To work with the log, we first need to find out address from log, as soon as we find out this information, we select the socks / tunnel, when we have everything in our hands, we open the sphere, we log in, this window opens up for us: (there should be no black, the first two panels should look like the others.) Each panel replaces one snapshot, i.e. we use one socket for one log. It is very convenient to work with several logs at once, give each session a name and navigate through them. But we need to set up a tunnel for our log, we choose: setup new session, we get into the session settings window, one of the key points, here we will set up a tunnel, configure everything for the holder. the value for the user agent can be taken here. github.com/tamimibrahim17/List-of-user-agents
developers.whatismybrowser.com/useragents/explore/
values for CSN public-dns.info
for more in-depth examination, read the documentation on the field
ls.tenebris.cc/documentation/introduction
so. We customize our system to work.
We choose ssh tunel or socks5 depending on what we are working through.
We register dns. We check the proxy, we check the dns.
We set the screen resolution as in kx, in the config manager we generate everything under kx, in the extenden settings **** and we select win64
In the column where usa states are now we select the state so that the time fits under the holder
It should look something like this. Next, we save, we should open the vhuer and show 100% there may be problems due to a bad user agent, dns.
Now we need to import cookies from the browser cookie folder. Take the file that we need and click import. Here we go into the browser supposedly on behalf of the owner. Open Google, see if the mail is logged. By mail, google withdraw order, a PayPal, a bank, like a holder, and we behave in the same way, we warm up the shops we visited, we make new tabs by clicking the middle mouse button on the link, or we point to our tab and with the right mouse button we make a clone empty tab. We try to go to everything through Google. do not login with a direct link.
There will be a link to configure the antidetect itself based on data from the log.
Here you can advertise your store with logs (on mutual advertising terms).
Working with logs. Log processing (collection of information for Antidetect)
Getting basic information from the log about the system
In the log, the most basic information about the system is contained in the file System .txt, or Information .log. In the screenshot, I have highlighted the parameters that we need to configure the system. 1. Windows This parameter contains information about the Windows version and the bitness of the system (32-bit or 64-bit, 64-bit is much more common). Most often you will come across logs of Windows 7, Windows 10, less often - Windows 8, 8.1, XP. We will need this parameter to configure " navigator.UserAgent " and some derivatives. 2. Displey Resolution
This parameter contains information about the
user's screen resolution . Needed to configure all settings related to
screen resolution and browser window size and projection settings.
3. Display Language, Keyboard Languages
These parameters contain information about the system language / languages.
Needed to configure the parameters “navigator. Language "," navigator. Languages ”and HTTP_ACCEPT_LANGUAGE.
4. CPU Count
This parameter contains information about the number of processor threads.
Needed to configure the parameter "navigator.hardwareConcurrency"
5. RAM
This parameter contains information about the amount of RAM.
Required for setting "navigator.deviceMemory"
6. Videocard
This parameter contains information about the video card of the system.
Required for configuring WebGL.
Please note that the system can contain two video cards: one discrete and the other integrated.
This is usually used on laptops. And which of them runs for the browser is 100% unknown.
Firstly, the user can manually set what kind of video card will be used,
and secondly, for example, it can be like this: if the laptop is charging, a discrete video card is used, if from a battery, then an integrated one.
Therefore, in laptops, you should not rely on this parameter 100%.
7. [Network]
We take almost all parameters, except Geo (Latitude and Longitude) ;
This information will be useful to you for a more competent selection of Socks / SSH tunnel.
There is no ZIP in my log, but it is not difficult to break through it.
To do this, you just need to punch the IP address through the MaxMind database.
Either find the user's home address in the browser autocomplete, or by mail or in a shop.
It is advisable to select the IP not only as close as possible to the ZIP address, but also, if possible, with the same IP mask and the same Internet provider.
Our next step will be to determine the type of browser and browsers to create the configuration.
It happens that PC owners use multiple browsers, not just one.
Therefore, if necessary, it is better to create two sessions in the sphere, i.e. two configurations, rather than loading cookies into one.
