Archive

Posts Tagged ‘anonymous’

ZeroCheck

April 22, 2012 Leave a comment

Hello :),

I was testing an viewing the new crypto paste ZeroBin and two of it’s main disadvantages were the fact that a user has to trust the server for It’s anonymity and the Man-In-The-Middle on javascript.

  • Users still have to trust the server regarding the respect of their privacy. ZeroBin won’t protect the users against malicious servers.
  • Won’t protect against Man-in-the-middle attacks (eg. javascript substitution)

Well tried to think of a way to protect the user and minimize these disadvantages. And came up with ZeroCheck.

What is ZeroCheck?

ZeroCheck is a chrome extension to fingerprint ZeroBin clones, it tries to make sure that a Zerobin clone is safe, this doesn’t mean that an approved website is safe because it can be keeping track of your IP address or some other connection info that may be used to track the person that made a paste.

SO A SITE MARKED AS SAFE BY ZeroCheck DOESN’T MEAN THAT YOU ARE 100% ANONYMOUS.

Only gives you some security about the version of the page and the libraries used on that website and the ability to check if the page or it’s libraries have changed in any way.

Where can I download ZeroCheck?

You can download it from the official github repository github.com/lbragues/ZeroCheck

What does it do?

This extension generates a unique fingerprint of the page and tries to detect any change on the core functions that may compromise the security provided by the zerobin original code.

It has two main features:

  • Uniquely identifies the zerobin version of the javascript that is being used on the page.
  • Uniquely identifies the page and checks to see if has been marked as a safe page.

Now a simple overview on how the extension works. If a website is detected as a zerobin clone a icon will show in the omnybox

ZeroOmnybox

The presence of this icon means that a website is a clone of the zerobin project, if you find any website that doesn’t show this icon and it’s a zerobin page then most certainly is because it’s in a iframe, so you need to open the real link of the page.

Example “http://www.anonpaste.tk/” the real url to the zeropaste is “http://www.peoplesliberationfront.net/anonpaste/index.php”

Notes:

Please keep in mind that this is a very simplistic approach to the problem, with this I mean that this extension may still have many bugs, and it certainly needs more work. 🙂

If you want me to check any website please leave a comment with his address here.

Tip: If you are getting some strange results use the refresh button 🙂

What kind of information can I get with ZeroCheck?

  • Information about the crypto libraries used
  • The classification of the website

For example this is the info about the original ZeroBin site:

As you can see it show the information about the libraries used and their version and the website origin (This is manually checked to make sure it’s safe) If you open a website that wasn’t checked this is how it looks like:

This means that the libraries used are safe but the website hasn’t been manually checked.

Now an example of unsafe libraries:

And for last an unsafe website: