and touch monitors for desktop PCs.
Therefore, in this case, the parameter value is usually “1” or “2”. Therefore, when setting up our config types, it is permissible to set these values.
Based on the information from the log, it is impossible to determine in 95% which laptop or which display, so it is better to set the default value to “0”.
Navigator.Platform - this parameter shows the platform on which the browser runs. Within our browser and OS types there can be two values: "Win32" and "Win64". But even if Windows is 64-bit and the browser software is 64 bit, the “Win32” value is still used. Therefore, we set only this value.
Navigator.doNotTrack – this technology allows you to enable or disable the ban on tracking by sites and various systems. The most popular values used are:
“Null” - the user did not set this parameter, therefore it is not enabled. This is the most commonly used option. “1”, “true” - the user has enabled this function, “0”, “false” - the user has disabled this function. In configs you can use all three values, preferably “null” or “0”.
As for substitution without antidetects, Google has instructions with pictures for each type of browser on how to enable/disable this technology.
Navigator.gamepads– this technology shows connected gamepads and their properties (joysticks like on Xbox and Playstation). By values in the sphere: “True” - the function is enabled, “False” - the function is disabled.
Feature: even if there are no gamepads connected to the system, this feature is enabled. So we basically use the value “True” for our browser types, regardless of the OS version.
Even on most mobile browsers the feature is also enabled.
Navigator.battery – this technology shows information about the battery status (whether charging is in progress, charge level in %, amount of time to fully charge/discharge, etc.). According to the values in Linken Sphere: “True” - this function is used without substitutions, “False”, “Fake” - identical to True, only the parameters of the battery itself are replaced.
By use: in Edge, Firefox (after version 52) we set only “False”, in Chrome and Opera we set either “true” or “fake”.
This function, as you might think, applies not only to laptops. On desktop computers, the Battery feature is enabled. The difference is that the parameters will be static, as if it were a laptop charging at 100%.
Information on setting this parameter from the log: if you determine that the PC user is from a laptop, you can enable “fake”, but if on your system where Linken Sphere is installed, the Battery parameters are static and the log user has a desktop computer, then it makes sense to enable “True” "
On real systems, if you have a laptop, it is very easy to change this parameter; you just need to discharge/charge the battery. Then the values of this function will change.
Navigator.webdriver. Webdriver in a browser is a software library (driver) that allows other programs to interact with the browser; control the browser. This technology appeared in the browser not so long ago, so it is experimental, and there is not much information on it. Webdriver technology is supported by all major types of latest browsers. The main values of the Webdriver property are "true", "false" and "undefined". For use in Linken Sphere: if we make configs for older versions of the browser (below 63 Chrome and 50 Opera, then we use the “undefined” value). In other cases, it is allowed to use the value “true” and “false”. But taking into account the specifics of this technology and how it is implemented in browsers, I advise you to use “false” in 95% of cases.
Navigator.Online - this parameter shows the browser status. Parameter options: “True”, “False”, “1”, “0”. Here it’s a no brainer that the value should be “True” or “1”. The area has specifically established the ability to set only these parameters.
Navigator.deviceMemory - this parameter shows the amount of RAM in GB.
Values: 0.25 – 256 MB of RAM, 0.5 – 512 MB, 1 – 1024 MB, etc. to value 8 If there is more than 8 GB of RAM (12 GB, 16 GB, 32 GB, 64 GB), then the value will still be “8”.
If you are setting up the Firefox browser config, then set the value to “False”, because... there is no this parameter. If you are setting up the config of Chrome, Edge, Opera, then set this parameter
(Works in Chrome from version 63, Opera 50 and in Edge version 17). The most popular values are “2”, “4”, “8”.
Incognito - the parameter shows whether incognito mode (private mode) is enabled or disabled in the browser. To work, set only “False”.
