fraudstar007
Member
ALWAYS use a SOCKS proxy. There three types of socks proxies.
socks4 = Only IP Addresses
socks4a = Can do DNS hostnames like www.donkeydicked.com and IP addresses
socks5 = Can do all that and authenticate
A SOCKS proxy is the bare minimum you need to do fraud. And that doesn't prevent you from being caught, it does help stop fraud alerts assuming the proxy's IP is close to the victim's normal home IP.
Use a technique like combining a VPN from nicevps.net, to do Tor-over-VPN. So if the Feds unmask your Tor proxy, it leaves behind the VPN's IP address and not your house.
Even better, Tor-over-VPN-over-Shadowsocks if you live in a hellhole country like China, or North Korea that blocks VPN connections. How it works is that you use Shadowsocks to bust through the Great Firewall of China to connect to a VPN server outside of China, and then you initiate a Tor tunnel within the Shadowsocks-VPN tunnel, creating a triple-tunnel. The VPN conceals the usage of Tor. If you don't tell anybody what you're really doing, you'll be fine. You must custom configure all of your servers to use UDP or you'll get horrible performance. I recommend for the VPN build WireGuard which can be configured for UDP.
1. Start Shadowsocks client
2. Start VPN client like WireGuard
3. Start Tor
In that specific order ONLY.
socks4 = Only IP Addresses
socks4a = Can do DNS hostnames like www.donkeydicked.com and IP addresses
socks5 = Can do all that and authenticate
A SOCKS proxy is the bare minimum you need to do fraud. And that doesn't prevent you from being caught, it does help stop fraud alerts assuming the proxy's IP is close to the victim's normal home IP.
Use a technique like combining a VPN from nicevps.net, to do Tor-over-VPN. So if the Feds unmask your Tor proxy, it leaves behind the VPN's IP address and not your house.
Even better, Tor-over-VPN-over-Shadowsocks if you live in a hellhole country like China, or North Korea that blocks VPN connections. How it works is that you use Shadowsocks to bust through the Great Firewall of China to connect to a VPN server outside of China, and then you initiate a Tor tunnel within the Shadowsocks-VPN tunnel, creating a triple-tunnel. The VPN conceals the usage of Tor. If you don't tell anybody what you're really doing, you'll be fine. You must custom configure all of your servers to use UDP or you'll get horrible performance. I recommend for the VPN build WireGuard which can be configured for UDP.
1. Start Shadowsocks client
2. Start VPN client like WireGuard
3. Start Tor
In that specific order ONLY.
Last edited:
I read somewhere that Use Tor Only for .onion sites?
how true this statement is?
I am using VPN + 911 re software for proxy + Firefox.
How safe i am? do i need to add anything extra like MAC address Changer or RDP?
Or just VPN + Socks 5 will work?
Madmanlucifer
Lucifer
U will need Mac changer cc cleaner bluecust bit
And don't forget about the webrtc
Always disable WebRTC settings in your browser. Even if you’ve set up a VPN and a SOCKS proxy and you didn’t disable WebRTC.Then you haven’t hidden your identity at all. Because WebRTC technology leaks the “real you”
You can install the “Disable WebRTC” extension.
In any CC shop, the CC checker is installed and functions, that is, the automatic software for the card's validity.
It makes no sense to buy a card without the name of the appropriate ip address corresponding to the address of the cardholder.
That is, before buying, you can examine the presence of a proxy (socks5) in any service for the sale of proxies and see which cities the proxy is offered by the socks provider.
That is, the action algorithm looks like this:
1. We study the assortment of CC cards in the shop and look at the address to these cards, but do not buy
2. We study the assortment of proxy (socks5) of the corresponding address in the proxy service but do not buy socks5
If the required address is found, then proceed to the next steps, namely:
3. We buy a card in the CC shop and check its validity in an automatic checker
4. We buy a proxy (socks5) and check its crystal purity for presence in spam and black databases. If the proxy is invalid or dirty, replace the proxy with another one under the same address.
5. Install the proxy in the antidetect browser and get to work.
As an alternative to a proxy, we can consider working through the RDP, SSH tunnel or VPN provider under the appropriate address.
