indeed it is fun, unfortunately not very neat :) IMHO... although I quite like the idea, don't get me wrong. What would be nice is to implement the same but with Flash. Flash is for sure enabled on most browsers.
Also, it might be possible to unhide a tor user by starting an application which will make a http request to your server regardless where your browser proxy setting are pointing to. For example sending back Content-type: <some mime> Content-type: application/pdf should start pdf reader on most browsers. PDF documents are usually dynamic, so you can embed some object into the pdf document that will point back to your webserver, which as a result may unhide the current tor user. This might work on platforms where the environment is not that much integrated (Linux/Unix). On windows, however, setting the right proxy in internet explorer should make most applications aware of it. :) On 6/27/06, H D Moore <[EMAIL PROTECTED]> wrote:
A fun browser toy that depends on Java for complete results: - http://metasploit.com/research/misc/decloak/ -HD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/