Incognito mode in the browser is when the history of visits in the browser, cookies, autofill, etc. are not saved. An excellent option for schoolchildren to watch porn so that mom or dad doesn’t get burned))
Setting the language in the config
Three parameters are responsible for the language in the config in antidetects. Two in the navigator (language, languages) one in the browser headers (HTTP_ACCEPT_LANGUAGE)
Navigator.language – this parameter shows the browser interface language (that is, roughly speaking, what language your browser, not the system, will display in this parameter.) Example: “en-US”, “en-GB”, “ru-RU”, etc. This parameter is compiled as follows:
[Name of Language]-[Country codes]
Name of Language – below is a link to a list of all languages and designations:
http://www.loc.gov/standards/iso639-2/php/code_list.php ( take the value from “ISO 639-1 Code”)
Country codes – below is a link to the list of all languages and designations:
https://www.iso.org/obp/ui/#search/code/ (take the value from “Alpha-2code ")
Navigator.languages – this parameter shows the user’s preferred languages and is taken from HTTP_ACCEPT_LANGUAGE
Example: “en-US,en,ru-RU,ru”, “de-DE,de,en-US,en”
The parameter is compiled this way for EVERYONE language (each language is separated by a comma without a space):
[Name of Language]-[Country codes], [Name of Language]
HTTP_ACCEPT_LANGUAGE - this parameter shows the preferred languages that the user can understand (system language, browser interface language) and “preference »
language.
Example: “ru-RU,ru;q=0.9,en-US,en;q=0.7”
The parameter is composed like this for EACH language (each language is separated by a comma without a space):
[Name of Language]-[Country codes], [Name of Language]; q=[quality values]
quality values – language “preference” value. Can have a value from 0.1 to 0.9. The higher, the preferred language. I advise you to set it for the main language from 0.6 to 0.9, for the second from 0.4 to 0.7.
In the sphere, to configure language settings, you only need to configure HTTP_ACCEPT_LANGUAGE ( https://prnt.sc/lypoyp). The easiest way to change the language without AD is to simply change the language in your browser. The log also contains information about the user's language and keyboard layout languages.
Setting screen parameters
Let's move on to setting parameters that relate to the user's system screen. I won’t go into much theory; I’ll try to explain these parameters very simply in practice.
To begin with, let's see the main screen parameters in Linken Sphere clearly in the screenshot: http://prntscr.com/lz6cwt
Screen.width| device-width – these parameters show the width of the screen in pixels. Of course, in some subtleties these are different parameters, but for the purposes of our article I have combined them, since the values will be the same.
Screen.height| device-height – these parameters show the height of the screen in pixels.
Combined for the same reason.
device-width and device-height can be configured in general settings (Physical screen size).
Screen.width and Screen.height can be configured in the session screen settings (NOT in Extended settings)
Screen.availWidth – this parameter shows the screen width in pixels that the browser can occupy. In the screenshot, the taskbar is located at the bottom, therefore, it is related not to the width, but to the height; browser may take full length. Therefore Screen.availWidth=Screen.width| device-width
Screen.availHeight – this parameter shows the screen height in pixels that the browser can occupy. In the screenshot, in order for the browser to take up its full height, the taskbar “gets in the way,” so this parameter will be calculated as Screen.width MINUS the height of the taskbar.
Let's look at the examples from the first part of the article, when we looked at the taskbar there.
Now in even more detail and with an example. Let's take a Full HD 1920x1080 screen. If the taskbar is by default (at the bottom, with large icons as in the screenshot), then its height will be 40 px. With these values, “Screen.availWidth” will be 1920, and “Screen.availHeight” will be 1040 px (1080-40 = 1040)
If the icons in the taskbar are small, then the height of the taskbar will be 30 px, and the value of “Screen.availHeight” will be 1050 px
If the taskbar is hidden, the “Screen.availHeight” value will be 1080 px.
Exactly the same story will happen if the taskbar is placed not at the bottom, but at the top.
Further, the taskbar can be placed on the right or left and then the “Screen.availWidth” parameter will change. By default it will be 1858 (1920 MINUS 62px taskbar width).
If the icons are small, then with this placement of the taskbar, nothing changes in the width of the panel, and the value will be 1858; if the taskbar is hidden, then the value will be 1920
This is actually why we looked at the taskbar from the screenshot of the screen in the log.
Screen.availTop- shows the first top (vertical) pixel screen coordinate that is not occupied by the taskbar.
Screen.availLeft - Shows the first top (horizontal) pixel screen coordinate that is not occupied by the taskbar.
If the taskbar is located at the bottom or on the right, these parameters will have a value of “0”.
Exception: if there is a second monitor, then the “Screen.availLeft” parameter can be negative or even positive.
If the taskbar is located at the top or left, then these options will have meaning depending on whether the icons are large or small. If the taskbar is hidden, these parameters will have the value “0”.
Otherwise: if the taskbar is on the left by default, then “Screen.availLeft” will have a value of 62px, if the taskbar icons are small, then also 62 px (since the width does not change when placed sideways)
If the taskbar is at the top, then “Screen.availLeft” will have a value of 40 px, if the taskbar icons are small, then the value will be 30 px.
