|
Título: consulta... Publicado por: dutz en 29 Julio 2012, 03:29 am alguien podria explicarme como enlazar tor con havij para que el escaneo sea "anonimo"...
Título: Re: consulta... Publicado por: int_0x40 en 29 Julio 2012, 17:19 pm No conozco esa aplicación pero deberías de revisar si permite configuración con proxies http o socks. Si soporta alguno solo escribe la dirección de la interfaz loopback y el puerto que corresponda al proxy que soporte tu aplicación por ejemplo 8118 si es a http y 9050 si es a socks.
Caso de que la aplicación no soporte proxy tendrás que buscar un modo de forzar a que salga su conexión con algún programa extra. Te dejo parte del HOWTO de la web de tor: Citar Overview about different methods for Torification There are three different methods to torify applications. Security overall: Leaks of your real IP address after you got rooted, are only impossible, if your machine has no other option than exiting traffic through Tor. (Transparent Proxy [TorBOX]). About protocol leaks (leak of your time zone through CTCP/irc; browser fingerprinting; Bittorent leaks; See warning above!; etc.) you always have to keep care of. Classical / common way: use the application's proxy settings Advantages: Does not need third party software (wrapper). Only a few proxy settings needed, sometimes a few more settings like 'use remote DNS' are required. Disadvantages: Each application has to be checked and configured against DNS leaks. The application is not forced to honor the proxy settings. Some applications such as Skype and Bittorrent do not care, what the proxy settings are and use direct connections anyway. Also once the application is infected, it's not forced to honor the application settings. Not so common: use a wrapper: force the application to use a proxy (torsocks/usewithtor) Advantages: No proxy settings inside the application needed. Nothing like 'use remote DNS' can be forgotten. Disadvantages: It's a redirector. Not a jail. Applications may still decide to use fancy techniques to archive direct connections. Also once infected it can break out of the redirector. There are/were serious leaks, which leak your IP, because of bugs. For example, IPv6 can still leak your IP when using torsocks. It also does not magically prevent protocol leaks, see torsocks homepage for details. Update: To prevent identity correlation through circuit sharing use uwt. torsocks Even less common: use a transparent proxy Security: Safety against leak of real IP address depends on implementation. Anonymizing Middlebox can be secure. (For example: TorBOX) Other implementations such Transparently anonymizing traffic for a specific user and Local Redirection Through Tor do not provide strong protection like Anonymizing Middlebox. Advantages: No proxy settings inside the application needed. Nothing like 'use remote DNS' can be forgotten. Can provide some protocol leak and fingerprinting protection, for example see TorBOX's Protocol-Leak-Protection and Fingerprinting-Protection. Disadvantages: More complex and complicated, requires additional software. Identity correlation (all application connect through the same TransPort, SocksPort or DnsPort)! Workarounds available. Nota: acabo de checar reseña de esa aplicación por la cual preguntas, recuerda que es un delito testear sqlinjection sin autorización, lo que escribí arriba es con fines de aprendizaje, no aliento ningún acto que afecte a terceros y no me responsabilizo del uso que des a esta información. Saludos. |