Lesson 4 of 22
In Progress

Spoofing Software

Zero Trace Support February 16, 2021

Lets start off with Portable Firefox, we need to configure it and keep it on our VM and USB Key.

First of all, download portable Firefox, open Firefox and make whoer.net as you homepage.
Here are the add-ons that you need to install:

Canvas blocker: This add-on allows users to prevent websites from using the JavaScript<canvas> API to fingerprint them. Users can choose to block the <canvas> API entirely on same or all websites (witch may break some websites) or just block or fake its fingerpring-friendly readout API. More information on <canvas> fingerprinting can be found at http://www.browserleaks.com/canvas

Click&Clean: Deletes typed URLs, Caches, Cookies, your download and browsing History…instantly, with just 1-click on Click&Clean button! Extension for firefox that will you to:

– Delete your browsing history
– Clear records from your download history
– Remove cookies and Empty Cache – Delete Temporarily Files
– Remove Flash Local Shared Objects (LSO)
– Delete private data when Firefox closes
– Automatically close all windows/tabs
– Clean up you hard drives and free up more disk space
– Including secure file deletion
– Using exernal applications, like Ccleaner, Wise Disk Cleaner etc. on Windows or Janitor, Bleach bit on Linux.

This powerful add-on enables you to do all mentioned above instantly, with 1- click on the TP Roll icon in the Firefox toolbar.

Use it before and after you do a carding operation.

Flashlight: To spoof the flash player version, plugin useful for viewing multimedia content, we will use an extension called flashlight.

The purpose of this extension is the following: it allows you to save versions of flash player that are installed on the browser and it allows to switch the saved versions even if there’s none really installed.

Lets see how to run this extension after it is installed.

Suppose we don’t have any version of flash player installed and want to create a list in wich we can for example choose from the following versions of flash player: Flash player version 9, version 11, version 14, version 15, version 18 and version 19.

The choice of older versions is up to you, however, its mandatory to install the latest version.

First we will have to look for older versions of adobe flash player from the official site:
https://helpx.adobe.com/flash-player/kb/archived-flash-playerverions.html scrow down a bit down the page and you will find the section “Flahs Player Archieves” with all links (written in this form “Released 11/102015 Flash Player 18.0.0.261 184 MB”).

It should take some time to download versions that interest you as they are quite large files. 

Once we have the older versions, we will also get the latest, but we will do that later.

Once you have downloaded all the versions we find ourselves with the .rar archives in witch there are the installation files for both versions of windows 32bit and 64bit, both in .exe format is in .msi format (Microsoft Installer).

We will have to pay attention to choose the 32bit version that is in .msi format because the format .exe executes the online installaction so even if, for example, we are installing version 11 it automatically download and install the latest version.

Now we are in the situation where we have all past versions(9,11,14,15 and 18) in the 32bits version and msi format, we operate as follow:

Lets take the first version to be installed (the 9) and follow this simple procedure:

  • We open Firefox
  • Lets go to Firefox MenuAdd-onsPlugins and make sure that the flash player has been installed and is active, if it is not, then we turn it on.
  • Click on the extension icon Flashlight (the small arrow that lest open the dropdown menu) and lick on “Save current Flash Player”, there ask what name to save it, we leave it to be given automatically and click ok. We saved our version of flash player now.
  • Control PanelProgrammsUninstall a Program. Uninstall the flahplayer version we installed because we don’t need it anymore.
  • Repeat the operation again with the other versions (11,14,15 and 18)

Disable Webrtc plugin by Chris Antaki: don’t be fooled by the name, the plugin doesn’t disable Webrtc, it will just prevent IP leaks.

Otherwise about:config and
media.peerconnection.ice.relay set on true.

Random Agent Spoofer: this plugin is a must have in your browser, thanks to it you can spoof screen size, accept language, user agent and much more.

Modify Headers: We will need this add-on for modifying headers

User – agent Spoofing: user – agent Spoofing: to spoof the user agent we will use the extension called “Random Agent Spoofer”. You can choose between different operating systems inside of witch there are many browsers and with different versions, you can choose (by the appropriate bottons)if the randomize the choice of user-agent and you can chose to use the actual own user-agent(“Real Profile”).

However, it might happen that for instance, when we are using fullz that contains the user agent of the victim that the user agent is not among those in the list, although there are many. We will fix this issue by using the already installed addon that is called “Modify Headers”.
 
This extension will allows us to manually change the user agent and accept language as well.


Lets see how it works:
Suppose you have fullz with the following user-agent that represents the iPhone with OS X and that hes also browsing from Safari Browser:

Mozzila/5.0(iphone; CPU iPhone OS 9_1 like Mac OS X)AppleWebKit/601.1.46(KHTML, like Gecko) Version /9.0 Mobile/13B5130b Safari/601.0

To user this user agent we will:

  • Click the icon of the extension ”Start” to start the extension; obviously with the same procedure it is possible to turn it off.
  • Click the icon of the extension ”Open Modify Headers”. From the dropdown Menu (“Select”) we will have to choose whether to add (“Add”) or change (“Modify”) “something” and given the fact that we are interested in changing the user agent we will have to select modify.
  •  In the white space we will have to write User-Agent (Just as I wrote) and in the beside space you enter the user agent string that we want, in our case: Mozzila/5.0(iphone; CPU iPhone OS 9_1 like Mac OS X)AppleWebKit/601.1.46(KHTML, like Gecko) Version /9.0 Mobile/13B5130b Safari/601.0
  • We click on Add
  • Now we should view our user-agent just entered in the appropriate section with the red light next to it (as shown). If we click on the red light should turn green, this indicates that our user-agent is active. To turn it off just click on it again. Its easy to understand how it is possible to enter several user-agents, and turn them off from time to time depending on our needs.

