"The Metasploit Decloak Engine
is now back online with a handful of new updates and bug fixes. Decloak
identifies the real IP address of a web user, regardless of proxy
settings, using a combination of client-side technologies and custom
services. The first version was announced in June of 2006 and was eventually made obsolete by changes to the Flash plugin and improvements in the Torbutton
Firefox addon. The new version includes enhanced versions of the Flash
and Java tests, no longer uses any javascript, and adds support for
iTunes, Quicktime, and Microsoft Office techniques. A properly
configured Tor+Torbutton+Privoxy solution
still stands up against Decloak, but just about everything else fails.
Decloak is unique in that it can obtain the DNS server addresses used
by a web browser by combining the results of multiple application
protocols into a single test. Thanks to Paul Craig for the Quicktime
method implemented in iKAT and the Mike Perry for writing the Torbutton Design Documentation."
More Information: http://metasploit.com/data/decloak/
