Proxy 使用代理时是否停止在TCP/IP堆栈指纹中检测linux?
如果我连接到windows 7虚拟机上的Sock5并访问www.doileak.com,它会告诉我javascript和用户代理显示windows操作系统,但TCP/IP指纹显示它是linux发行版,因此我可能正在使用虚拟机或代理。正在使用virtual box在Windows主机上运行虚拟机。这个指纹是因为我连接的代理位于linux发行版上吗?如果是这样,有什么方法可以防止这种情况发生吗?doileak.com使用Proxy 使用代理时是否停止在TCP/IP堆栈指纹中检测linux?,proxy,virtual-machine,tcp-ip,fingerprint,privacy,Proxy,Virtual Machine,Tcp Ip,Fingerprint,Privacy,如果我连接到windows 7虚拟机上的Sock5并访问www.doileak.com,它会告诉我javascript和用户代理显示windows操作系统,但TCP/IP指纹显示它是linux发行版,因此我可能正在使用虚拟机或代理。正在使用virtual box在Windows主机上运行虚拟机。这个指纹是因为我连接的代理位于linux发行版上吗?如果是这样,有什么方法可以防止这种情况发生吗?doileak.com使用p0f 对于Windows,请执行以下操作: ; ------- ; Windo
p0f
对于Windows,请执行以下操作:
; -------
; Windows
; -------
label = s:win:Windows:XP
sig = *:128:0:*:16384,0:mss,nop,nop,sok:df,id+:0
sig = *:128:0:*:65535,0:mss,nop,nop,sok:df,id+:0
sig = *:128:0:*:65535,0:mss,nop,ws,nop,nop,sok:df,id+:0
sig = *:128:0:*:65535,1:mss,nop,ws,nop,nop,sok:df,id+:0
sig = *:128:0:*:65535,2:mss,nop,ws,nop,nop,sok:df,id+:0
label = s:win:Windows:7 or 8
sig = *:128:0:*:8192,0:mss,nop,nop,sok:df,id+:0
sig = *:128:0:*:8192,2:mss,nop,ws,nop,nop,sok:df,id+:0
sig = *:128:0:*:8192,8:mss,nop,ws,nop,nop,sok:df,id+:0
sig = *:128:0:*:8192,2:mss,nop,ws,sok,ts:df,id+:0
Linux:
; -----
; Linux
; -----
; The variation here is due to ws, sok, or ts being adaptively removed if the
; client initiating the connection doesn't support them. Use tools/p0f-sendsyn
; to get a full set of up to 8 signatures.
label = s:unix:Linux:3.x
sig = *:64:0:*:mss*10,0:mss:df:0
sig = *:64:0:*:mss*10,0:mss,sok,ts:df:0
sig = *:64:0:*:mss*10,0:mss,nop,nop,ts:df:0
sig = *:64:0:*:mss*10,0:mss,nop,nop,sok:df:0
sig = *:64:0:*:mss*10,*:mss,nop,ws:df:0
sig = *:64:0:*:mss*10,*:mss,sok,ts,nop,ws:df:0
sig = *:64:0:*:mss*10,*:mss,nop,nop,ts,nop,ws:df:0
sig = *:64:0:*:mss*10,*:mss,nop,nop,sok,nop,ws:df:0
label = s:unix:Linux:2.4-2.6
sig = *:64:0:*:mss*4,0:mss:df:0
sig = *:64:0:*:mss*4,0:mss,sok,ts:df:0
sig = *:64:0:*:mss*4,0:mss,nop,nop,ts:df:0
sig = *:64:0:*:mss*4,0:mss,nop,nop,sok:df:0
label = s:unix:Linux:2.4.x
sig = *:64:0:*:mss*4,0:mss,nop,ws:df:0
sig = *:64:0:*:mss*4,0:mss,sok,ts,nop,ws:df:0
sig = *:64:0:*:mss*4,0:mss,nop,nop,ts,nop,ws:df:0
sig = *:64:0:*:mss*4,0:mss,nop,nop,sok,nop,ws:df:0
label = s:unix:Linux:2.6.x
sig = *:64:0:*:mss*4,*:mss,nop,ws:df:0
sig = *:64:0:*:mss*4,*:mss,sok,ts,nop,ws:df:0
sig = *:64:0:*:mss*4,*:mss,nop,nop,ts,nop,ws:df:0
sig = *:64:0:*:mss*4,*:mss,nop,nop,sok,nop,ws:df:0
了解了上述特征后,您只需将Linux虚拟机转换为Windows
:
sig=ver:ittl:olen:mss:wsize,scale:olayout:quirks:pclass
您需要伪造以下内容才能更改指纹:
- OS TTL:
(Windows)sudo sysctl net.ipv4.ip\u default\u TTL=128
- 最大段大小:
sudo sysctl net.ipv4.route.min\u adv\u mss=1460
- TCP窗口大小:
sudo sysctl-w net.ipv4.TCP_rmem='8192 87380 4194304'&sudo sysctl-w net.ipv4.TCP_wmem='8192 87380 4194304'
- 不幸的是,在
部分,您无法在Linux中更改这些设置。所以,你不能欺骗这些。在olayout
怪癖部分也是如此。恰好,
“……是最有价值的TCP指纹信号之一。”olayout