In simple terms, Screen.availTop shows the height of the taskbar if it is placed at the top, Screen.availLeft shows the width of the taskbar if it is placed on the left.
Knowing the placement of the taskbar about the screenshot in the log, we can calculate these parameters.
The above values are relevant for a Full HD screen of 1920 px by 1080 px.
In the topic attachments (at the very bottom) I have attached the simplest, but very convenient checker for calculating the parameters of the screen and browser window. I am not a programmer and am not interested in this, so the checker works correctly and stably only on Chromium browsers (Chrome, Opera). Therefore, this checker should not be used on Firefox. I hope there is someone who knows jQuery and will adapt this simple checker for Firefox.
Bonus link to the table where I indicated the most popular screen resolution values by OS and calculated the parameters for different browser resolutions:
https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM-
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing
Screen.colorDepth and Screen.pixelDepth – these parameters show the quality of color rendering.
The values of these parameters are the same. Possible values are “24” and “32”. For the purposes of our article, we set only “24”. The value “32” is used for devices such as iPhone, iPad, etc.
Screen.orientation – this parameter shows information about the screen orientation. The easiest way to explain this is with a screenshot. https://prnt.sc/lz7j8w
We use only the “landscape-primary” parameter within the PC; other parameters for mobile devices, tablets, etc.
Screen.angle– this parameter shows the screen rotation angle. "landscape-primary" value 0; "portrait-primary" value 90; "landscape-secondary" value 180; “portrait-secondary” value 270
Setting up browser window parameters
First, let’s look at all the main parameters of the browser window in Linken Sphere, clearly in the screenshot for a better understanding (the screenshot was honestly stolen and modified): https://prnt.sc/lz7r9g
We’ll look at the settings from two options:
1) Full screen mode, when we expand the browser to full screen.
2) Windowed mode, when the browser occupies only some part of the screen. The example screenshot shows exactly this option.
Window.outerWidth – This parameter shows the width of your browser window, including the scroll bar, toolbar, etc.
Window.outerHeight – This parameter shows the height of your browser window, including the toolbar, URL bar, browser tabs, loading area, etc.
The screenshot above perfectly demonstrates these parameters and how they differ from others. If our browser is in full screen mode, then we can specify the exact values. If we work in windowed mode, then there can be a huge number of values, the main thing is that the values are “coordinated” with other parameters (innerWidth, client.Width, innerHeight, clientHeight, screenLeft, screenTop, screenX, screenY). The best and easiest option to get the values for windowed mode is to use the script that I attached to the topic.
In full-screen mode, these parameters correspond to the parameters “availWidth” and “availHeight”
Window.innerWidth and body.clientWidth - these parameters show the value of the width of the browser’s working area, in other words, the entire width in pixels to which your sites are loaded, excluding the width of the scrollbar and panel tasks, if it is placed on the right and other elements that narrow this width. I combined these parameters, since within the framework of our article they will coincide.
Window.innerHeight and body.clientHeight - these parameters show the value of the height of the browser’s working area, in other words, the entire height in pixels to which your sites are loaded, excluding the height of the horizontal scroll, the height of the tab area, the height of the URL bar in the browser and other elements that reduce this width. I combined these parameters, since within the framework of our article they will coincide.
These parameters are the most dynamic and unpredictable compared to other parameters. Even in full-screen mode, in addition to outer.Width/Height, a bunch of other windows are affected.
For example, in Google Chrome, the browser appearance settings option (“Show bookmarks bar”) affects whether the downloaded files panel is displayed in the browser (Example: http://prntscr.com/lzd3r5) etc.
In Firefox, the settings in the “Customize” section are affected ( https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?redirectlocale=en-US&redirectslug=Navigation+
Toolbar+items).
Specifically, the Toolbars parameters (Menu, bookmarks, Header), the “Density” parameter.
And so in each browser, different settings affect these values.
In windowed mode, in addition to these parameters, the parameters “screenLeft, screenTop, screenX, screenY, outerWidth/Heght) also influence.
In any mode, the devicePixelRatio parameter is affected, but more about it below. Again, the best and easiest option to get the values is to use a script.
