« Anti-XSS 3.0 Beta and CAT.NET Community Technology Preview now Live | Main | Opera releases update for 'extremely severe' vulns »

Metasploit Decloaking Engine

"The Metasploit Decloak Engine is now back online with a handful of new updates and bug fixes. Decloak identifies the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. The first version was announced in June of 2006 and was eventually made obsolete by changes to the Flash plugin and improvements in the Torbutton Firefox addon. The new version includes enhanced versions of the Flash and Java tests, no longer uses any javascript, and adds support for iTunes, Quicktime, and Microsoft Office techniques. A properly configured Tor+Torbutton+Privoxy solution still stands up against Decloak, but just about everything else fails. Decloak is unique in that it can obtain the DNS server addresses used by a web browser by combining the results of multiple application protocols into a single test. Thanks to Paul Craig for the Quicktime method implemented in iKAT and the Mike Perry for writing the Torbutton Design Documentation."

More Information: http://metasploit.com/data/decloak/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Post a comment

Remember personal info?