View
441
Download
2
Category
Preview:
Citation preview
Anonymous Scan
Topics to be Covered• Why to be Anonymous – Scans and Browsing• What is TOR• Socks Proxy , DNS Leaks• Using TOR – Browser Level , Terminal (config)• Proxy chains ( config)• Using Nmap, nikto, burp with Tor
Why to be Anonymous
• Privacy reasons – Citizens • Business need to keep Trade Secrets, Network
security • Govt – for its security• Military, Law enforcement orgs needs
anonymity to get their job done • Anonymity isn't cryptography, steganography
Operating Systems and Applications leak your info
Info. Getting leaked via
• Browser Plug-in, Cookies, Extensions, • Shockwave/Flash, Java, QuickTime and even
TOR “The onion router”
• online anonymity software and network• open source, freely available• active research environment
Estimated 3,00,000 daily Tor users
Works on Relay Principle
Each node knows only the previous hop and the next hop. No node in the path can discover the full path
• TOR uses Onion Routing • Onion Routing technique for anonymous
communication over a network. • Messages are encapsulated in layers of
encryption.
Socks Proxy
• It’s a Protocol / Socks – Socket Secure• A SOCKS server is a general
purpose proxy server that establishes a TCP connection to another server on behalf of a client
TOR Browser Level
• Download TOR• Run
Steps to Install1. Install TORsudo apt-get install tor2. Install proxychainssudo apt-get install proxychains3. Open /etc/proxychains.conf & add
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
Start and Test TOR
1. sudo service tor start (llly, stop and restart)2. sudo tor status (to check the status)3. sudo proxychains firefox www.ipchicken.com
DNS Leaks
• traffic leaks outside of the secure connection to the network
• Under certain conditions, • OS will continue to use its default DNS servers
instead of the anonymous DNS servers • Results in DNS Leaks
Nmap, nikto
• sudo proxychains nmap -sT –PN < IP address>• sudo nikto proxychains <host>• For all command line scans…..
Scan on abc.com
IP belongs china’s ISP
Burp suite
• Install TOR• Go to <OPTIONS> • Set SOCKS as 127.0.0.1 9050• NOTE : – Proxy settings in foxy proxy and burp suite will
same as 127.0.0.1 8080
Recommended