MoneyimChasing
Member
- Messages
- 19
- Reaction score
- 5
- Points
- 3
I need to know that to prevente anti fraud system
How to Make a vm look like a real machine
- Thread starter MoneyimChasing
- Start date
Teacher
Professional
- Messages
- 2,670
- Reaction score
- 815
- Points
- 113
How to cheat antifraud via VM
Imagine a Michael from the United States who wants to pay for an iPhone. He goes to the shop, sees the payment via PayPal, opens the account and pays.Michael doesn't lie down with his self-esteem, doesn't go shopping for tea and other tripe, he goes in and pays.Michael does not need to gain the trust of the PayPal, read entire branches on such forums before buying something for himself. So how do we appear to be Michael and not Boris in the eyes of anti-fraud.
1. Ports
Imagine that you are an antifraud. Sit and watch the orders and here you want to buy a person who has opened 80,443,3389,22 ports.Just by looking at these ports, it's already clear what this person is up to.After all, Michael would not pay with RDPs, tunnels, socks, proxies.
Solution: we use the RDP on which we configure the firewall or on the tunnel we raise the firewall
2. Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, VPNs,and sox based on the ping and time difference received in the loop
Solution: before the tunnel,vpn,or sox, add TOR.
Belonging to a hosting provider – well, I think it's clear here, we don't use tunnels, sockets,vpn hosting providers, consider if the ip belongs to the hoster, then it's in black
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now.Just keep in mind that they need to be checked and fixed
From myself: do not use the DNS from Google, as your actions are logged.
4. Flash
Of course, we include it, because we have nothing to fear and we can pay for goods from our account.In general, turn on flash – do not arouse suspicion
With flash, you need to be extremely careful, downloading flashplayer on your computer(using an anti-detection or RDP) is the same as deliberately launching a Trojan into the system.Don't forget about your OS language and timezone.
I recommend checking for leaks via flash on browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here, no whoers and other sites that cause pale yellow.
We walk around google and facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio Fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same.I haven't tested it on dedik yet, so check it on dedik and unsubscribe
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization.Let's say that you go to the site of a software company and they take an audio fingerprint from you.Then, after a successful case, you turn off the virtual machine and go to youtube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint.Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e logged in to the PP under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e logged in to youtube under the ip 192.168.1.100(The ip from which you logged out to youtube)”
2) PayPal or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and Os fingerprint
Uptime is the time that your vpn,sox,or tunnel is online.
Agree it's strange that Michael's computer has been running without a reboot for half a year.
Solution: go to the console of the tunnel and write reboot
OS fingerprint-in simple language, each OS has different packages.That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration.
Imagine a Michael from the United States who wants to pay for an iPhone. He goes to the shop, sees the payment via PayPal, opens the account and pays.Michael doesn't lie down with his self-esteem, doesn't go shopping for tea and other tripe, he goes in and pays.Michael does not need to gain the trust of the PayPal, read entire branches on such forums before buying something for himself. So how do we appear to be Michael and not Boris in the eyes of anti-fraud.
1. Ports
Imagine that you are an antifraud. Sit and watch the orders and here you want to buy a person who has opened 80,443,3389,22 ports.Just by looking at these ports, it's already clear what this person is up to.After all, Michael would not pay with RDPs, tunnels, socks, proxies.
Solution: we use the RDP on which we configure the firewall or on the tunnel we raise the firewall
2. Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, VPNs,and sox based on the ping and time difference received in the loop
Solution: before the tunnel,vpn,or sox, add TOR.
Belonging to a hosting provider – well, I think it's clear here, we don't use tunnels, sockets,vpn hosting providers, consider if the ip belongs to the hoster, then it's in black
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now.Just keep in mind that they need to be checked and fixed
From myself: do not use the DNS from Google, as your actions are logged.
4. Flash
Of course, we include it, because we have nothing to fear and we can pay for goods from our account.In general, turn on flash – do not arouse suspicion
With flash, you need to be extremely careful, downloading flashplayer on your computer(using an anti-detection or RDP) is the same as deliberately launching a Trojan into the system.Don't forget about your OS language and timezone.
I recommend checking for leaks via flash on browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here, no whoers and other sites that cause pale yellow.
We walk around google and facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio Fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same.I haven't tested it on dedik yet, so check it on dedik and unsubscribe
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization.Let's say that you go to the site of a software company and they take an audio fingerprint from you.Then, after a successful case, you turn off the virtual machine and go to youtube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint.Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e logged in to the PP under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e logged in to youtube under the ip 192.168.1.100(The ip from which you logged out to youtube)”
2) PayPal or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and Os fingerprint
Uptime is the time that your vpn,sox,or tunnel is online.
Agree it's strange that Michael's computer has been running without a reboot for half a year.
Solution: go to the console of the tunnel and write reboot
OS fingerprint-in simple language, each OS has different packages.That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration.
Similar threads
