[try to hack] active detection and concealment technology

https://www.bilibili.com/video/BV1bt4y1874s?p=79

Blog home page ： Happy star The blog home page of
Series column ：Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time ：2022 year 7 month 3 Japan
The author's level is very limited , If an error is found , Please let me know , thank ！

Active reconnaissance is based on OSNT Open source passive reconnaissance , Get more information about the goal , In order to find more places where there may be safety problems . But active reconnaissance will have a lot of interaction with the target , It is more likely to be detected by the target .

technology
1、 Camouflage tool signature
2、 Hide traffic from legitimate traffic
3、 Modify source and type

Adjust source IP Stack and tool identification settings

Common is to change User-Agent

Here we use msf To demonstrate
msfconsole
use auxiliary/fuzzers/http/http_form_field

There is one advanced
show advanced

Yes useragent
set useragent BaiduSpider // Search engine crawlers are generally not filtered
set rhost 192.168.0.1 Set to route , Send... To route http Data packets
run

wireshark Grab the bag and have a look
Filtering rules http&&ip.dst==192.168.0.1&&ip.src==192.168.0.106

Modify packet parameters

Nmap Modify the original parameters
nmap --spoof-mac 11:11:11:11:11:11 26 -sS -Pn -p80 192.168.0.1

It's really disguised mac Address , But why Destination yes 0.0.0.26, I don't know

Many other tools have similar functions to modify packet parameters
Such as masscan Of –adapter-mac、–adapter-ip

Use proxy anonymous Networks tor

When using Tor When the client , Your Internet Communication will be through Tor The network routing . Leaving Tor Before the network reaches its destination , The traffic will pass through several randomly selected relay stations ( Run by volunteers ). This will prevent Internet Service providers and people who monitor your local network view the websites you visit . It also prevents the website itself from knowing your actual location or IP Address - They will see the exit node IP Address and location . Even the relay station doesn't know who requested the traffic they passed . Tor All traffic in the network is encrypted .

apt install tor
service tor start start-up tor
service tor status see tor Whether to start

Configure through installation proxychains4, Is to integrate any program and agent tools proxy Establishing a connection , The principle is similar to that of browser proxy .
apt install proxychains4
gedit /etc/proxychains4.conf


firefox www.whatismyip.com

I saw it , This is the truth that no proxy is used ip, It's really my public network ip

proxychains firefox www.whatismyip.com Modify agent