Skip to content

Anonymity

Jump to bottom
knavesec edited this page Mar 22, 2021 · 2 revisions

CredMaster fixes a number of potential anonymity issues with password spraying and/or the FireProx tool:

  • IP Rotation on every authentication request

  • UserAgent spoofing (optional)

  • Automatic Header spoofing, all of the following are spoofed for anonymity

    • X-Forwarded-For leaks original IP addresses on each request
    • x-amzn-apigateway-api-id leaks the API ID of the FireProx instance tied to your account
    • X-Amzn-Trace-Id leaks some AWS data, unsure what it is, but still good to spoof

Further data and screenshots can be found in this blogpost.

Overview

Home

Installation

Usage

Config File

Notifications

Fireprox Utilities

Plugins

Overview

OWA

EWS

ADFS

O365

O365Enum

MSOL

MSGraph

AZVault

AzureSSO

HTTPBrute

HTTPPost

Okta

FortinetVPN

GmailEnum

PingFed

Misc

Development

Weekday Warrior

Throttle Evasion

Anonymity

Credits

Clone this wiki locally