To do this, look at the sites we need with logins and passwords in the "passwords.txt" file, the "Soft" parameter. And also files in the "Cookies" folder for the presence of the necessary sites (files in this folder are divided into browsers; it is possible that the Cookies files can be stored in a shared folder. It all depends on which stealer the log is from) In my case, there is only one in the log Google Chrome browser, so I only tag myself 1 browser. Moving on to more interesting information that does not lie on the surface. Determine if there is FLASH in the system and its version, determine the browser version (if possible)
To do this, go to the System.txt or Information.log file and
look for "Adobe Flash Player" in the [Software] section of the installed programs . If found, then we mark that Flash is, write down its
version. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for
Firefox browser. Adobe Flash Player ** PPAPI - for Opera / Chrome browser. Next, on the same screenshot, we see the version of Google Chrome, if not, then we try to find it in the file at the request “Google Chrome”. We also mark the version for ourselves. We will need the type of browser and its version to configure the parameter "navigator.UserAgent " and, in exceptional cases, to disable the substitution of Canvas.
We are looking for the Mozilla Firefox browser by the request "Firefox", we should find something like this "Mozilla Firefox 64.0 (x64 en-US) [64.0]".
The name of the Firefox browser contains the bitness of the program (32 or 64 bit), which is also useful in setting "navigator.UserAgent".
We are looking for the Opera browser for the query " Opera ", we should find something like this " Opera Stable 57.0.3098.106 [57.0.3098.106] ".
For various reasons, it is not always possible to determine the version of the browser, one of which is that the browser can be Portable, i.e. not installed on the system. IE browser will not be visible, because it's already natively in Windows, with Edge in Win 10 the same hat.
We need Flash and its version in order to add it to plugins and, if necessary, enable its physical version in the antidetect.
Determine the user's desktop or laptop.
You can determine this using various options.
1. According to the screenshot of the screen in the log.
On the screenshot of the screen, we are looking for what is typical for a laptop on the taskbar in the lower right corner, or on the desktop for what is typical for a laptop (software icons for a laptop, etc.).
On the taskbar, you can find Battery icon, Wi-Fi connection icon. Now I will show this with examples. 2. According to information about the processor in the system. To do this, go to the file
System.txt, or Information.log and look at the "Processors" parameter. Copy the value and google information about the processor. Well, another option is to look in the processes or installed programs in the System .txt file, or Information .log for processes / programs that belong to the laptop. For example, these are processes in which the keyword "Bluetooth" appears , programs specific to a particular laptop manufacturer (ASUS, DELL, MSI, ACER, etc.). Examples of processes: "Intel (R) Wireless Bluetooth (R)", "Dell Touchpad".
It is necessary to know several options, because sometimes the screenshot may not be there, or the screenshot is obtained in a certain area without the taskbar, sometimes the taskbar is hidden.
The taskbar is
determined by the position of the taskbar on the screen, the size of the icons and whether the taskbar is hidden (if possible)
The first question that comes to mind: "Why the heck do you need it?"
The answer is: this is necessary in order to set the screen size; the size of the browser window and the size of the working area of the browser in full-screen mode of the browser (parameters "window.innerWidth", "window.innerHeight", "window.outerHeight", "window.outerWidth" ).
Of course, not every log will have such an opportunity to look at and understand 100% of everything.
Sometimes there may not be a screenshot, there may be a screenshot of an incomplete area of the screen.
Now I will show you how to correctly evaluate these parameters. These examples are made on OS Windows 7. If you wish, you yourself can then look and play with these settings on any OS Windows. 1) Position of the taskbar. Happens: horizontal and vertical. For most users, the default position is horizontal. 2) The size of the taskbar icons .
There are two sizes of icons: large and small. By default, the size of the icons is large. Most users have large icons.
On Windows 7, there is a peculiarity: if the icons are small, then the icon of the "start" button protrudes beyond the taskbar area. Sometimes it is not always possible to understand the size of the icons even from the screenshot, I advise you to also pay attention to the Display Resolution in the log; One thing is a screenshot of the screen size "1024 x 768", another thing is "2560 x 1440"
3) Hidden taskbar.
By default, the taskbar is not hidden for most users.
A hidden taskbar doesn't mean it's not there at all. It just does not appear on the screen, but appears when you hover the mouse cursor.
If you have a full screenshot of the screen in your log and there is no taskbar there, then it is just hidden.
