使用代理时停止在TCP / IP堆栈指纹中检测到linux?

时间:2017-12-13 15:49:30

标签: proxy virtual-machine tcp-ip fingerprint privacy

如果我连接到我的Windows 7虚拟机上的socks5并访问www.doileak.com,它告诉我javascript和用户代理显示Windows操作系统,但TCP / IP指纹显示它是一个linux发行版,因此我可能正在使用虚拟机或代理。虚拟机正在使用虚拟机框在Windows主机上运行。这个指纹是因为我连接的代理是在Linux发行版上吗?如果是这样,有没有办法防止这种情况发生?

1 个答案:

答案 0 :(得分:0)

doileak.com使用p0f to fingerprint

source,适用于Windows:

; -------
; Windows
; -------

label = s:win:Windows:XP
sig   = *:128:0:*:16384,0:mss,nop,nop,sok:df,id+:0
sig   = *:128:0:*:65535,0:mss,nop,nop,sok:df,id+:0
sig   = *:128:0:*:65535,0:mss,nop,ws,nop,nop,sok:df,id+:0
sig   = *:128:0:*:65535,1:mss,nop,ws,nop,nop,sok:df,id+:0
sig   = *:128:0:*:65535,2:mss,nop,ws,nop,nop,sok:df,id+:0

label = s:win:Windows:7 or 8
sig   = *:128:0:*:8192,0:mss,nop,nop,sok:df,id+:0
sig   = *:128:0:*:8192,2:mss,nop,ws,nop,nop,sok:df,id+:0
sig   = *:128:0:*:8192,8:mss,nop,ws,nop,nop,sok:df,id+:0
sig = *:128:0:*:8192,2:mss,nop,ws,sok,ts:df,id+:0

Linux的:

; -----
; Linux
; -----

; The variation here is due to ws, sok, or ts being adaptively removed if the
; client initiating the connection doesn't support them. Use tools/p0f-sendsyn
; to get a full set of up to 8 signatures.


label = s:unix:Linux:3.x
sig   = *:64:0:*:mss*10,0:mss:df:0
sig   = *:64:0:*:mss*10,0:mss,sok,ts:df:0
sig   = *:64:0:*:mss*10,0:mss,nop,nop,ts:df:0
sig   = *:64:0:*:mss*10,0:mss,nop,nop,sok:df:0
sig   = *:64:0:*:mss*10,*:mss,nop,ws:df:0
sig   = *:64:0:*:mss*10,*:mss,sok,ts,nop,ws:df:0
sig   = *:64:0:*:mss*10,*:mss,nop,nop,ts,nop,ws:df:0
sig   = *:64:0:*:mss*10,*:mss,nop,nop,sok,nop,ws:df:0

label = s:unix:Linux:2.4-2.6
sig   = *:64:0:*:mss*4,0:mss:df:0
sig   = *:64:0:*:mss*4,0:mss,sok,ts:df:0
sig   = *:64:0:*:mss*4,0:mss,nop,nop,ts:df:0
sig   = *:64:0:*:mss*4,0:mss,nop,nop,sok:df:0

label = s:unix:Linux:2.4.x
sig   = *:64:0:*:mss*4,0:mss,nop,ws:df:0
sig   = *:64:0:*:mss*4,0:mss,sok,ts,nop,ws:df:0
sig   = *:64:0:*:mss*4,0:mss,nop,nop,ts,nop,ws:df:0
sig   = *:64:0:*:mss*4,0:mss,nop,nop,sok,nop,ws:df:0

label = s:unix:Linux:2.6.x
sig   = *:64:0:*:mss*4,*:mss,nop,ws:df:0
sig   = *:64:0:*:mss*4,*:mss,sok,ts,nop,ws:df:0
sig   = *:64:0:*:mss*4,*:mss,nop,nop,ts,nop,ws:df:0
sig = *:64:0:*:mss*4,*:mss,nop,nop,sok,nop,ws:df:0

了解上述指纹后,您只需将Linux VM转换为Windows。

The fingerprint format

sig = ver:ittl:olen:mss:wsize,scale:olayout:quirks:pclass

您需要欺骗以下内容才能更改指纹:

  • OS TTL:sudo sysctl net.ipv4.ip_default_ttl=128(Windows)
  • 最大细分大小:sudo sysctl net.ipv4.route.min_adv_mss=1460
  • TCP窗口大小:sudo sysctl -w net.ipv4.tcp_rmem='8192 87380 4194304' && sudo sysctl -w net.ipv4.tcp_wmem='8192 87380 4194304'
  • 不幸的是,在olayout部分,您无法在Linux中更改这些设置。所以,你不能欺骗这些。 quirks部分也是如此。恰好olayout" ...是最有价值的TCP指纹识别信号之一。"
相关问题
最新问题