Anti-fraud protection and methods of bypassing it in 2021
So, this post is for all those who have not yet grasped all the secrets of the Madrid court, semi-private and private google - after all, everything new is well forgotten old. You agree with me? Let's go then? !
As you know, Antifraud does not sleep in shops, and if the first payment, for example, is successful for you and the staff is sent to you, then the second and third orders will most likely be canceled in most cases. The alternative in this case is the search for a new shop that is not yet familiar with our contingent and has just come to online trading, and which I will also tell you about today? Today, there are quite a few such options, but they exist and are worth looking for.
So sit back and stock up on Coke, we're starting. The first parameter, which is important, is called WebRTC. Yes, yes, I am aware that you already know about this, including the method of bypassing it, but the most interesting thing is ahead - be patient and give the newcomers a way, and honor to us, dear old people.
And so, to begin with, let's find the info, what kind of parameter it is and what functions it performs - let's turn to Wikipedia. WebRTC (English real-time communications) is an open source project designed to organize the transfer of streaming data between browsers or other applications that support it using point-to-point technology. Its inclusion in the W3C guidelines is supported by Google Chrome (and other browsers based on it), Mozilla, and Opera. In terms of anti-fraud, the WebRTC standard allows third-party users to determine the IP address of a network user at a time, bypassing the software barriers of VPN, TOR, SOCKS and other network defenders. To resolve this issue, we have two options. The first is to disable WebRTC.
Some information on how to do this:
Enter
about:config in the address bar.
Find the media.peerconnection.enabled parameter. To avoid manual searching, you can use search simply by entering this parameter. Set it to false.
But if it is disabled, then this is 100% fraud points from the shop and with a probability of 99.9% your order will be canceled, so you just need to replace it. How to do it:
We put the firewall with the subsequent configuration.
Click on “Advanced settings”.
Next, click on “Windows Firewall Properties”.
Then, in all three tabs, point to “Outbound connections: Block”.
Next, go to Outbound Rules and click on New Rule.
We choose “Program”.
We indicate the application that should go online (Bitvise, proxyfier).
However, do not forget that the main application can use auxiliary ones to connect to tunnels or socks (usually putty or plink in the folder with the main application) - they will also need to be added to the exceptions.
We indicate “Allow the connection”.
Next, set the name of the network and close the setting.
We are trying to connect to the Internet - in our case using “Bitvise” and tunnels.
If everything was done correctly, then WebRTC will show us only the intranet IP without the external one.
It should look something like this.
Now our webrtc has a local address - this is quite enough to prevent this detection from being detected. Ideally, the following manipulations should also be done:
We go to the equipment manager and select “Add legacy hardware” in the “Action” menu, after clicking on the “Network adapters” section.
We choose manual installation. We select “Network adapters”.
Choose “Microsoft” and choose “Microsoft Loopback Adapter”.
After installation, go to the settings of this adapter. And we indicate in its properties the IP, which showed us the Whoer.
In my case, it is 64.53.67.252. Then we save and run the command line.
On the command line, write the following:
Code:
route add (tunnel / sock address) mask 255.255.255.255 (default gateway) metric 1.
To find out the Default gateway, enter “ipconfig” into the command line. If the line is empty, look for the gateway address in the virtual machine's network settings.
In my case, I enter into the command line:
Code:
route add 64.53.67.252 mask 255.255.255.255 192.168.111.2 metric 1.
If everything is ok, then the command line will answer =)
If you receive an error with the text “The requested operation requires elevation”, then run the command line as administrator.
Next, I would like to talk about another important parameter:
WebGL is the context of the HTML canvas element that provides a 3D graphics API without the need for plugins. The 1.0 specification was released on March 3, 2011. The library project is run by the non-profit Khronos Group.
In order to change this parameter, open the firefox browser, write about: config and look for this line: webgl.enable-priviliged-extrensions, after which we change this value from false to true by double-clicking the mouse.
After that, you need to replace one more parameter.
We register in the search:
webgl.vendor-string-override, click on it and enter, for example, NVIDIA GTX 1080 or any other name of the video card, after which this parameter is changed.
Now let's look at the substitution of various canvases, including the unique fingerprint of the audio codec and browser:
Actually, the to the software itself, it is called virtual audio cable.
We install this software on a virtual machine, after installation, we will be able to edit the settings associated with our audio device.
Now we need to set the default value for the new device.
To tune your audio codec more subtly, open the virtual audio cable program itself and change all the values.
Next, we will consider the substitution of the browser fingerprint itself, it is called Browser Fingerprint. To change this parameter, we just need to download a certain plugin for the fox - it is called http-useragent-cleaner. Add to the browser, set and change this value in the browser settings. You can read how to work with this plugin in Google, there is enough information there.
So, these are the main values that can be changed and which I know about, but definitely not all detectors that exist. With such settings, it is very difficult to break through the fraud of a top US shop - for example, Valmart or Microsoft. For when the antifraud is running in full mode, it is advisable to install a clean virtual machine before configuring the browser. It can be 7 or 10 wines, of course, English. To quickly change machines, a hard disk size of at least 250 gigabytes is required - before installing the system on the virtual machine, it is necessary to download the necessary software (plinker, BitVise, proxyfier, etc.), then configure everything for yourself and make a clean snapshot of the system.