It makes no sense to buy a card without the name of the appropriate ip address corresponding to the address of the cardholder.
That is, before buying, you can examine the presence of a proxy (socks5) in any service for the sale of proxies and see which cities the proxy is offered by the socks provider.
That is, the action algorithm looks like this:
1. We study the assortment of CC cards in the shop and look at the address to these cards, but do not buy
2. We study the assortment of proxy (socks5) of the corresponding address in the proxy service but do not buy socks5
If the required address is found, then proceed to the next steps, namely:
3. We buy a card in the CC shop and check its validity in an automatic checker
4. We buy a proxy (socks5) and check its crystal purity for presence in spam and black databases. If the proxy is invalid or dirty, replace the proxy with another one under the same address.
5. Install the proxy in the antidetect browser and get to work.
As an alternative to a proxy, we can consider working through the RDP, SSH tunnel or VPN provider under the appropriate address.
Thank you,i use only Firefox & i disabled it's WebRTC(by searching about: config).
Is it okay as i disabled it without using any extension.
And i have one more question,i just installed TMAC to change my Mac Address.
What network Connection i need to change in TMAC?
Ethernet and WiFi?
I had some more network Connection like Ethernet 2 and Nordlynx.
I tried to change MAC address of Ethernet 2 but it didn't change.
I successfully changed MAC address of Ethernet & WiFi.
But Ethernet's speed was 0bps.
I did everything thing right or missed any step?
I would like to hear it
fraudstar007
Member
I actually got out of Federal prison and in the law library in prison I read the InFraud case. One of the defendants used CCleaner and Homeland Security Investigations managed to locate artifacts of the code that was "deleted" to continue charging him for federal crimes.
If you have a SSD, I recommend creating a LUKS encrypted hard disk. If the feds raid you, you can configure a second LUKS key that when entered (if the Secret Service holds a gun at you to unlock your SSD on your laptop), to NUKE all of the LUKS keys on the drive, making the disk undecryptable. That is better than using `dd` to overwrite it, which only works against spinning traditional hard disks.
But yes, WebRTC should always be disabled. Avoid all pages in the dark web that asks you to enable WebRTC and JavaScript, that is how the FBI busted PlayPen. I also read that in the law library.
fraudstar007
Member
The thing about MAC addresses, is that it can be changed and STILL work in networking because it's like changing the mailing address for your street. Through ARP or NDP, a IPv4 or IPv6 address is "bound" to whatever current MAC address your network interface card has changed into.Thank you,i use only Firefox & i disabled it's WebRTC(by searching about: config).
Is it okay as i disabled it without using any extension.
And i have one more question,i just installed TMAC to change my Mac Address.
What network Connection i need to change in TMAC?
Ethernet and WiFi?
I had some more network Connection like Ethernet 2 and Nordlynx.
I tried to change MAC address of Ethernet 2 but it didn't change.
I successfully changed MAC address of Ethernet & WiFi.
But Ethernet's speed was 0bps.
I did everything thing right or missed any step?
I would like to hear it
Changing MAC addresses is more important when wireless hacking, where you do not want victimized routers to log your real MAC, by which the Feds can tie you to ownership of your network card on your device like a phone or laptop.
Can you imagine de-soldering the NIC on your laptop or tossing it out the window? lmao!
fraudstar007
Member
Yes, not to mention you can use a tool like a SSHuttle to make a "Ghetto VPN" with the command
`sudo sshuttle -r root@VPS:443 0.0.0.0/0 -vv`
I changed it to port 443 because I have SSHD listening in on Port 443 in my /etc/ssh/sshd_config settings. That lets me bust-through egress filters at Dunkin Donuts Wi-Fi or the Public Library that normally prevent outbound destination port 22 connections lol.
This is my custom VPS configuration...
Markdown (GitHub flavored):
Include /etc/ssh/sshd_config.d/*.conf
Port 22
Port 443
PermitRootLogin yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-serverwow this was so informative,thanks for sharing your knowledge.
Not gonna lie,but i didn't get anything from second comment?
Sorry,but i need to learn alot about carding & networking.
In future,i will comeback to read your second message to understand it?
Do you have any tip or advice for a beginner carder like me which I can easily implement?
fraudstar007
Member
CISSP All-In-One 8th Edition Study Guide
This book is the most informative guide I ever read to get me in the basics of IT and Cybersecurity. All the crappy scriptkiddie videos taught by "Certified Ethical Hackers" on Cybrary.it has gotten me nowhere. Neither do those dumb teens on YouTube who just installed Kali Linux have taught me anything.
For specifically penetration testing tips and tricks I suggest going to IppSec's video channel for walkthroughs on all of the hackthebox.eu boxes.
Take HackTheBox Academy for steps in modern penetration testing like Active Directory Attacks, SMB/FTP misconfigurations, SQL injection, Web Application Attacks, Buffer Overflows etc.
If you can steal a good $1,200 from CVV creds or so, sign up for the Offensive Security Certified Professional - Penetration Testing with Kali Linux course to get you started at penetration testing. You'll need those tactics to understand how the Feds can backdoor your phone with a Stingray cell site simulator, perform downgrade attacks to remove your 4G/5G encryption, etc.
Shouldn't be too hard to get one grand. I cleaned this fucker's AMEX card of about $1,400 to $1,600 signing up for my Offensive Security Exploit Developer Course. Binary hacking is my thing. But I tested it by signing up to a few porn sites to check if the card isn't burnt. It was fresh, late July it said the dump came in.
I would give you my class from three different online learning platforms. But that would involve revealing my identity to possible Feds stalking this forum. I teach methods of stack based buffer overflows, stack pivoting with multi-stage shellcode, egghunters, and ROP-chaining.
And those classes paid for my commissary and food in Federal prison. $1,800 worth of food.
Do not get caught with Federal crimes WHILE taking or HAVING EARNED a Offensive Security Certification. They will learn of it, and perma-ban you from any additional classes and strip away your certs. I personally got indicted BEFORE I passed my OSCP so I slipped away. And OffSec allowed me to take the OSED without earning a OSCP.
This book is the most informative guide I ever read to get me in the basics of IT and Cybersecurity. All the crappy scriptkiddie videos taught by "Certified Ethical Hackers" on Cybrary.it has gotten me nowhere. Neither do those dumb teens on YouTube who just installed Kali Linux have taught me anything.
For specifically penetration testing tips and tricks I suggest going to IppSec's video channel for walkthroughs on all of the hackthebox.eu boxes.
Take HackTheBox Academy for steps in modern penetration testing like Active Directory Attacks, SMB/FTP misconfigurations, SQL injection, Web Application Attacks, Buffer Overflows etc.
If you can steal a good $1,200 from CVV creds or so, sign up for the Offensive Security Certified Professional - Penetration Testing with Kali Linux course to get you started at penetration testing. You'll need those tactics to understand how the Feds can backdoor your phone with a Stingray cell site simulator, perform downgrade attacks to remove your 4G/5G encryption, etc.
Shouldn't be too hard to get one grand. I cleaned this fucker's AMEX card of about $1,400 to $1,600 signing up for my Offensive Security Exploit Developer Course. Binary hacking is my thing. But I tested it by signing up to a few porn sites to check if the card isn't burnt. It was fresh, late July it said the dump came in.
I would give you my class from three different online learning platforms. But that would involve revealing my identity to possible Feds stalking this forum. I teach methods of stack based buffer overflows, stack pivoting with multi-stage shellcode, egghunters, and ROP-chaining.
And those classes paid for my commissary and food in Federal prison. $1,800 worth of food.
Do not get caught with Federal crimes WHILE taking or HAVING EARNED a Offensive Security Certification. They will learn of it, and perma-ban you from any additional classes and strip away your certs. I personally got indicted BEFORE I passed my OSCP so I slipped away. And OffSec allowed me to take the OSED without earning a OSCP.
Thank you for sharing,i will look it up for sure.
By the way,you were in prison??
What mistake you did that you get caught?
Last edited:
fraudstar007
Member
I can't tell you on my Federal crimes on this public forum. Feds are probably watching this place. We can use Jabber/XMPP. Or something else if you like.
yeah sure, what's your Jabber?
Similar threads
