How To Stay Anonymous While Hacking (Part 1)
How to stay anonymous? This is a somewhat tricky question to answer due to many factors being involved.
A cafe will more than likely have CCTV and depending on where you sit your laptop screen could be visible to the cameras therefor if you’re using Linux your laptop will stand out compared to OS X or Windows.
So, let’s talk about Kali.
MacChanger: First Step to Anonymity
wlan0/1 | eth0 < your network interface may be different.
ifconfig wlan0/1 (note current MAC Address) ifconfig wlan0/1 down macchanger -r wlan0 ifconfig wlan0/1 up ifconfig wlan0/1 (confirm spoofed MAC Address)
ifconfig eth0 (note current MAC Address) ifconfig eth0 down macchanger -r eth0 ifconfig eth0 up ifconfig eth0 (confirm spoofed MAC Address)
sudo apt-get install openvpn
Firefox Settings: Adding upto anonymity
Allow First-Party Cookies Only
Third-Party Cookies are only used for Advertising and Tracking purposes.
network.cookie.cookieBehavior : 1 network.cookie.lifetimePolicy : 3 network.cookie.lifetime.days : 1
Enable Tracking Protection
Blocks tracking scripts.
privacy.trackingprotection.enabled ; true privacy.trackingprotection.pbmode.enabled ; true
If you have Flash enabled, it will reveal your real IP Address & Operating System.
plugin.state.flash : 0 plugin.state.java : 0 plugin.scan.plid.all : false
gfx.direct2d.disabled : True layers.acceleration.disabled : True
Spoofing your system info is easy, but if your fonts are being leaked it’s easy for a website to identify what operating system you’re actually using.
browser.display.use_document_fonts : 0
Disable Access to Webcam & Microphone
media.navigator.enabled : False media.navigator.video.enabled : False camera.control.face_detection.enabled : False
Disable WebRTC (Leaks IP Addresses)
WebRTC exposes the IP Address behind a VPN/Proxy.
media.peerconnection.enabled : False media.peerconnection.identity.enabled : False media.peerconnection.turn.disable : True media.peerconnection.use_document_iceservers : False media.navigator.enabled : False media.getusermedia.screensharing.enabled : False media.getusermedia.screensharing.allowed_domains : Blank media.peerconnection.video.enabled : False media.peerconnection.video.h264_enabled : False
Telemetry collects and sends your browsing data to Mozilla. This feature is used to “improve”
your browsing experience but some users may want to opt-out.
toolkit.telemetry.archive.enabled : False toolkit.telemetry.cachedClientID : Blank toolkit.telemetry.enabled : False toolkit.telemetry.previousBuildID : Blank toolkit.telemetry.server : Blank toolkit.telemetry.unified : False
Disable Health Reporting
Same as above.
datareporting.healthreport.about.reportUrl : Blank datareporting.healthreport.about.reportUrlUnified : Blank datareporting.healthreport.documentServerURI : Blank datareporting.healthreport.infoURL : Blank datareporting.healthreport.logging.consoleEnabled : False datareporting.healthreport.service.enabled : False datareporting.healthreport.uploadEnabled : False datareporting.policy.dataSubmissionEnabled : False datareporting.policy.dataSubmissionEnabled.v2 : False
These above will help you getting your anonymity shield strong! NoScript & Random Agent Spoofer need to be configured which can take a couple minutes. You also need to know what systems to exclude from RAS to prevent suspicion from admins.
Browsers I’ve Removed :
– All Opera & SeaMonkey Browsers (hardly anyone uses them)
– Edge Browsers (Edge is basically Internet Explorer)
– All Console Browsers (do I really have to say?)
– All iOS Browsers (read info bellow)
– Windows Phone Browsers (read info bellow)
– All Firefox OS Browsers (discontinued OS by Mozilla)
– Unix Browsers (most UNIX systems are commercial)
– All Linux Browsers (suspicious)
– All x86 versions of Windows (nobody uses 32-bit Windows)
Browsers I Kept :
– All WOW64 Browsers on Windows x64 (WOW64 = x86 Browser on x64 System)
– Chrome, Firefox & Safari for OS X (Yosemite/El Capitan)
– Chrome & Firefox for Windows (7/10 x 64)
– I’m sure nobody really uses Windows 8 right?
There is no point spoofing your info to match browsers on iOS devices because websites will be able to tell you’re not using iOS due to your browser capabilities. Thus being suspicious and quite obvious you’re spoofing your system info. The same for other browsers/systems.
Take into consideration you would have to do that every time you boot into Kali.
I’ve described some more topics in my next article. Check it here:
If you liked reading the article, please comment and share too!
Latest posts by Anuj Mishra (see all)
- How To Hack Website Using Android Without Root (SQLMAP Tutorial & Installation) - 17th February 2018
- How To Hack Instagram Account & Password ? (2018 Method) : Tutorial [Using Phishing, Kali Linux, Root, Apps] - 9th February 2018
- How To Hack Any Windows 7/8/10 Remotely Using An Image Without Any Access ?! - 4th February 2018