Isp>vpn>whoami>proxychain>tor

YOU>ISP>VPN>WHOAMI>PROXYCHAIN>TOR>Website
What’s the best possible “anonimity/untraceable combo”?
(I’m n00bie)

imagine you’re the NSA and found me on the target website since you can easily see and reverse the TOR chain and encryption. And you’re going back to my computer to find me

What I’ve learned last days:
•I’m here
•ISP (what ISP can see here?)
•WHOAMI project (mac changing, ip spoofing, and many more stuff)
•VPN (vpn company can’t see see my IP and stuff because of whoami)
•Proxychain (doesn’t encrypt nothing, just to make them stuck searching)
•TOR (exit node is open and NSA knows what I’m doing and knows I’m using proxychain and if they reverse it they’ll know my VPN company. But don’t know who and where am I.

I said I was n00bie

Now some questions.
How the hell I “order these steps on a chain”?
(Example: how do i set vpn before or after tor?)
Which is the best order/combination in your conception?
Can I use VPN again after TOR? Even if I’m using before?

Cheers fam?
(Example: how do i set vpn before or after tor?)
Which is the best order/combination in your conception?

Cheers fam!

Most, if not all VPNs log your activity. Aside Mullvad I haven’t seen any other VPN company not getting mentioned inside a court room.
Whoami project isn’t a network connectivity issue, more on your own side. Which works, I didn’t know this had a name but I had a similar few scripts long time ago that essentially did the same thing, good job on this.
Proxychain is something I wouldn’t do in the day of our lord and savior 2023. As you said, doesn’t encrypt the traffic and sometimes you can even discern the originator of the traffic.
Tor is too slow. Far too slow to do any exfiltration. Far too slow for botnets or mass scanning. Maybe particular small payload exploits on particular target that was already per-assess? Other than that, worthless.

I have seen some people suggest VPN through Tor (paying VPN in crypto) but even then I wouldn’t rely on that. I would suggest you to acquire a few boxes to jump off of, make a small openvpn box, another icmp tunnel proxy and hack your neighbours wifi. There are tutorials out there on the net, or ask chatgpt, it will give you a link or tutorial too.

For most hack jobs that ought to be fine. My rule of thumb is that the damages are less than 6 months of detectives salary it’s not worth their time so they won’t look into it. Again, not based on anything other than my hunch. As long as you don’t hit mid to large size companies and don’t hit any really drastic numbers of hacked boxes nobody will bat an eye. Also don’t hack Five Eyes countries (and their allies).

Happy Hackin

hi man! very interesting post thanks for the info!
if u dont mind i have a question: when you say acquiere a few boxes to jump off of what do you mean something la virtualvox? and what is it an openvpnbox? is it to have a vpn inside vituralvox for example?
byb the way im a newbie too…thanks in advance man!

to acquire a few boxes means that you hack few computers and then install openvpn on them or socks proxy

If I remember correctly, if you use VPN + TOR it will look more suspicious than simply using TOR. With TOR every user is supposed to look the same (like via fingerprint obfuscation), however if you add a VPN your ISP might think “Here’s a paranoid fellow… what gives” and perhaps “flags” your usage, or looks at you more closely. Depending on where you are, near Washington, university internet, or public coffee shop - NSA might be trying to look over your shoulder.

You could use Tails OS, which randomizes your MAC address which somewhat anonymizes you. It also deletes everything you did whenever you session ends. Everything stays in RAM memory.

So, how to stay anon? Steal your grandmas laptop and use it with Tails OS to do your business. Throw away the laptop after your are done, making sure to fully destroy it. Repeat the process as necessary. If you run out of grandmas, maybe black hat hacking isn’t right for you. Lol

Also, what exactly is your threat model? What are you trying to do? Simple web surfing? More advanced shit?

Hey fam, I expanded my knowledge about the case.
Here is something about using VPN + TOR or TOR + VPN

VPN → TOR
Pros of TOR through VPN:

• You ISP will never identify that you are using TOR, even he will know that you are using VPN. The entry node of TOR network will not see your true IP address, because you will connect to TOR through VPN so it will get VPN’s IP address not yours.
• Allows users to access TOR hidden services.

Cons of TOR through VPN:

• VPN providers know your real IP address.
• No protection from malicious activity on exit nodes, because non-https incoming and outgoing traffic from exit nodes is not encrypted and can be monitored. Exit nodes are often blocked in TOR network.
• TOR bridge (Obfsproxy) can be effective for hiding tor traffic from ISP, It can be detected with deep packet inspection.

TOR → VPN

Pros of VPN through TOR:

• VPN provider can not see your real IP address because you connect to the VPN server through TOR network. TOR exit node IP address will be your real IP address for VPN. If you use anonymous payment like bitcoin, your VPN server never identify you, even VPN keeps log.
• Protection from Malicious at tor exit nodes. All traffic is encrypted by the VPN client software before entering into TOR network, So browsing http websites can not be monitored on exit node. Although your data is encrypted so ISP can not able to get what are you doing on the internet.
• Bypass all blocks on exit node.
• Allow you to choose server location as per your desire.
• All the internet network will be routed through TOR.