4) If in the screenshot the owner of the PC has the type of browser you need open.This
is also marked, it will be useful in setting up. Screenshots with an open browser are quite common.
User's network: we define an approximate router and its model (if possible)
Sometimes, from the log, you can determine the brand of the user's router or its approximate model.
This may be necessary for more precise configuration of WebRTC, or rather Local IP Address.
To do this, you need to look in the log in the file with logins / passwords or in the file where the browser history is stored, the popular masks of the IP addresses of routers.
Here is a link to the table of brands of the most popular routers and default local ip addresses:
https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
The most popular search masks in the log: "192.168 10.0. "," 10.1. "," 10.90. ".
I highlighted the most popular brands in light blue in the table.
If there will still be a login and a password, you can try here to look at the brands of the standard login / password bundles by brands:
https://192-168-1-1ip.mobi/default-router-passwords-list/
For example, we can assume that a PC user has a D-Link router. But this is not 100%, since several more routers have the same bundle. The browser history file can sometimes show us much more accurate information.
In the browser history, we see the Local IP Address and plus the page title, which gives us a huge plus in defining the router.
If you google " B593s-931 ", then you can determine that this is the name of the router " HUAWEI B593s-931 ".
In addition to the Local IP Address WebRTC, the information will be useful if someone changes the MAC address, since the "beginning" of the MAC address is different for each manufacturer.
Browser plugins: identify popular plugins that are installed in the browser.
Plugins in any program - these are add-ons that allow you to expand its capabilities. Most of the popular browsers have the ability to install plugins that extend its capabilities. For example, it can be a Flash plugin from Adobe, the ability to read PDF pages in a browser; in Chrome, this plugin is already included by default; the ability to run any Audio / Video codecs.
With each new release of updates, the number of new features and variations of the supported content increases, so plugins are gradually losing their relevance.
As a result, in the browsers Chrome, Firefox, Opera, Edge, there are only built-in plugins and one added: Adobe Flash Player. Therefore, the search for plugins is more relevant for the Internet Explorer browser, or for older versions of Firefox (up to version 52), Chrome, Opera.
Most popular plugins: Flash, Java, Microsoft Office, Adobe PDF Reader, Windows Media Player, Real Video / Audio.
At the beginning of the article, we already determined whether Flash is on the system. So Flash Player is also a plugin in the browser.
Therefore, if there is Flash, then in some types of browser it will be in plugins.
We mark ourselves, if available.
We will also search for other plugins in the System .txt file, or Information .log in the [ Software ] section of the installed programs .
The QuickTime plugin is found by the query "QuickTime", the approximate name of the plugin is:
"QuickTime 7 [7.79.80.95]"
The Silverlight plugin is found by the query "Microsoft Silverlight", The approximate name of the plug-in:
"Microsoft Silverlight [5.1.50907.0]"
The Java plug-in is found by the query "Java", the approximate name of the plug-in is:
"Java 8 Update 191 [8.0.1910.12]"
The RealPlayer plug-in is found by the query "RealPlayer", the approximate name plugin:
«the RealPlayer [. 18.1.15]»
plug-in Adobe Acrobat (to read PDF files), we find at the request
«as Adobe Acrobat Reader DC»
will end up - something like « as Adobe Acrobat Reader DC [19.010.20064.] »
There are many other different plugins, this was just an example of popular plugins.
The list can be continued for a very long time.
This completes the collection of information from the log. As a result, we have collected the following information:
Windows: Windows 10 Home [x64]
Display Resolution: 1920x1080
Display Language: en-US
Keyboard Languages: English (United States)
CPU Count: 4
RAM: 8139 MB
VideoCard: NVIDIA GeForce GTX 970
[ Network ]
IP: 38.104.174.234
Country: United States (US)
City: Pleasant View (California)
ZIP: 93260
ISP: Cogent Communications (Txox Communications)
-
Browser: Google Chrome ver. 68.0.3440.106
Flash: available, ver. 30.0.0.154
-
the PC: Notebook (Laptop)
-
[ Panel tasks ]
Position: Horizontal
icons Size: Large
hide the taskbar: No
Is there a browser screenshot : YES
-
Router: ~ the TP-Link TL-WR741N or the TL- WR841N
---
[Browser Plugins]
Adobe Flash Player
RealPlayer
Adobe Acrobat
Of course this example has too much information. In practice, it may be
less.
https://lolz.guru/threads/1307170/work with logs in the sphere.
there will be a link to the antidetect setting.
here you can advertise your store with logs (on mutual advertising terms)
developers.whatismybrowser.com/useragents/explore/
values for CSN public-dns.info
for more in-depth examination, read the documentation on the field
ls.tenebris.cc/documentation/introduction
so. We customize our system to work.