Accept – Language Spoofing: Lets assume you have installed Firefox in Italian but having to be like you are browsing with a browser and a system in English, how can we do to fix it? I don’t certainly expect you have to install every time Firefox: Modify Headers will come handy again.

The process is identical to the one that we used to change the User Agent.

From the dropdown menu select Modify, in the white space we write AcceptLanguage (just as I wrote it) and in the white space we type:
q = 0.8, en-US; q = 0.5, en; (in the case of a system that uses the English Language, and US language) or q = 0.8 en; (in case of a system in Italian) or q=0.5 en; ( In the case of a system in English).

These are just same examples, of course according to you need you can just search on Google to find the string that is appropriate to the desired language.

We click “Add” to add our modified Accept-Language to the list. Just as you can do with the user agent also here you can enter accept different language, and turn them on and off depending on your needs.

N.B. if you simultaneously activate “Random Agent Spoofer” and “Modify Headers”, the later will have a, lets call it , priority on the other. Let me explain, lets assume that you have selected a profile from User-Agent extension Random Agent Spoofer, then you open the extension Modify Headers and insert and activate another user agent.

The data that will be transmitted during navigation will be provided by Modify Headers and not from the other one.

This can have practical implications that can come useful and we see with an example.

Suppose that we are in this situation:

We need to execute a carding attempt and in the information we have the victim’s user agent.

Mozzila/5.0(iphone; CPU iPhone OS 9_1 like Mac OS
X)AppleWebKit/601.1.46(KHTML, like Gecko) Version /9.0 Mobile/13B5130b Safari/601.0 but this user agent is not present in Random agent spoofer list.

In addition, we know that the iPhone has 1920×1080 resoluction while our PC is a bit dated and allows us to get to 1024×768 so we will need to use the Random extension agent spoofer to change the resoluction of our screen.

How to operate:

  • We select whatever profile from the extension user agent spoofer (it wont be shows, its jus to activate the extension)
  • We select the resolution that we are interest
    in(1920×1080) using again Random Agent Spoofer

After that we activate the extension Modify Headers(wich will have as already said priority on the extension Random Agent Spoofer) and we insert and activate our user agent (and eventually the accept language as well) with the procedure described above. 

In doing so we were able to get a system that show as user agent the custom one with the extension Modify Headers, but at the same time having the screen size spoofing thanks to Random Agent Spoofer. Of course, combining the of these two extensions you can simulate all browsers and all possible navigation platforms and imaginable.

Font Spoofing: Random agent user can limit detectable fonts.

Last Pass: very usefull addon that saves me lots of time during my carding attempts, this addon allows you to automatically save accounts profiles after creating them, generate passwords during registrations, autofill, and much more, it will limite the usage of .txt files for account management. https://addons.mozzila.org/en-US/firefox/addon/lastpass-password-manager/

FoxyProxy: premier proxy management for FirefoxProxy is a firefox extension wich automatically switches an internet connection across one or more proxy servers based on URL patterns. Put simply, FoxyProxy automates the manual process of editing Firefox’s connection Settings dialog. Proxy server switching occurs based on the loading URL and the switching rules you define.

Use ForxyProxy for linking socks to browser.

Mozbackup: Thanks to Mozbackup we will be able to backup and restore browser profiles that contain user agent, accept language, screen resoluction, cookies, history, extensions & much more.

This is particularly  useful in case we require some sort of account aging. You can download mozbackup from here: http://mozbackup.jasnapaka.com. Its possible to decide whether to make backup (“Backup a Profile”) or (“Restore a Profile”).

Lets assume we are in the situation where we have to do carding and the card holder is called MARK, so we endeavor to se everything as described in this guide and we execute our carding. Now suppose we have to make a second carding attempt(and the card hoder this time is called ROBET) but without loosing cookies and site data navigation used in the first carding attempt.

How do we accomplish this? We simply create a backup the first profile via the mozback program, and that profile will call MARK.pcv(.pcv is the extension that is automatically assigned), and we will save it where we like( to decide where to safe the file and how to name it click on the browse bottom that will appear on the second screen of the procedure.)

In order to execute the second carding attempt, we will need to clean everything by using Click&clean, ccleaner, and blechbit and the we execute the second card attempt, and even here we can create a backup that we will call, Robert.pcv.

Finished everything we clean it again with Click&clean, CCleaner, and Bleachbit, by doing so, althought we cancel all navigation data saved, we didn’t now actually lose anything since we created our backups.

So, when we want to browse again as Mark we just open the software Mozbackup, select “Restore a Profile”, it will ask us the backup file; we will select the file MARK.pcv.

With this procedure, it is logical to think that it allows us to manage many Navigations Profiles simultaneously and from the same browser allowing us to bring our profiles created from one PC too another one too.

Ok, I guess we are done setting up our Portable Firefox, other spoofing software are Antidetect (Antidetect.net) and Multilogin. 

From my point of view, the best choice is Antidetect. You can get a crack and install it on Multiple RDPs.

In my honest opinion, the best way to carding is buying a residential RDP and installing Antidetect cracked inside of it, so that the residential clean IP will be tunneled to Antidetect and also thanks to Anti-Detect you will be able to get a great spoofing setup inside the RDP.

Of course the same can be done with socksv5 and its even more cost effective.

About multilogin app, you can get it from multiloginapp.com, currently they offer only the free version which doesn’t offer many features, the premium version should come soon for $29 a month, you can read a comparison between AD and ML here: https://multiloginapp.com/multiloginapp-vs-antidetect/