1
00:00:00,660 --> 00:00:04,950
Welcome to our additional module for basic exploit development.

2
00:00:05,580 --> 00:00:11,370
This time we're going to show you how to use a technique called Tor over VPN to improve your privacy.

3
00:00:11,880 --> 00:00:15,450
Offensively scanning or crawling vulnerable web applications.

4
00:00:16,440 --> 00:00:20,640
Tor over VPN is an anonymous technique that provides extra measures of security.

5
00:00:20,940 --> 00:00:25,980
First, a VPN session is initiated and then a TOR sessions open through that VPN session.

6
00:00:26,370 --> 00:00:28,410
It has four advantages, at least.

7
00:00:28,650 --> 00:00:32,310
It hides the use of the Tor session from your internet service provider.

8
00:00:32,580 --> 00:00:38,400
It hides from the Tor node, your actual IP address, because we're dropping the Vpn's IP address in

9
00:00:38,400 --> 00:00:38,940
this place.

10
00:00:39,420 --> 00:00:44,940
It may evade egress, filtering, other blocking techniques preventing you from using TOR, much like

11
00:00:44,940 --> 00:00:48,150
the way that you would use a portable transporter with Tor.

12
00:00:48,510 --> 00:00:51,450
It also hide your traffic from your VPN provider.

13
00:00:51,720 --> 00:00:54,000
Let's look at a diagram of offensive scanning.

14
00:00:56,260 --> 00:01:01,450
So here's my IP address from home is actually 71, 70, 54, 53.

15
00:01:01,720 --> 00:01:06,850
It's not my actual IP address, but we're just going to use this as an example.

16
00:01:07,450 --> 00:01:13,000
However, my VPN endpoint is located at 40 59148119.

17
00:01:13,780 --> 00:01:21,460
When we run a scan using something like IMAP or Go Buster or some sort of web application scanner and

18
00:01:21,460 --> 00:01:27,190
we proxy it through Tor, we are actually getting much different IP addresses from the Tor endpoint

19
00:01:27,400 --> 00:01:33,730
that's hitting these vulnerable services, such as a web server on Port 80 or a web server on a four,

20
00:01:33,730 --> 00:01:36,040
four, three or a proxy on AT&T.

21
00:01:36,400 --> 00:01:38,560
It would show up to the victim.

22
00:01:39,190 --> 00:01:45,070
That's 15223117 240 a tor node endpoint instead.

23
00:01:48,260 --> 00:01:53,840
Additional advantages of using TOR over VPN is that it helps you crawl websites about revealing your

24
00:01:53,840 --> 00:02:02,570
identity using various proxy aware or transparently proxy firewall tools such as t socks or proxy chains.

25
00:02:03,290 --> 00:02:10,160
Now you can run MF Scarce with impunity, but the availability for that through TOR over VPN is just

26
00:02:10,160 --> 00:02:15,710
a connect scan where if formed, creates the full TCP handshake during the scan.

27
00:02:16,130 --> 00:02:25,250
It may evade FBI network investigative techniques such as the playpen bus, where the FBI actually embedded

28
00:02:25,250 --> 00:02:30,680
malicious JavaScript code within a web website just to enumerate visitors.

29
00:02:31,760 --> 00:02:38,120
So when you were to be hit by FBI in I.T., it may just drop your Vpn's endpoint address instead of

30
00:02:38,120 --> 00:02:39,470
your real IP address.

31
00:02:40,460 --> 00:02:43,460
So let's demonstrate how that works.

32
00:02:44,120 --> 00:02:46,430
Let me shut down my original VPN.

33
00:02:52,460 --> 00:02:58,070
And we're going to use OpenVPN, one of my VPN profiles.

34
00:03:08,040 --> 00:03:08,580
Oh, my God.

35
00:03:08,910 --> 00:03:09,960
I forgot to.

36
00:03:10,260 --> 00:03:11,310
Sort of calisthenics.

37
00:03:22,500 --> 00:03:28,560
I'm going to cut this video and go straight to the Twitter VPN.