In the table I will give settings options for different screen resolutions in full screen mode with default browser settings.
https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM-
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing
window.dexicePixelRatio – this parameter shows the ratio of the physical to logical pixel size. Simply put, as we look at our browser types, this is a page scale setting. By default it is 100% and the parameter is “1”. If we zoom in or out on the page, this parameter changes. We increased the page scale by 125%,
the parameter changed to “1.25”, reduced the page to 90%, the parameter changed to “0.9”.
Clarifications: changes to this parameter affect the parameters “Window.innerWidth, body.clientWidth, Window.innerHeight, body.clientHeight) both in full-screen mode and
in windowed mode.
To change the parameter naturally, you need to use an increase or decrease step as in a real browser. Example:
Firefox browser scale values:
“50%”, “60%”, “70%”, “80%”, “90%”, “100%”, “110%”, “120%”, “130%” ", "140%", etc. (10% step)
Chrome browser scale values:
“33%”, “50%”, “67%”, “75%”, “80%”, “90%”, “100%”, “125%” ,“150%”, “175%”, “200%”, “250%”,
“250%”, etc. (The step is dynamic).
And so on for each browser.
One more subtlety with the values of this parameter. Let's take the Chrome browser:
100% is the value of the parameter “1”; 110% parameter value is not “1.1”, but “1.100000023841858”; 125% parameter value “1.25”. Those. the meaning may not always be exactly the same; in different browsers it is different.
The last subtlety: the size of the working window does not decrease or increase EXACTLY by the devicePixelRatio value. Those. if we increase the scale by 25%, it does not matter that the height of the browser working area will decrease by EXACTLY 25%. The percentage values will be different.
window.screenLeft and window.screenX – these parameters show in pixels how much the browser window in windowed mode is shifted to the right of the first pixel.
window.screenTop and window.screenY – these parameters show in pixels how far the browser window in windowed mode is shifted down from the first pixel.
In the screenshot I clearly showed these parameters. I combined these parameters because they coincide within the framework of our article. Chrome, Opera, Edge browsers use all these parameters. Mozilla Firefox browsers use only these parameters: ScreenX and ScreenY.
If the browser is in full-screen mode and the control panel is at the bottom or on the right, then these parameters are equal to “0”.
If you are using full screen mode in the browser and the control panel is on the left or top, then the values of these parameters are equal to the width or length of the control panel.
If you are using a windowed browser mode, the parameters will depend on how much they are shifted from the first left pixel of the screen and the top first pixel of the screen. It is best to use a script to calculate these parameters. These parameters do not have a direct relationship with the Outer.Width/Hegiht, innerWidthHeight parameters, i.e. the rule “Screen Width= screenLeft/ screenX+Outer.Width” DOES NOT WORK, since there are no parameters responsible for the right and bottom sides of the screen, and, therefore, the value of “outer.Width” with a value of screenLeft/ screenX 50 px can be the same 600 px, and 500 px, and 900 px - it all depends on how much we “stretch” the browser window in width. This rule also applies to screen height.
window.pageXOffset – this parameter shows how much the page is scrolled to the right (vertically in pixels) using the scroll bar relative to the top left window.
window.pageYOffset – this parameter shows how much the page is scrolled down (horizontally in pixels) using the scroll bar relative to the top left window.
For a better understanding, look at the screenshot.
In full-screen mode, the window.pageYOffset parameter is dynamic, because on almost any large popular site, we scroll the page down, rarely when the site completely fits into the working window, the main google search page does not count. Therefore , it is best to simply NOT replace
this parameter . In full-screen mode, the window.pageXOffset parameter is mostly equal to “0”, since sites are adapted to different screen resolutions, and scrolling to the side is wildly inconvenient. But if we have a windowed browser mode, then it can also be, depending on the site and the size of the browser window. Therefore, there is no point in setting constant values for these parameters. As for me, if we take a substitution, then the only possible meaning is to make it random within the limits of some values. Setting up plugins in the configI talked about plugins in detail in section 1 of the article. In new versions of Chrome, Firefox, Opera, Edge, there are only built-in plugins and 1 plugin that can be installed - Adobe Flash Player. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for the Firefox browser. Adobe Flash Player ** PPAPI – for Opera/Chrome browser.
Now we will look in detail at how to configure plugins and what variations can be made.
Firefox has two built-in plugins by default, “Widevine Content Decryption Module” and “OpenH264 Video Codec provided”, but these plugins are not shown when prompted.
