Silo is an on-demand, remote, disposable browsing environment that executes browser code without taxing or exposing local resources. Toolbox delivers important utilities which allow infosec researchers to do the work they need to do without tipping their hand. In addition, Toolbox enables mis-attribution by allowing users to alter the browser’s identified OS, browser type, and language settings, as needed. Manipulation of these settings is done in the Browser Fingerprint Management (BFM) settings panel in the Admin Console and can also be done (in limited form) inside the Toolbox window itself.
Note: Definitions are made within the context of Silo and Browser FIngerprint Management.
Mis-attribution - The act of changing web server facing characteristics of your browsing session to try and mislead web servers about your true identity or to alter the content displayed. Within the context of SIlo, the characteristics which can be changed are geo-location, OS brand and version, browser type, version, and language.
User Agent String (UA) - A string of text passed to a web server at the beginning of an HTTP session to identify various attributes of the browser. More here: Browser User Agent
(IP) Geolocation - The process of identifying a person’s location by IP address. We have more information on this topic in this Support article.
Language Settings - The settings that determine the default language displayed by the browser in the Accept-Language request-header.
In the provisioning options for the Toolbox Web App, there are options related to BFM. (Click here for more information on how to configure a Toolbox Web App).
The following is a list of Toolbox options related specifically to BFM:
This setting controls the region where your traffic emerges on the Internet. For example, if you select Dubai, your traffic will originate from our egress location in Dubai and web servers that you connect to will see a Dubai address as the source of your connections.
Allows for the configuration of UA string, platform (OS), language, and timezone.
- UA String may be set to any of the pre-set values or it may be set to custom. In custom mode any UA string may be pasted into the window.
- Platform may be set to Linux, Mac, or Windows
- Language may be set to any language setting you like.
Note: The default settings for all of the above settings is to use the local setting based on egress node location.
Primary configuration of BFM options is done from the Toolbox configuration pane in the Admin Console. Additionally, it is possible to change UA settings while the Toolbox app is in session. The ability to change in session parameters is controllable by configuration of the web app. Please see the Appendix for important information about browser anonymity.
The details of these configuration options are listed here
Admin Console Settings
Once you navigate to the Browser Fingerprint section of a web app, you will see the following menu:
If the settings are left as-is, the system will automatically use the default settings as defined by the native Linux system and the language and timezone settings of the selected egress node (Tokyo, Japan in the screenshot). In addition, the ability to change the UA string in session may be turned on or off here.
If you select the Customize Browser Fingerprint checkbox, the resulting menu will look like this:
The following options are available:
- User Agent - you may choose one of the many predefined UA settings, or you may select Custom User Agent to define your own. Browser User Agent
- Platform - you may select from Mac, Windows, or Linux
- Language - Enter a valid Language Tag.
- Timezone - Select a timezone
Please see the appendix for important information regarding these settings.
In Session UA Changes
Once in the Toolbox session, a user may decide to change their UA string without restarting the Toolbox session. To do this, the “Allow in session user agent switching” must be checked for the Toolbox web app that is being used. Once in session, the user can use the following menu found at the bottom of the Toolbox window to change the UA:
These changes take effect immediately. Please see the Appendix for more information about the impact on mis-attribution when making this change.
Important information about BFM and the mis-attribution use case.
Non-attribution browsing is the de-facto state for all Silo browsing sessions. As described above, with Toolbox, the user has the ability to mis-attribute their browsing profile. That is, the user can change characteristics of their browsing sessions to appear as something they are not. However, the intent of these features is not to guarantee complete mis-attribution in all scenarios. Rather, the intent is to make changes sufficient enough to pass a cursory review of web logs or other information regarding the session to avoid detection. This is especially true when Java or Flash are enabled in the browsing session. These technologies allow the web server, if properly configured, to do a more rigorous analysis of the computer trying to connect. This could reveal a mismatch, for example, of a UA string which purports to be a Safari browser running on Windows, with certain Linux fonts installed. To a discerning eye, these would stand out and seem suspicious but at a cursory glance, they may go unnoticed.
Silo’s native environment
Silo and Toolbox web sessions all originate from LInux servers running a customized version of Firefox. This is the default settings applied if no BFM settings are altered.
Egress Points and Native Languages/Timezone Settings
If BFM settings are not altered, the Native language and Timezone settings will be inherited from the location of the egress proxy. This would be the most “natural” settings for this kind of session.