TCP/IP Fingerprinting for VPN and Proxy Detection

Posted on March 13, 2021 in Security • Tagged with TCP, IP, fingerprinting, Proxy, VPN • 9 min read

TCP/IP fingerprinting is as old as the Internet itself. But this technique seems to have lost it's relevancy in our modern times. However, with the rise of Proxy and VPN Providers, TCP/IP fingerprinting becomes interesting again from a security perspective.

Continue reading

Why does this Website know that I am sitting on the Toilet?

Posted on February 05, 2021 in Security • Tagged with JavaScript, deviceorientation, devicemotion • 3 min read

Android mobile devices give to any website device orientation and device motion data. This data is quite sensitive in nature and should not be granted to websites without obtaining explicit user consent.

Continue reading

Browser Red Pills: Why are you browsing my website from AWS Lambda?

Posted on January 17, 2021 in Security • Tagged with red pill, Bot, Advanced Bots, JavaScript, Puppeteer, Playwright • 6 min read

Advanced bots use modern browsers and automation frameworks such as puppeteer and playwright. It becomes increasingly hard to distinguish bots from real human traffic, therefore, new methods are required.

Continue reading

Browser based Port Scanning with JavaScript

Posted on January 10, 2021 in Security • Tagged with browser, port scanning, JavaScript • 10 min read

In this article, various techniques to conduct port scanning from within the browser are developed. Modern JavaScript is used.

Continue reading

Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API

Posted on January 02, 2021 in Security • Tagged with uncaptcha3, ReCaptcha, Google, Speech to Text API • 2 min read

In this project, I make use of a method from early 2019 that demonstrates how to solve the Audio reCAPTCHA with Google's own Speech to Text API. This method still works, which is quite astonishing.

Continue reading

Dynamically changing proxies with puppeteer

Posted on December 20, 2020 in Security • Tagged with puppeteer, dynamic proxies, Express API • 3 min read

The chrome browser controlled via puppeteer doesn't support the dynamic change of proxies without restarting the browser. In this tutorial, I demonstrate how to implement this functionality with the help of a third party npm module named proxy-chain. This module acts as an intermediate proxy.

Continue reading