In Firefox, the only plugin you can add is Flash. Subtleties: when installing on a Flash system, the default setting is “Ask to Activate”; with this setting, Flash is shown only when a site is requested; the plugin does not light up in the checkers; if the “Always
Activate” parameter is set, then the physical Flash and the plugin are lit. Therefore, by installing Flash into the system, we can uniquely identify a given fingerprint without anti-detection.
With antidetect we have two options: either we add the Flash plugin or not. If we add, then we have various variations in the form of Flash versions. This gives us the opportunity to create different Flash plugins in different configurations, rather than adding the same one. Below there will be a link to a table for the Firefox browser type of what the Flash setting looks like in the plugin, as well as a list of different versions. Let me remind you that in the field, plugins are configured in “Extended session settings”.
https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
Google Chrome has 4 plugins by default, some of them can be enabled/disabled; the only plugin that can be added is also Flash.
Plugin settings are static by default; they don't change. The Flash plugin has parameters that change depending on the version of the plugin and depending on the bit depth of the system: 32-bit; 64-bit. More details about the default plugins:
Chrome PDF Plugin and Chrome PDF Viewer - these plugins are responsible for PDF documents in Chrome and allow, for example, to open a PDF directly in Chrome online, without downloading the file to your computer.
These plugins are linked; so you either add both plugins to the config or neither. You can turn it on/off in a regular browser in Advanced settings --> Content settings --> PDF documents.
Widevine Content Decryption Module – this plugin is responsible for prohibiting copying of audio and video content by the copyright holder. As of version 57 of Chrome, the plugin cannot be disabled. But at the same time, I have seen more than once in systems and configs that this plugin did not light up, although the Chrome versions were one of the latest.
Native Client – the plugin is responsible for launching some online games and applications. It cannot be disabled, so we add this plugin 100%.
Here is a table for setting up plugins in the area for the Google Chrome browser type and variations
of settings with Flash: https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
In the Opera browser, everything is identical to Chrome, except for some subtleties.
1) The names of the plugins responsible for PDF differ. Instead of "Chrome PDF Plugin" the value is "Chromium PDF Plugin"; Instead of "Chrome PDF Viewer" the value is "Chromium PDF Viewer".
2) There is no Native Client plugin.
3) Plugin “News feed handler”. Responsible for feeds, i.e. for receiving content from the site directly to the browser using the RSS protocol. Activated by default. Therefore, we add this plugin.
Here is a table for setting up plugins in the area for the Opera browser type and variations with Flash: https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?usp=sharing
Setting up the font list
All antidetects on the market allow you to replace the font fingerprint. The configs of most antidetects contain a list of fonts. The sphere allows you to conveniently edit the list of fonts in the config or create from scratch by loading font names from a file.
In the system itself, without antidetect, you can very easily edit the list of fonts. To do this, go to the control panel --> design and personalization --> fonts.
There you can add new fonts after downloading them, or delete existing fonts.
By performing such manipulations, we change our list.
In each system, due to the various programs installed and other factors, the list of fonts and the number of fonts will be different. But there are basic fonts for every version of Windows OS.
List of basic fonts and their styles for Windows 7
https://docs.microsoft.com/en-us/typography/fonts/windows_7_font_list
List of basic fonts and their styles for Windows 8
https://docs.microsoft.com/en-us /typography/fonts/windows_8_font_list
List of basic fonts and their styles for Windows 10
https://docs.microsoft.com/en-us/typography/fonts/windows_10_font_list
You can build on these basic fonts when creating your list. Some clarifications: all font family links are clickable. Inside you can find information about which Windows operating systems and programs use this font family. You do not need to specify all font styles in the list; you can only specify a font family. Check font families on the site; for example the "Wingdings" family actually contains 3 fonts.
Here's a great list for creating your font list. It lists a large number of fonts and which Windows operating systems and programs use them.
https://docs.microsoft.com/en-us/typography/font-list/
Configuring WebRTC and .MediaDevices.enumerateDevices substitution
.MediaDevices.enumerateDevices – this function allows you to get a list of all devices (audio and video devices of the system, USB cameras, microphones, etc.). You can get the deviceID of these devices, the device name and the device type.
The function in Linken Sphere has the following settings: “True” - the function is enabled, but the parameters are not changed. “False” - the function is disabled, “Fake” - the function is enabled; parameters
are changed.
In our browser types we only use the “Fake” parameter.
Let's move on to setting up WebRTC. We use substitution on all types of browsers, which we are going to discuss with you today. Let's look at some subtleties.
