sqtqnforlife Posted September 18, 2017 Share Posted September 18, 2017 Hi everybody, I'm chatting on an IRC Website (That not allows simple users to connect by an IRC Client, but only Browsers ...). When spamming or flooding, I've been being banned with 3 Types of bans : 1. Banning the IP address (I simply Bypass this ban by rebooting my Wi-Fi Router because I have a dynamic IP address); 2. Banning the MAC address (I'm again capable of bypassing this by changing my MAC address with the freeware '' TMAC Changer '' ); 3. Banning the Browser connection (Here comes my problem, in other terms, even if I do a clean uninstall / install of my browser '' After changing IP + MAC addresses '' and keep changing my browsers Mozilla, Chrome, Chromium, Safari, Opera; I keep getting banned every-time ... So when I have no browser left to install, I MUST WIPE + FORMAT my PC to connect again to this site). My question is as so : what is the specific parameter in the browser that allow Operators and Admins in this IRC Website to catch me every-time, and how can I bypass this ?! Thank you in advance, and I hope you can help me ! Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 18, 2017 Share Posted September 18, 2017 your user agent... simply change it... with your web browser, install a tool like tamper Data. It will allow you to quickly change this user agent to something else... "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; it-it) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16" try and change a single number like 528.16. ---> 568.16 should be enough to evade banning. If not then change a little more. This hole process could be automated... even the part where you release your routers ip. I have done this before, its a single page request to your router, it will almost instantly be released and renewed... learn sockets with any language of your choice... python, perl or ruby. Quote Link to comment Share on other sites More sharing options...
digip Posted September 18, 2017 Share Posted September 18, 2017 They could simply password protect a channel to block you or kick anyone who's not registered as well, so if they really want you gone, they can block you for the most part, no matter what you do. Try using a real IRC client and registering a new NICK with the server, then try again. Quote Link to comment Share on other sites More sharing options...
sqtqnforlife Posted September 18, 2017 Author Share Posted September 18, 2017 1 hour ago, i8igmac said: your user agent... simply change it... with your web browser, install a tool like tamper Data. It will allow you to quickly change this user agent to something else... "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; it-it) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16" try and change a single number like 528.16. ---> 568.16 should be enough to evade banning. If not then change a little more. This hole process could be automated... even the part where you release your routers ip. I have done this before, its a single page request to your router, it will almost instantly be released and renewed... learn sockets with any language of your choice... python, perl or ruby. Thank you for your answer, however I've tried so many '' User Agent Add-On '' that seem to change my Device / Browser version / .... on Firefox, Opera, Chrome, .... etc But still getting banned ! I think either these Add-On are just scam, or there is another parameter in the browser that allow TecAdmins / NetAdmins or OPs to catch me ... N.B: I've tried '' Tamper Data '', but it's no longer available / compatible for newer version of Firefox. Quote Link to comment Share on other sites More sharing options...
sqtqnforlife Posted September 18, 2017 Author Share Posted September 18, 2017 51 minutes ago, digip said: They could simply password protect a channel to block you or kick anyone who's not registered as well, so if they really want you gone, they can block you for the most part, no matter what you do. Try using a real IRC client and registering a new NICK with the server, then try again. Thank you for your answer. Unfortunately, the IRC Server '' a6.chat-land.org '' is protected by a password . It could only be accessed by a browser because only ChanOps / Admins / can join it by an IRC client !!! Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 18, 2017 Share Posted September 18, 2017 1 minute ago, sqtqnforlife said: Thank you for your answer, however I've tried so many '' User Agent Add-On '' that seem to change my Device / Browser version / .... on Firefox, Opera, Chrome, .... etc But still getting banned ! I think either these Add-On are just scam, or there is another parameter in the browser that allow TecAdmins / NetAdmins or OPs to catch me ... N.B: I've tried '' Tamper Data '', but it's no longer available / compatible for newer version of Firefox. when you open your browser to this irc application. The user name is random generated? Quote Link to comment Share on other sites More sharing options...
sqtqnforlife Posted September 18, 2017 Author Share Posted September 18, 2017 Just now, i8igmac said: when you open your browser to this irc application. The user name is random generated? You can choose your nickname, age, ... etc, however even if I choose a new nickname, age, mail, ... etc still getting banned !!! The problem is not the username, but more complicated than this, it has something to do with the browser (Read carefully my first post here) !!! Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 18, 2017 Share Posted September 18, 2017 (edited) 5 minutes ago, sqtqnforlife said: You can choose your nickname, age, ... etc, however even if I choose a new nickname, age, mail, ... etc still getting banned !!! The problem is not the username, but more complicated than this, it has something to do with the browser (Read carefully my first post here) !!! Do you know how to use burp-suite... you can tamper with the data here... Here is a list of agents. https://pastebin.com/6T20NynL Edited September 18, 2017 by i8igmac Quote Link to comment Share on other sites More sharing options...
sqtqnforlife Posted September 18, 2017 Author Share Posted September 18, 2017 1 minute ago, i8igmac said: Do you know how to use burp-suite... you can't tamper with the data here... Here is a list of agents. https://pastebin.com/6T20NynL I'm downloading burp-suite right now. A quick tutorial if possible would be great ! Quote Link to comment Share on other sites More sharing options...
i8igmac Posted September 18, 2017 Share Posted September 18, 2017 2 minutes ago, sqtqnforlife said: I'm downloading burp-suite right now. A quick tutorial if possible would be great ! After you configure your browser to use burp proxy. perform all the steps to connect your browser to chat room. This is the screen you want to see... Start with a fresh session, new ip, new nick and maybe another device like your phone... Quote Link to comment Share on other sites More sharing options...
digip Posted September 18, 2017 Share Posted September 18, 2017 2 hours ago, sqtqnforlife said: Thank you for your answer. Unfortunately, the IRC Server '' a6.chat-land.org '' is protected by a password . It could only be accessed by a browser because only ChanOps / Admins / can join it by an IRC client !!! That sounds like rubbish but ok. I was able to connect using netcat, but I don't have a registered nick on the server. Not sure it requires a "password" in a sense, just a properly registered user from what I can see, which looks like is done from the main website and not the normal msg nickserv. Quote Link to comment Share on other sites More sharing options...
numb3rs80 Posted September 24, 2017 Share Posted September 24, 2017 Cookie, Hardware ID, User Agent, IP, a ton of stuff can be used. You could just stop flooding the chat. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.