Cons of VPN through TOR

• VPN provider can monitor your internet traffic but has no way to connect to you.
• Vulnerable for end-to-end-timing attack.

Yeah I need some time of talk with u lol seems you can help me…
The plan is to be untraceable.

What you guys think about the following…
Qubes bare-metal runing whonix. (Idk if I can run VPN inside the whonix which is inside Qubes)

I know it depends on your purpose but let’s say in a general case like you’re doing some shit around and don’t want to be found.

What you said about VPN can log you destroyed the “perfect” infrastructure I’ve built lol.

Where tutorial lmao

Hi frend! Hope you can help us here. I made this topic to talk about.

https://0x00sec.org/t/best-way-to-be-untraceable-invading-collecting-data-getting-out/38683?u=0xbeep

See ya and thank you!!

I just want to learn, my trip is to put as many privacy/security layers I can. So I’m studying everything. I know it always depends on what you’re doing but I have nothing to do, just searching about.

You said Mullvad never been said in a court room. It’s because?
Mullvad don’t keep the logs?

Some doubts rested.
Cheers!

I go with

WhoAmI
AutoTor_IP_changer [which changes automatically every whatever seconds you choose]
then dynamic proxychains with AutoTor.

If you’re on target with the NSA, they won’t think about breaking down the individual barriers of your defence, because if it’s built with your head, all they have to do is look for flaws in you. In you, or in your configuration. If the configuration is really good, then your OPSEC, for example, might be rubbish.

You need to start much earlier than the network connection itself.

For example:

-Dedicated hardware, preferably Linux, open BIOS, hardware that is not suspected of having backdoors.
-Dedicated computer for “work” (something not connected to you as a person), e.g. buy for cash in a place without cameras. Remove the microphone, cameras, etc.
-Linux system, preferably some Debian or other non-commercial system made by the community. Debian does not have many commercial system tools, most are GNU.
-Dedicated virtual machines on this laptop
-Internet, a separate source from the one you have at home in your own name (i.e. a separate place with Internet, modems or access points in places without cameras, Internet from a neighbour, etc.).
-In general, you need to treat the hardware as ‘work’ and the location as ‘work’. Then you have separated the two worlds, your normal one and the one where you are, being targeted by the NSA. As if both mix in one place NSA will find you easily even if you are using 10 VPNs and 8 onion routes
-If you already have to connect from home, I would buy dedicated servers, one or two, for crypto and have VMs on them. Connect to them in a secure way, and do all the stuff on these servers.
-Then I would buy a dozen cheap VPS servers in the same anonymous way for cryptocurrency that is not tied to your identity. I would have servers in multiple locations around the world to put private VPNs on. And for dedicated workloads, I would buy a VPS and set up a VPN on it for the duration of the operation.
-I would follow hardening guidelines for all servers, laptops, systems and services I build and use.

Then I would break each of the above into small steps to look for the threat in each. For example, buying cryptocurrency, buying a computer, faking data and having a backup, all encrypted on another server that would only be used as a backup.

Now you are ready for the steps with the connection. It all depends on what you want to do and what you want to achieve. If you are an assassin, you will probably need a camera to document your work and send to the person you are hired by, and a secure communication channel.
If you’re a darknet market owner, you probably don’t need a phone, just a server and a secure connection. If you are a hacktivist, you would need additional tools or devices. So it really depends. But let’s go back to our standard basic steps.

I find it a bit funny to always hide behind seven vpns and seven proxies and Tor on top of that. Sounds a bit like that fairy tale from a long time ago, behind seven mountains and seven forests…

I don’t know if the people who suggest 3 vpns, 2x Tor plus proxy have ever actually used such a solution and opened a website for it.

Tor is needed for pseudo anonymity, a VPN (but ours, which we set up ourselves) can help us hide Tor from the ISP if we don’t have a dedicated connection, and by using a VPN we hide Tor from the provider, then our plan is already low budget. VPN for Tor helps you browse the web without captcha and blockers, it helps you look like a user logging into the bank, for example, from a location close to your daily activities. But a socks proxy is better for this, and it has to be configured and hosted by you too. You can’t trust free proxies list or proxies/vpn providers.

Maintaining anonymity costs money, and a lot of it. Oh and a lot of knowledge. Then you need invest more money and more knowledge.

Finally, it all depends on what you want to achieve, without an example of what a bad person you are and what bad things you do, there is no golden rule. And even with that information… there will be no golden rule, lol.

Now, and most importantly, by asking questions like this, no one can ever link your nickname from this forum to your villain profile.
You can never brag about your accomplishments.
You can’t appear richer than others who know you.
No one can ever physically see you at your ‘work’. Things you can’t do yourself, you outsource.

And others like it.

I hope my chaotic entry has caused more confusion than help. But I hope it will give some insight for thought in the bigger picture and not just a small snippet.

Plus insights and comments from people above. Because they are valuable.

This topic was automatically closed after 121 days. New replies are no longer allowed.