1) IPv6 checkbox . Enable this checkbox if there is an ipv6 leak on your system. You can check here: https://browserleaks.com/ip (item “IPv6 Address”)
2) External (Public) IP in WebRTC . Everything is simple here: the external IP matches the IP of your sock or tunnel. But when working with logs, I also came across this unusual approach. Its essence is that the external IP is set to the IP of the user’s system. Yes, at the same time, checkers will show that this is wrong, but this approach does exist.
3) Internal (Local) IP in WebRTC . Here, too, everything seems to be simple: there are local IP ranges that can be used.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
But again, there are subtleties. Let me remind you of this table: https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
So, there is a Default Local IP column. This is the default local IP of the router, which is how you can get into its settings. Therefore, it is better not to set these IPs when setting up the config.
The next trick is to work with logs and local IP. In the first part, we tried to find out the approximate brand of the router, and ideally its model. So in some cases, we can assume an approximate local IP address.
In general, where does this local address in WebRTC come from on your system? Most routers have a DHCH server in their settings. The DHCH server assigns a local IP to each device that connects to the router. Typically, the DHCH parameter settings are something like this, depending on the brand and model of the router: Starting IP, ending IP and the time for which the IP address is issued. Let's take, for example, that the router has the following settings:
Start IP: 192.168.0.2
End IP: 192.168.0.100
Time: 1440 min (24 hours)
We connect our laptop to the router, the DHCH server gives it a local IP: 192.168.0.2 for 24 hours; We connect our mobile phone, the DHCH server gives it a local IP: 192.168.0.3 for 24 hours; we connect our refrigerator with Wi-Fi to the router, the DHCH server gives it a local IP: 192.168.0.4 for 24 hours, etc. Let's say 12 hours have passed, the lights have been turned off, and the router has rebooted; and the refrigerator was the first to connect to our router. Now his DHCH server gives him a local IP: 192.168.0.2 for 24 hours; then the mobile phone connects - the DHCH server gives it a local IP: 192.168.0.3 for 24 hours; then the laptop connected - the DHCH server gives it a local IP: 192.168.0.4 for 24 hours.
Thus, this example shows that local IP is a dynamic parameter and can change within the limits specified in the DHCH server settings in the router.
Knowing the brand of the router and the approximate model, you can look at this IP range and set the approximate local IP in the log. Again, in the example above, the owner has a D-Link router; we have defined the start and end IP. The owner most likely has, in addition to the computer, 2-4 more devices that connect to the router (for example, a telephone and a TV). Therefore, we can easily set the local IP “192.168.0.2” or “192.168.0.3” or “192.168.0.4” or “192.168.0.5”. On the Internet you can find emulators of most popular routers and look at the basic IP range in the settings; in the table I also added start and end IP for some models.
Setting up substitutions in the config.
Although this does not relate to setting up the real config, I will go over some of the features. You can find a lot of different information about all the prints that the sphere replaces, so I won’t describe the same thing 10 times.
Regarding the use of substitutions: I advise you to use all substitutions in any of our browser types, but with some subtleties.
1) Enable Flash - turns on Flash. Every antidetect author does not recommend turning on flash unnecessarily, since this is an additional way to detect you. Regarding the use of Flash, they can advise the following options, no matter whether we are creating a config for working with the log or a config for any type of browser:
A) Add Flash to the config plugins, but leave the physical flash (enable flash) disabled. This creates an interesting situation: according to the plugins, we have it as is, but there is no physical version.
B) Add Flash to the config plugins and enable physical flash (enable flash). I described the disadvantages of this option above.
One more thing, in some antidetects you can configure Flash settings, so if there are such settings and you decide to use Flash, be sure to remember to configure them (parameters such as OC, language, screen resolution, Flash version and others).
2) Canvas substitution. We enable this substitution, but now I will write options when you can try to disable this substitution in our browser types.
There are only two of them: A) When the created config has the same browser type as the antidetect, i.e. Linken Sphere is written on Chromium, therefore, if you are creating a Chrome configuration, it is possible to disable substitution as an option. The second option is a little worse: this is when the browser is made in the Chromium shell. In our case, this is the browser type: Opera.
3) Substitution of AudioFingerprint . We will of course include the substitution. But audio also has parameters (http://prntscr.com/lyqeto). Some of them can be changed in the system, so below is some food for thought: as an option, in addition to the fingerprint, you can also replace them. For example, the first parameter on the screen (ac-sampleRate) is very easy to change: to do this, you need to change the Default Format (https://prnt.sc/lyqgop) in the default settings of your playback device .
