Looks like the "Practical Onion Hacking" paper covered many features I was working on, as well as touching on the warez/movie/music leeches and the child pornography traffic. I should have released this back in August when I presented on it the first time :-)
The big differences are: 1) They use iptables to modify and reinject traffic, I use an embedded Ruby interpreter in the Tor software. 2) They perform DNS tracking, but don't actually record or cross-reference the data. 3) They use Flash instead of Java to obtain the real external address of the user. Similarities include: 1) Web-bug injection via HTML response 2) DNS tracking via wildcard domain 3) Use of JS/Java bridge to get the internal address Seems like two big items I need to add to decloak are Flash and the shiny no-proxy Java connection mode (which seems to apply to TCP sockets only). -HD On Thursday 08 March 2007 19:02, James Muir wrote: > You should read the Fort Consult White paper "Practical Onion Hacking" > as some of things you mention (SMB, CIFS) are mentioned there, I think. > VB and ActiveX are probably worth exploring.