Saturday, December 20, 2008

Metasploit's Decloak v2 is back

You can use the Metasploit Decloak Engine to determine the real IP address of a user in new and interesting ways. One of the neat things about Decloak is that it gets through a user's proxy settings to hand you the true IP.

It works through most proxies, excluding Tor+Torbutton+Privoxy, but only if you have the Tor combo set up correctly.

The first version came out around 2006 and worked fine until there were some changes made to Flash and other coding, which led to an update being needed.

The site details how v2 adds functionality for iTunes, QuickTime, and Microsoft Office techniques, in addition to enhancements for Flash and Java. It also no longer uses Javascript.

Play around with v2 and let me know what you think. It's really difficult for a user to hide from you if you have this little engine on your side.

No comments:

Post a Comment

Please tell me what you think.