Remove/Replace Generic Header Signature Filter
|
Dec. 17, 2011, 07:05 PM
Post: #1
|
|||
|
|||
Remove/Replace Generic Header Signature Filter
hi.
is there a way to remove or replace your browser Generic header signature with some type of filter? after testing browser leaks at http://ip-check.info/?lang=en i found out the generic signature of the browser remains the same even if you have changed your user agent. which is pretty useless since you cant really mask your browser entirely. in other words if im using FF but i cloack the user agent as Safari this hash value will return FF and not safari ......is there a way to block / replace this hash value with proxo ? for example matching it to an "individual" user agent hash value of your choosing instead? |
|||
Dec. 18, 2011, 11:46 PM
(This post was last modified: Dec. 18, 2011 11:50 PM by JJoe.)
Post: #2
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
I think that "signature" is created by the site's server from the info that your browser sent, so you cannot remove it.
I don't think the Proxomitron can reorder headers, so you cannot use it to imitate all the user-agents, if any. You can affect the "signature" by modifying, deleting, and adding headers. HTH |
|||
Dec. 19, 2011, 12:44 AM
Post: #3
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
my limited understanding is that since its a "generic sig" it means the browser throws the value of a hash depending on which browser version you are using. i've tested different versions of firefox and safari and they all return different hash values according to the browser version. using a similar version in different machines will throw the same signature so i think it works like an md5 hash check.
if a site request this "browser hash value" and if im following your last sentence correctly then its possibe to affect this signature by modifying or adding headers, if i could simply modify this hash by adding a few digits that would work great. i hope you can throw some example on how to do this. thank you so much for those quick responses JJoe. |
|||
Dec. 19, 2011, 03:43 AM
(This post was last modified: Dec. 19, 2011 03:44 AM by JJoe.)
Post: #4
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
As I understand things,
http://ip-check.info/description.php JonDonym Wrote:The order and the content of the HTTP headers sent by your browser may be used to identify your browser type and to separate you easier from other web surfers. The JonDonym server noted the order and content of some of the headers that my browser sent JonDonym Wrote:The value shown here is a hash over the browser headers that are relevant for this. and used that info to create a value aka signature. The value shows how such info might be stored. JonDonym Wrote:Unfortunately, current web browsers do not allow to change the order of the headers sent by them. If you would like to reach the default values of JonDoFox, we therefore suggest you to use the Firefox browser. In the following, you see the recommended default values: Some headers of requests passing through the JonDonym servers will have a specified order and content. So to get lost in the JonDonym crowd when you aren't using JonDonym's servers, your browser needs to send as shown under "Individual JonDoFox header signature". Firefox (generic) sends headers in the correct order but you may need to spoof or change the user-agent, accept-language, and accept-encoding headers "to reach the default values of JonDoFox". (Dec. 19, 2011 12:44 AM)costes Wrote: it means the browser throws the value of a hash depending on which browser version you are using. I haven't found it with wireshark. (Dec. 19, 2011 12:44 AM)costes Wrote: i've tested different versions of firefox and safari and they all return different hash values according to the browser version. using a similar version in different machines will throw the same signature That's not unexpected, especially when the machines' operating systems are the same or the Proxomitron is modifying headers. The relevant headers sent to JonDonym's server would change with the browser but maybe not with the machine. (Dec. 19, 2011 12:44 AM)costes Wrote: its possibe to affect this signature by modifying or adding headers, if i could simply modify this hash by adding a few digits that would work great. i hope you can throw some example on how to do this. You can't change the order of the headers. You can change their content. The Proxomitron can modify headers and some browsers allow changes. But, I think you may be missing the point or I am? I think JonDonym is trying to tell you to get lost in a crowd. I can only guess that they believe their headers provide the best crowd to hide in. BTW, don't do anything that would make it worth somebody's time to find you. HTH |
|||
The following 1 user says Thank You to JJoe for this post: costes |
Dec. 19, 2011, 11:37 AM
(This post was last modified: Dec. 19, 2011 11:41 AM by costes.)
Post: #5
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
Again thanks for the quick response JJoe.
JJoe Wrote:You can't change the order of the headers. You can change their content. The Proxomitron can modify headers and some browsers allow changes. I thought that because proxo intercepts any request that goes through it, it was possible to modify such generic headers. including the "order of the headers" although im not quite sure what they mean by that. header A for some value, header B for another value, etc... so if the order of headers goes A,B,C then its X browser if the order goes B,D,A then its Z browser. ? JJoe Wrote:BTW, don't do anything that would make it worth somebody's time to find you. LOL. the idea behind it was to mask any browser to the extreme or completely. "Tor browser" for example has a generic sig as well and it only uses firefox. Most people will use Tor browser. this is important because every single "Tor browser" in a cloud of anonimity throws the same values everywhere, so you get lost in a generic crowd of users where the more users with the same browser will increase your anonimity, hence also the panopticlick EEF project that helps you determine how common your browser is among others for tracking purposes. https://panopticlick.eff.org there are no other browsers currently being modified by the Tor developers but they are working close with chrome ppl and others to bring the Tor experience with different flavours (personally i would never use chrome). the reality is that many browsers will work with Tor if you take the time to configure them properly. but because there is a lack of Tor users using any other browser than firefox at the moment then it makes it easier to distinguish those not using FF, hence applications like Proxo will help you disguize your browsing experience when its needed. i was hoping this "generic sig" was one of those values you could configure as well to get an extreme masked browser. The problem is not using Tor with X browser to surf the web the problem is at the Torexitnodes, those can see, log and potentialy track a user (UA string for this matter) when a site has not implemented ssl to view their pages. much like those clever kissmetric cookies if exitnodes A,F,V are coluded they could correlate browsing habits of a different Browser.. ie : 3k users at exitnode A uses Tor browser but "UA J browser" was here looking L page 1k users at exitnode A uses Firefox but "UA J browser" was here looking h page 2k users at exitnode V uses Firefox or Tor browser but "UA J browser" was here looking xxx pages (haha.) 50 users at exitnode F uses Firefox or Tor browser but "UA J browser" was here loking P pages if it walks like a duck cuacks like a duck then ...... Thank you for you time in your last reply JJoe. |
|||
Dec. 19, 2011, 03:17 PM
Post: #6
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
(Dec. 19, 2011 11:37 AM)costes Wrote: so if the order of headers goes A,B,C then its X browser Proxo's log window shows 4 different orders for 4 different browsers Code: +++GET 317+++ In practice, anonymity is difficult. Have fun, play nice. |
|||
Dec. 20, 2011, 05:27 AM
Post: #7
|
|||
|
|||
RE: Remove/Replace Generic Header Signature Filter
First of all, this must the first time i get several quick responses in a forum JJoe so Thank you.
and thanks also for doing the work to help with this request. JJoe Wrote:Proxo's log window shows 4 different orders for 4 different browsers HA!. why didn't i think of that... all i had to do was check that log window using the browsers. . now i have the clear picture. thanks. JJoe Wrote:In practice, anonymity is difficult.Have fun, play nice. yes this is quite annoying , glad your input help me caught on it . |
|||
« Next Oldest | Next Newest »
|