We choose ssh tunel or socks5 depending on what we are working through.
We register dns. We check the proxy, we check the dns.
We set the screen resolution as in kx, in the config manager we generate everything under kx, in the extenden settings **** and we select win64
In the column where usa states are now we select the state so that the time fits under the holder
It should look something like this. Next, we save, we should open the vhuer and show 100% there may be problems due to a bad user agent, dns.
Now we need to import cookies from the browser cookie folder. Take the file that we need and click import. Here we go into the browser supposedly on behalf of the owner. Open Google, see if the mail is logged. By mail, google withdraw order, a PayPal, a bank, like a holder, and we behave in the same way, we warm up the shops we visited, we make new tabs by clicking the middle mouse button on the link, or we point to our tab and with the right mouse button we make a clone empty tab. We try to go to everything through Google. do not login with a direct link.
There will be a link to configure the antidetect itself based on data from the log.
Here you can advertise your store with logs (on mutual advertising terms).
Working with logs. Log processing (collection of information for Antidetect)
Getting basic information from the log about the system
In the log, the most basic information about the system is contained in the file System .txt, or Information .log. In the screenshot, I have highlighted the parameters that we need to configure the system. 1. Windows This parameter contains information about the Windows version and the bitness of the system (32-bit or 64-bit, 64-bit is much more common). Most often you will come across logs of Windows 7, Windows 10, less often - Windows 8, 8.1, XP. We will need this parameter to configure " navigator.UserAgent " and some derivatives. 2. Displey Resolution
This parameter contains information about the
user's screen resolution . Needed to configure all settings related to
screen resolution and browser window size and projection settings.
3. Display Language, Keyboard Languages
These parameters contain information about the system language / languages.
Needed to configure the parameters “navigator. Language "," navigator. Languages ”and HTTP_ACCEPT_LANGUAGE.
4. CPU Count
This parameter contains information about the number of processor threads.
Needed to configure the parameter "navigator.hardwareConcurrency"
5. RAM
This parameter contains information about the amount of RAM.
Required for setting "navigator.deviceMemory"
6. Videocard
This parameter contains information about the video card of the system.
Required for configuring WebGL.
Please note that the system can contain two video cards: one discrete and the other integrated.
This is usually used on laptops. And which of them runs for the browser is 100% unknown.
Firstly, the user can manually set what kind of video card will be used,
and secondly, for example, it can be like this: if the laptop is charging, a discrete video card is used, if from a battery, then an integrated one.
Therefore, in laptops, you should not rely on this parameter 100%.
7. [Network]
We take almost all parameters, except Geo (Latitude and Longitude) ;
This information will be useful to you for a more competent selection of Socks / SSH tunnel.
There is no ZIP in my log, but it is not difficult to break through it.
To do this, you just need to punch the IP address through the MaxMind database.
Either find the user's home address in the browser autocomplete, or by mail or in a shop.
It is advisable to select the IP not only as close as possible to the ZIP address, but also, if possible, with the same IP mask and the same Internet provider.
Our next step will be to determine the type of browser and browsers to create the configuration.
It happens that PC owners use multiple browsers, not just one.
Therefore, if necessary, it is better to create two sessions in the sphere, i.e. two configurations, rather than loading cookies into one.