Now I would like to tell you about an interesting office with which we are actively working at this time. The bottom line is receiving and sending transfers to bank accounts:
https://us.etrade.com
Let's take a closer look at this office - what it checks for and what it is eaten with. But first, let's go back and I'll give you an interesting review, and maybe give someone food for thought.
Follow the link, click Open Account, start filling out the forms, which, unfortunately, are more than enough here.
I recommend taking under this case a fulk, punched on a credit history - since antifraud at the office, as regrettable as it may sound, is more than present. In addition, it is much more convenient, because you do not need to invent anything and take information from the sky, so that the accounts do not get lost, and the work was not in vain.
We fill in the standard full info.
Further, SSN + DOB introduce the same cherished fulka, which you can take in freebies on our site, as well as other questions: ”marital status”, “annual income”.
At this stage, you need to have Google transliteration with you, or impressive English skills. We pass to the next stage - "Cigarettes, Interrogations, Answers to questions)":
As a result, the entered information can be edited, and it will look like this:
Code:
Review your application
This information will be used to create your account.
Your personal information
Name
Dr. KEITH MERRITT
Business phone
813-749-0270
Email address
[EMAIL][email protected][/EMAIL]
Primary residential address
8531 TIDAL BAY
ZIP code
33635
City
TAMPA
State
Florida
Country
United States
My mailing address is different from my residential address
No
Primary account holder identity verification
Date of birth
05/12/1969
Social Security number or ITIN
XXX-XX-9897
Marital status
Married
Number of dependents
1
Occupation
Administrative
Employer name
John
Employer address
924 w palmer
ZIP code
90220
City
COMPTON
State
California
Country
United States
Annual income (combined if joint account)
$ 0- $ 14,999
Liquid net worth
$ 0- $ 14,999
Total net worth
$ 0- $ 24,999
I am (or an immediate family member who resides in the same household is) employed by or a member of a registered broker-dealer, securities or futures exchange, futures commission merchant, retail foreign exchange dealer, or securities or futures industry regulatory body (e.g., FINRA, NFA)
No
I am a director or policymaker of a publicly owned company.
No
I am a 10% shareholder of a publicly owned company.
No
I have been notified by the IRS that I am subject to backup withholding.
No
Primary account holder investment profile
Investment experience
Good
Investment objective
Income
Assets to fund account
Income From Earnings
Primary account use
Long term investment- occasional transfer for expenses
Options investment experience
Limited
Prior options trading experience
Covered writing, Spreads
Stock
1 Years, 0-9
Options
1 Years, 0-9
Futures
1 Years, 0-9
Bonds
1 Years, 0-9
Account setup
Uninvested cash program
Cash Balance Program
Add margin trading
No
Add futures trading
No
I would like to grant trading authority over this account to another individual
No
Free E*TRADE debit card
No
Free E*TRADE checkbook
No
We press the continum, and accept the conditions with the form, setting a login with a password on the next page:
Hurray, Registration was successful, and we were given our namber account, to which we can transfer money from any bank, after which, transfer, respectively, wherever you decide.
Further, for example, we can go through verification in a stick) - this solution is excellent, including in order to make a corresponding deposit to a swinging account. In general, Friends, you got food for thought - ACT!
Now I want to talk to you about the pitfalls.
Well, on the screen you see exactly their results.
Unfortunately, as I said above, some kind of antifraud is present, and by going into the old account from a regular virtual machine and a browser, you have a chance to see that the account is locked. Such locks became active after a couple of accounts were created on the same virtual machine with a mozilla, and they were successfully uploaded, but not fully worked out, as we would like.
But our profession is to solve questions and find answers to them, and I want to tell you that I found this solution in the Antidetect Browser from
https://ls.tenebris.cc/ . After drinking many cups of coffee and constant daily thoughts, I unsubscribed the glanders of this project
https://ls.tenebris.cc, and asked for a 3-day test, the results of which exceeded all expectations - not a single stuck ack, including the fact of using ordinary clean tunnels! The result was obvious - this product solved my problems, and now I don’t bother looking for answers, I purchased a license with access to the config shop and I just work, having fun. All in all, I sincerely recommend it!
In the next article, I plan to tell you how to determine what the shop checks for in terms of the detections that were written above. I think that today we got a good overview of the substitutions of popular detectors of giant offices. I have personally tried many solutions, including some RDP ones, with which it is also not always possible to break through, especially from server rooms. After studying and reading a lot of manuals and googling the topic, I came to the conclusion that the main problem is not only in their dirtyness, but also in the fact that they are pinged to ports and webgl, thereby being detected. I think vnc is also one of the best solutions in this regard, but to get something like that we have 3 solutions: our own botnet, brute port 4899. it is difficult to find a seller and prices bite (from $ 15 without life expectancy guarantees). Moreover, the problem is to find a car for the state,