Tips, tricks, lifehacks using the Linken Sphere antidetect and when working with logs.
1. Installing Linken Sphere: Virtual Machine or Base?
Should I install it on a Virtual Machine or on the Main Machine? Also a very popular question. Again, you can find the best option for yourself.
Linken Sphere on the Main Machine
Pros:
1) Ease of use
2) Does not require large RAM resources, puts less load on the computer compared to using a virtual machine, for example on Win 10 x64, especially if the page file is disabled for security and the PC is not very powerful.
3) If suddenly there is some kind of detection or virtual machine detection in the world that no one knows about yet, then this will undoubtedly be a plus compared to using an anti-detect on a virtual machine.
I’ll explain in more detail what I meant: Almost any antidetect in the world, if it does not change any parameter, then it is most likely taken from your system, or is simply disabled.
4) Security. I don’t presume to say 100%, but from a security point of view, in the anonymity chain, perhaps this option is worse than using Linken Sphere on a Virtual Machine or Server.
Linken Sphere on a Virtual Machine
Here it’s the other way around, and the minuses become a plus, and the pluses become minuses.
Option 3: some use Linken Sphere on a dedicated server, which is also, in its own way, an interesting option that has some advantages from the two options above.
2. What type of configs is best to use for driving. “Good” options for using configs for different types of OS.
Actually, taking into account the fact that this Antidetect is written on the source code of the Chromuim engine, it is ideal to use configurations with the Chrome browser and browsers based on the Chromium platform.
If Linken Sphere is installed on your Windows OS, then the “good” configuration options are:
1) Win XP, 7.8, 10 + Chrome
2) Win XP, 7.8, 10 + Opera
3) MAC OS + Chrome
4) Win 10 + Edge (Microsoft recently announced a replacement of the engine with Chromium)
Mobile options:
1) Android + Chrome
2) Windows Phone + IE (Internet Explorer)
3) Iphone, iPad + Chrome
If Linken Sphere is installed on your OS MAC X, then “ good" config options:
1) MAC OS + Chrome
2) MAC OS + Safari
3) Win + Chrome
Mobile options:
1) Iphone, Ipad + Chrome
2) Iphone, Ipad + Safari
Of course, you can use any configs on any OS, but these are preferable due to the fact that the OC and/or platforms are the same.
3 Life hack: Using “Non-standard” configs when entering
As a good and unusual alternative to the variations that I wrote above, there can be the use of “non-standard” configs. In my understanding, non-standard configs are those systems that are not common in general and that are rarely used for driving in. For Sphere and some other ADs, another criterion may be that these configs cannot be found in config shops. I will give examples of such configs: Xbox One, PlayStation 4, Blackberry, PlayBook, Kindle, etc. It is, of course, difficult to imagine holders using Playstation 4 or PlayBook, but nevertheless, these options take place in some topics and as one of the factors “non-standard” driving.
How to get these configs for the sphere? There is only one option - to do it yourself. After reading the entire manual, you will more or less understand how to make configs. The only problem is where to get all the data (UserAgent, WebGL, WebRTC, Window.Screen, Window.Navigator, etc.) for these devices? Everything is very simple here) Either look at the actual device for all the necessary checkers, or take it from the configs of another antidetect.
4. Using the “Web Emulator” tool
Web Emulator is a tool in Linken Sphere that allows you to automatically visit a list of sites, imitating human behavior. This tool is useful because it automates the process of obtaining cookies, thereby reducing our time spent on routine work, i.e. you enter a list of sites, turn on the emulator, and voila, we already have a browser of cookies for various sites.
In practice, this tool is very useful, because... Shop anti-fraud systems may well collect and analyze your cookies. Thus, using this tool correctly, we will be more like an ordinary user.
According to the settings of this tool (Screenshot: https://prnt.sc/jkvy3p)
Check the boxes for Disable popups and Enable alert after complete. MaxVisited Page is the maximum number of pages on each site that will be open. Here everyone decides for themselves how much to bet, I would recommend from 3-4 to 12-30. Max time on page, min – I would recommend setting it from 30 seconds to 2 minutes.
Start delay – this item is responsible for the delay (in minutes) before turning on the emulator itself. It's up to your discretion.
Each site must be specified on a new line and with http://.
