« OAuth Session Fixation Security Flaw Discovered | Main | Web 2.0 Application Proxy, Profiling and Fuzzing tool »

Metasploit Decloaking Engine Gets User's Real IP

"This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed."

Essentially this uses flash and/or applets which execute on the client side to gather host information. There have been commercial equivalents for some time but this is the first open source POC.

More Information: http://decloak.net/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!