To do this, look at the sites we need with logins and passwords in the "passwords.txt" file, the "Soft" parameter. And also files in the "Cookies" folder for the presence of the necessary sites (files in this folder are divided into browsers; it is possible that the Cookies files can be stored in a shared folder. It all depends on which stealer the log is from) In my case, there is only one in the log Google Chrome browser, so I only tag myself 1 browser. Moving on to more interesting information that does not lie on the surface. Determine if there is FLASH in the system and its version, determine the browser version (if possible)
To do this, go to the System.txt or Information.log file and
look for "Adobe Flash Player" in the [Software] section of the installed programs . If found, then we mark that Flash is, write down its
version. There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for
Firefox browser. Adobe Flash Player ** PPAPI - for Opera / Chrome browser. Next, on the same screenshot, we see the version of Google Chrome, if not, then we try to find it in the file at the request “Google Chrome”. We also mark the version for ourselves. We will need the type of browser and its version to configure the parameter "navigator.UserAgent " and, in exceptional cases, to disable the substitution of Canvas.
We are looking for the Mozilla Firefox browser by the request "Firefox", we should find something like this "Mozilla Firefox 64.0 (x64 en-US) [64.0]".
The name of the Firefox browser contains the bitness of the program (32 or 64 bit), which is also useful in setting "navigator.UserAgent".
We are looking for the Opera browser for the query " Opera ", we should find something like this " Opera Stable 57.0.3098.106 [57.0.3098.106] ".
For various reasons, it is not always possible to determine the version of the browser, one of which is that the browser can be Portable, i.e. not installed on the system. IE browser will not be visible, because it's already natively in Windows, with Edge in Win 10 the same hat.
We need Flash and its version in order to add it to plugins and, if necessary, enable its physical version in the antidetect.
Determine the user's desktop or laptop.
You can determine this using various options.
1. According to the screenshot of the screen in the log.
On the screenshot of the screen, we are looking for what is typical for a laptop on the taskbar in the lower right corner, or on the desktop for what is typical for a laptop (software icons for a laptop, etc.).
On the taskbar, you can find Battery icon, Wi-Fi connection icon. Now I will show this with examples. 2. According to information about the processor in the system. To do this, go to the file
System.txt, or Information.log and look at the "Processors" parameter. Copy the value and google information about the processor. Well, another option is to look in the processes or installed programs in the System .txt file, or Information .log for processes / programs that belong to the laptop. For example, these are processes in which the keyword "Bluetooth" appears , programs specific to a particular laptop manufacturer (ASUS, DELL, MSI, ACER, etc.). Examples of processes: "Intel (R) Wireless Bluetooth (R)", "Dell Touchpad".
It is necessary to know several options, because sometimes the screenshot may not be there, or the screenshot is obtained in a certain area without the taskbar, sometimes the taskbar is hidden.
The taskbar is
determined by the position of the taskbar on the screen, the size of the icons and whether the taskbar is hidden (if possible)
The first question that comes to mind: "Why the heck do you need it?"
The answer is: this is necessary in order to set the screen size; the size of the browser window and the size of the working area of the browser in full-screen mode of the browser (parameters "window.innerWidth", "window.innerHeight", "window.outerHeight", "window.outerWidth" ).
Of course, not every log will have such an opportunity to look at and understand 100% of everything.
Sometimes there may not be a screenshot, there may be a screenshot of an incomplete area of the screen.
Now I will show you how to correctly evaluate these parameters. These examples are made on OS Windows 7. If you wish, you yourself can then look and play with these settings on any OS Windows. 1) Position of the taskbar. Happens: horizontal and vertical. For most users, the default position is horizontal. 2) The size of the taskbar icons .
There are two sizes of icons: large and small. By default, the size of the icons is large. Most users have large icons.
On Windows 7, there is a peculiarity: if the icons are small, then the icon of the "start" button protrudes beyond the taskbar area. Sometimes it is not always possible to understand the size of the icons even from the screenshot, I advise you to also pay attention to the Display Resolution in the log; One thing is a screenshot of the screen size "1024 x 768", another thing is "2560 x 1440"
3) Hidden taskbar.
By default, the taskbar is not hidden for most users.
A hidden taskbar doesn't mean it's not there at all. It just does not appear on the screen, but appears when you hover the mouse cursor.
If you have a full screenshot of the screen in your log and there is no taskbar there, then it is just hidden.
4) If in the screenshot the owner of the PC has the type of browser you need open.This
is also marked, it will be useful in setting up. Screenshots with an open browser are quite common.
User's network: we define an approximate router and its model (if possible)
Sometimes, from the log, you can determine the brand of the user's router or its approximate model.
This may be necessary for more precise configuration of WebRTC, or rather Local IP Address.