About the list of sites. I would recommend that everyone make their own list of sites to crawl depending on the country you are typing in (in my case it is the USA). In my list, I would collect about 30-40 such sites, so that it would be possible to alternate between different sites, and not go around the same ones every time.
There you can select the TOP 500 sites in various countries, find out the average depth of page views, the average duration of users’ stay on the site over the past 3 months.
5. Detect Social Media Login
http://www.tomanthony.co.uk/tools/detect-social-network-logins/
Here is a regular public example demonstrating that sites can easily see whether you are logged in to popular social services. Therefore, in order to be more like a real user’s PC, you need to create accounts in popular networks and log in to them immediately before your work (or buy ready-made accounts). The most popular services: Facebook, Twitter, Gmail, Youtube, Google+, Instagram, Pinterest, Battle Net, Xbox, PSN, Tumblr, etc.
This rule also applies to logs. We look at the accounts to see what popular social services our user has, log in to them (if we don’t automatically log in using our cookies) and only then go to the sites we need.
Now let's move on to working with logs.
By all parameters, all logs can be divided by degree of importance (in descending order of importance):
1. A log that has a set of standard services complete with BA and crypto exchanges.
2. A log that has a set of standard services such as Paypal, Amazon, various shops
3. A log that has a couple of services/uninteresting small shops; The cookies in this log don't make us particularly happy.
4. Useless log
For beginners, first of all, the advice would be not to disdain logs of categories 2 and 3, treat them with the same seriousness as logs of the first category in order to gain experience, improve your skills, technically learn how to correctly use the log and the selected tool for processing it.
On forums, processed logs of different categories are often distributed; This option is also a good option for starting to work with logs.
You can determine the degree of importance by the Logins/Passwords of the log, auto-fills, and sometimes even by the screensaver on your desktop you can distinguish the log of a nerd student from a good log.
With experience, depending on your skills and financial situation, you will be able to determine for yourself which log to work with painstakingly, which not so much, and which one should be thrown away altogether and not waste your time.
Processing logs in Linken Sphere is very convenient because, using different tabs, you can process several logs at the same time, which also saves time.
Log processing can be complex, or processing for one specific request.
It often happens that beginners process logs for just 1 request, for example on Paypal, and if they fail to process them, they get upset and throw away the log. This is a bad approach to work, since you will not get normal profit and knowledge with it; if you have a lot of time and little experience, practice the log to the fullest, get better at it.
Let's move on to interesting tips and life hacks when working with logs.
1. Determine your “attack vector.” Simply put, you need to understand where the holder has money, what means of payment he uses most often. You can view popular means of payment for holder in Amazon, Paypal, Ebay, etc.). Once you have determined where the money is, you need to try to find out how much money the holder has, if possible. To do this, you need to go to online banking, look at Statesman, etc.
2. Operator services such as AT&T, Verizon and others may have the function of blocking a SIM card, losing the phone and other useful things that can complicate the restoration of the holder’s access, or even complete loss.
3. Always put messages from unwanted services and shops from which messages may come in the holder's mailbox in spam filters. Redirect the necessary messages through
filters to your email.
4. Check all cloud storages (Google drive, icloud, onedrive, dropbox, etc.) There is a high probability of finding Photo ID, Drive License, Credit Cards, Wallet Seed, 2FA and other useful information there.
5. Live the life of a holder. Having collected all the information on the holder, read his Facebook and other social networks. network, look where he’s going tomorrow, when he’s not at home, when he’s in the gym, when he’s eating, who he’s fucking with, this will help create a psychological portrait for psychological impact, as well as give you the opportunity to choose the best time of attack.
For example, you can urgently call the holder to work, send a wreath with threats (Having said that this is from the mafia, the insurance company will return everything, don’t rock the boat until we clean you out). It is important to understand the essence of these thoughts, and your imagination in the options for using useful information can be limitless.
6. Leave behind backdoors. Set your security questions to emails, connect your 2FA, phones, backup emails. Then, with a high probability, the holder will not be able to quickly and painlessly return his account, and even if he returns, he may not notice your backdoor, which you can use again.
7. Passwords. Many holders use the same passwords, so even if the required service is not in the log, you can find it yourself by brute force.
8. Activity. Based on letters in the mail, you can determine the most popular and most recent services used by the holder. From them, choose the ones you need that you know how to practice. These services will be more fraud-friendly, since the holder often uses them, and, therefore, they have more recent cookies compared to other services.
Contact the author: Jabber: [email protected]
Last edited by a moderator:
