Questions and Answers: OPSEC and Anonymity 🛡️

[Professor]

Questions:

• How to set up Octo Browser / Dolphin Anty correctly?
• How to hide real IP when carding?
• How to avoid detection via Canvas/WebGL/WebRTC?
• How to create a low risk burner account?
• How to use Tor + proxy together?
• How to protect yourself from fingerprint systems?
• How to bypass Cloudflare / DataDome?
• What tools do professionals use for camouflage?
• How to remove traces of activity after work?
• How to scale operations without locks?

All answers below are provided for educational purposes, from a cybersecurity and data protection perspective. We do not support or condone the use of this knowledge for illegal or fraudulent purposes. Below you will find a technical analysis of methods of masking, bypassing security systems and managing digital fingerprints - all of which can be used to train information security specialists, analyze threats and test your own systems for resistance to attacks.

1. How to set up Octo Browser / Dolphin Anty correctly?​

What is this:​

• Octo Browser and Dolphin Anty are browsers designed specifically for working with multiple accounts.
• They allow you to completely change your browser fingerprint so that each profile looks unique.

How to set up:​

Steps:​

1. Create a new profile
   • Set a unique name, select OS, browser (Chrome/Firefox), version.
2. Change User-Agent
   • Use a randomized UA or simulate a real user from the desired country.
3. Canvas/WebGL setup
   • Disable or use "canvas spoofing" to prevent detection.
4. WebRTC Change
   • Hide real IP, use random local IP.
5. Proxy setting
   • Bind a proxy to each profile (Residential/SOCKS5/HTTP).
6. Geolocation
   • Set the geography to match the proxy and language.
7. Clear Cache/Cookies
   • After each session, clear data or use new profiles.

Objective: To study the work of browsers with a modified fingerprint, to test the protection of sites from multi-accounting.

2. How to hide real IP when carding?​

Methods:​

a) Residential proxies​

• Simulate real home IPs through ISP networks.
• High degree of anonymity.
• Example: BrightData, Oxylabs, SmartProxy.

b) Mobile proxies​

• Works via mobile networks (LTE/5G).
• Difficult to block.

c) SOCKS5 proxy​

• Suitable for automation.
• More vulnerable to blocking.

d) VPN + proxy​

• Double protection: external IP → VPN → proxy.

e) Tor (only in a controlled environment)​

• Explained below.

Protection:​

• Check for DNS/WebRTC leaks.
• Using anti-detect browsers.
• Testing via whatismyipaddress.com

Objective: Research of methods of masking network activity, analysis of data leaks, development of systems for detecting abnormal activity.

3. How to avoid detection via Canvas/WebGL/WebRTC?​

These technologies are used for browser fingerprinting.

Canvas​

• Used for rendering graphics, but may be unique for each device.
• How to get around:
  • Disabling Canvas API.
  • Using plugins/scripts to spoof results.

WebGL​

• Outputs 3D graphics and also provides a unique signature.
• How to get around:
  • Disabling WebGL in about:config (Firefox) or via extensions.
  • Using browsers with WebGL modification capabilities.

WebRTC​

• Can reveal real IP even when using proxy.
• How to get around:
  • Disabling WebRTC via extensions (eg uBlock Origin).
  • Using browsers with full control over WebRTC.

Objective: Study of browser fingerprinting methods, development of counteraction systems, creation of solutions for protecting user privacy.

4. How to create a low risk burner account?​

A burner (disposable) account must look like a real user.

Stages:​

1. Email
   • Use temporary emails (eg TempMail) or Gmail/Yahoo with a clean IP.
2. Registration details
   • Name, date of birth, address - must match Fullz (if used).
3. IP/Geolocation
   • Matches the region of email and other data.
4. Behavioral activity
   • Likes, views, adding products - all this is done slowly, like for a regular user.
5. Telephone
   • Use virtual numbers (Google Voice, TextNow).
6. Browser
   • Use an anti-detect browser with a unique fingerprint.

Objective: Analysis of behavioral factors in verification systems, development of risk assessment models, training in creating legitimate accounts.

5. How to use Tor + proxy together?​

Tor is an anonymous network, but it can be combined with a proxy for additional protection.

Possible configurations:​

a) Tor → Proxy​

• Not recommended: Tor already changes IP, double layer complicates traffic.

b) Proxy → Tor​

• Less commonly used, but sometimes used to access a specific region before entering Tor.

c) Tor + proxy in different containers​

• For example: Tor in one VM, proxy in another. This requires complex configuration.

Recommendations:​

• Use Tor only in controlled conditions.
• Residential proxies are better suited for carding.
• Tor is easily detected by most websites.

Objective: Research of anonymization routes, analysis of Tor vulnerabilities, study of ways to bypass blocking systems.

6. How to protect yourself from fingerprint systems?​

Fingerprint systems collect hundreds of browser and device parameters for identification.

Protective measures:​

• Using anti-detect browsers (Octo, Dolphin, Multilogin).
• Disabling JavaScript (limited, as it breaks functionality).
• Using plugins:
  • CanvasBlocker
  • Random Agent Spoofer
  • Cookie AutoDelete
• Changing request headers.
• Using headless browsers disguised as a real browser.

Objective: Study of fingerprinting mechanisms, development of countermeasure technologies, testing of detection systems.

7. How to bypass Cloudflare / DataDome?​

These are two of the most popular WAF (Web Application Firewall) systems that block suspicious traffic.

Cloudflare:​

• Uses JavaScript challenge, reCAPTCHA, rate-limiting.
• Bypass:
  • Headless Chrome with proper headers.
  • Using a reputable proxy.
  • Disable automatic JS rendering.
  • Using Selenium with Cloaking.

DataDome:​

• More complex: analyzes behavior, mouse movements, clicks, speed.
• Bypass:
  • Using real browsers.
  • Disguise as a human using the Puppeteer-extra engine.
  • Using anti-bot services.

Objective: Analysis of modern WAF systems, testing their vulnerabilities, development of bypass and reverse engineering solutions.

8. What tools do professionals use for camouflage?​

Professional tools:​

Category	Tools
Antidetect browsers	Octo Browser, Dolphin Anty, Multilogin, Incogniton, Kameleo
Proxy	BrightData, Oxylabs, StormProxies, Luminati, Mobile Proxies
Automation	Puppeteer, Playwright, Selenium, Scrapy, Crawlee
Phishing tools	HiddenEye, Social-Engineer Toolkit (SET), GoPhish (for training)
Traffic analysis	Wireshark, Burp Suite, Charles Proxy
Account Management	Account Manager, Bitwarden (for storage)

Objective: Study of attackers' tools, development of anti-malware policies, training of specialists.

9. How to remove traces of activity after work?​

After using your account, it is important to:​

1. Delete cookies/session
2. Clear cache and history
3. Close all connections
4. Do not save logins
5. Use one profile per task
6. Use new IP/proxy for next action
7. Do not link accounts together
8. Use VPS/VM with clean state

Objective: To analyze methods of leaving traces, to develop procedures for safe termination of sessions.

10. How to scale operations without locks?​

Key Strategies:​

1. Automation with speed limits
   • Don't do too many things quickly.
2. Proxy/IP rotation
   • Use proxy pools.
3. Rotate browser profiles
   • Each account has its own profile.
4. Randomization of behavior
   • Different time between actions, random delays.
5. Monitoring blocking
   • Use alert systems.
6. Using different platforms
   • Don't focus on one site.
7. Using multiple accounts
   • Load distribution.

Objective: To study the principles of scalability in high-risk environments, to develop automation and monitoring systems.

Conclusion:​

These techniques are at the intersection of fraud, security and behavioral analysis. Studying them allows you to:

• Develop more resilient security systems.
• Create behavioral analytics models.
• Test existing solutions for vulnerabilities.
• Train cybersecurity professionals.