To do this, you need to look in the log in the file with logins / passwords or in the file where the browser history is stored, the popular masks of the IP addresses of routers.
Here is a link to the table of brands of the most popular routers and default local ip addresses:
https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
The most popular search masks in the log: "192.168 10.0. "," 10.1. "," 10.90. ".
I highlighted the most popular brands in light blue in the table.
If there will still be a login and a password, you can try here to look at the brands of the standard login / password bundles by brands:
https://192-168-1-1ip.mobi/default-router-passwords-list/
For example, we can assume that a PC user has a D-Link router. But this is not 100%, since several more routers have the same bundle. The browser history file can sometimes show us much more accurate information.
In the browser history, we see the Local IP Address and plus the page title, which gives us a huge plus in defining the router.
If you google " B593s-931 ", then you can determine that this is the name of the router " HUAWEI B593s-931 ".
In addition to the Local IP Address WebRTC, the information will be useful if someone changes the MAC address, since the "beginning" of the MAC address is different for each manufacturer.
Browser plugins: identify popular plugins that are installed in the browser.
Plugins in any program - these are add-ons that allow you to expand its capabilities. Most of the popular browsers have the ability to install plugins that extend its capabilities. For example, it can be a Flash plugin from Adobe, the ability to read PDF pages in a browser; in Chrome, this plugin is already included by default; the ability to run any Audio / Video codecs.
With each new release of updates, the number of new features and variations of the supported content increases, so plugins are gradually losing their relevance.
As a result, in the browsers Chrome, Firefox, Opera, Edge, there are only built-in plugins and one added: Adobe Flash Player. Therefore, the search for plugins is more relevant for the Internet Explorer browser, or for older versions of Firefox (up to version 52), Chrome, Opera.
Most popular plugins: Flash, Java, Microsoft Office, Adobe PDF Reader, Windows Media Player, Real Video / Audio.
At the beginning of the article, we already determined whether Flash is on the system. So Flash Player is also a plugin in the browser.
Therefore, if there is Flash, then in some types of browser it will be in plugins.
We mark ourselves, if available.
We will also search for other plugins in the System .txt file, or Information .log in the [ Software ] section of the installed programs .
The QuickTime plugin is found by the query "QuickTime", the approximate name of the plugin is:
"QuickTime 7 [7.79.80.95]"
The Silverlight plugin is found by the query "Microsoft Silverlight", The approximate name of the plug-in:
"Microsoft Silverlight [5.1.50907.0]"
The Java plug-in is found by the query "Java", the approximate name of the plug-in is:
"Java 8 Update 191 [8.0.1910.12]"
The RealPlayer plug-in is found by the query "RealPlayer", the approximate name plugin:
«the RealPlayer [. 18.1.15]»
plug-in Adobe Acrobat (to read PDF files), we find at the request
«as Adobe Acrobat Reader DC»
will end up - something like « as Adobe Acrobat Reader DC [19.010.20064.] »
There are many other different plugins, this was just an example of popular plugins.
The list can be continued for a very long time.
This completes the collection of information from the log. As a result, we have collected the following information:
Windows: Windows 10 Home [x64]
Display Resolution: 1920x1080
Display Language: en-US
Keyboard Languages: English (United States)
CPU Count: 4
RAM: 8139 MB
VideoCard: NVIDIA GeForce GTX 970
[ Network ]
IP: 38.104.174.234
Country: United States (US)
City: Pleasant View (California)
ZIP: 93260
ISP: Cogent Communications (Txox Communications)
-
Browser: Google Chrome ver. 68.0.3440.106
Flash: available, ver. 30.0.0.154
-
the PC: Notebook (Laptop)
-
[ Panel tasks ]
Position: Horizontal
icons Size: Large
hide the taskbar: No
Is there a browser screenshot : YES
-
Router: ~ the TP-Link TL-WR741N or the TL- WR841N
---
[Browser Plugins]
Adobe Flash Player
RealPlayer
Adobe Acrobat
Of course this example has too much information. In practice, it may be
less.
https://lolz.guru/threads/1307170/work with logs in the sphere.
there will be a link to the antidetect setting.
here you can advertise your store with logs (on mutual advertising terms)