38
00:03:29,430 --> 00:03:29,790
All right.

39
00:03:29,790 --> 00:03:30,470
Welcome back.

40
00:03:30,480 --> 00:03:32,310
I actually got everything.

41
00:03:32,310 --> 00:03:34,860
Running capabilities is running right here.

42
00:03:37,210 --> 00:03:41,410
And I am going to show you the tour over VPN scanning technique.

43
00:03:42,160 --> 00:03:47,860
So learn to do is pseudo open VPN.

44
00:03:59,720 --> 00:04:03,890
And now we're going to test our actual IP address from the VPN endpoint.

45
00:04:07,940 --> 00:04:13,490
It is a server located in the Netherlands, us acting as my VPN endpoint.

46
00:04:14,540 --> 00:04:17,779
This is actually a bulletproof hosting VPN, by the way.

47
00:04:18,709 --> 00:04:26,120
So it means that in general they don't really respond to, you know, inquiries to an IP address.

48
00:04:27,840 --> 00:04:28,230
All right.

49
00:04:28,230 --> 00:04:31,710
So the first thing you want to do is configure proxy chains.

50
00:04:39,010 --> 00:04:41,830
We need to have this line right here.

51
00:04:42,500 --> 00:04:47,950
Socks for localhost 1958 because that's where A is looking at.

52
00:04:52,160 --> 00:04:52,990
And let's see.

53
00:04:53,000 --> 00:04:54,410
Service tour start.

54
00:04:57,590 --> 00:05:04,160
And we also need to do a modification to proxy chain's application because it's actually using old DNS

55
00:05:04,160 --> 00:05:06,320
resolver that is a bit wonky.

56
00:05:07,580 --> 00:05:10,490
Locate the proxy resolve.

57
00:05:16,240 --> 00:05:17,900
Nano proxy resolved.

58
00:05:19,150 --> 00:05:22,990
Make sure you have this proxies of DNS.

59
00:05:23,170 --> 00:05:32,020
1.1.1.1 usually by default is actually 4.2.2.2 and you'll run into DNS issues while you're trying to

60
00:05:32,020 --> 00:05:32,440
do that.

61
00:05:33,790 --> 00:05:38,800
So let's try using proxy chains to grab our IP address.

62
00:05:45,900 --> 00:05:51,270
Our IP address is 15195237118.

63
00:05:52,230 --> 00:05:54,540
Now let's try grabbing our VPN endpoint.

64
00:05:54,540 --> 00:05:55,380
IP address.

65
00:05:56,550 --> 00:05:59,640
45 9148109.

66
00:06:00,540 --> 00:06:07,020
Now, from here, you can actually just browse anonymously, like proxy jeans or box google.com.

67
00:06:17,690 --> 00:06:19,160
Usually tours of this slow.

68
00:06:31,800 --> 00:06:32,340
It's loading.

69
00:06:33,330 --> 00:06:37,170
Tor is not really something that you would use because it will be fast.

70
00:06:37,470 --> 00:06:39,630
It's because that's very well anonymizing.

71
00:06:43,120 --> 00:06:44,800
But I can do something like.

72
00:06:46,240 --> 00:06:46,850
Oh, right.

73
00:06:47,170 --> 00:06:47,860
She works.

74
00:07:05,310 --> 00:07:05,910
There we go.

75
00:07:15,810 --> 00:07:20,610
So from here, I'm not actually going to attack a website that will be illegal, by the way.

76
00:07:21,120 --> 00:07:27,420
But let's say that I want to use proxy chains imap connect scam.

77
00:07:27,420 --> 00:07:31,650
No pain to go e-comm.

78
00:07:32,550 --> 00:07:38,940
I'm not going to do that by the way, but what I'm trying to explain is that you will always be dropping

79
00:07:38,940 --> 00:07:44,580
a torrent endpoint IP address instead of your VPN endpoint.

80
00:07:44,580 --> 00:07:51,240
And if there was an FBI network investigative technique, it would only enumerate your actual VPN IP

81
00:07:51,240 --> 00:07:54,000
address, not your home IP address.