In 2018, the topic of working with logs has become very popular; we can say that this topic has become one of the most trending. There are a lot of services and people who sell logs, there are quite a few reasonably priced stealers for getting logs and information about it; antidetect helpers, I often get questions on how to properly configure the system for logs for further work with it. Therefore, I will consider in detail how to get the maximum possible information on the log from available data and configure your config, using it. This will be done using the Linken Sphere antidetector as an example, but I would like to clarify straight away that you can configure the configuration in any antidetector, not only in this one. Most of the antidetects on the market also allow for configuring all possible settings and substitutions. Some substitutions can also be done on the regular system itself without using anti-detects.
At the same time, I will talk about and explain in detail how to make all the possible settings in the configuration as in the real machine, simply put, we will make a real config of the system without configshop. This article, in addition to the topic of working with logs, will be a kind of manual for configuring real configs from scratch. This will be useful not only to those who don’t have access to configshop and can’t buy configs, but also to those who have them. With this information, you will learn how to modify your existing configurations, learn the tricks of setting up different substitutions, get an understanding of what makes this or that parameter and how best to configure it. There are even more questions about it than about logging, since antidetects appeared. If you read the documentation in Linken Sphere, the documentation on the Internet, you will get even more “mess” in your head. I’ll try to fix it, I’ll show you how you can think out of the box when configuring your configuration.
5% Discount on Linken Sphere browser purchase and renewal and personal support from me on this product. Promo code: LS_XERL
In the meantime, we move on to the article, which will consist of three large sections:
In this section, I will very briefly talk about available steleers, what is a log, and what kind of logs they are (for those who don’t know what they are). I’ll give you some tips and tricks for working with logs and most importantly in this section: I will show you on real examples what information you need to get from logs to customize your configuration from scratch.
In this section, I will show you how to configure the settings correctly, explain in clear language and by examples how some parameters work, what they depend on, and how to build them correctly. I’ll give examples of real totals of parameters. I’ll explain how to change some parameters without using antidetects at all.
This small section will focus on some tips, tricks and variations of working with Linken Sphere.
Introduction. Getting as much information as possible from the log. Tips and tricks for working with logs Let’s start very briefly for beginners on what logs are. Logs are a collection of files that contain various information from the user’s computer. These include: Browser data (Cookies, History, Auto-fill, Downloading history, Login/Passwords to various sites), User system information, Screenshot of user screen. May also contain: wallet files from cryptocurrency, files from Steam, saved SS, etc.
Logs are used in different spheres of work: from gray to black, but more often, as a rule, the latter variant. You can buy logs or get them yourself. The most common options for selling logs are as follows:
The second option is much rarer, it costs more, but gives even more credibility from Shops, Anti-Fraud systems, as you use the IP address of the PC owner.
This option is the most ideal, so it is even rarer. Costs even more; the best option. Shops/Antifraud systems trust as much as possible since you are using the Holder system and therefore all the parameters and fingerprints of the IP address of the PC owner. You can find more information and articles on this topic in the forums. For those who are too lazy to search, you can PM me and I’ll discount interesting articles on these topics.
Moving on to the main part. We got, we bought a log from any stealer. Popular stylers, from which we currently receive logs: AZORul, Arkei Stealer and Vidar. AZORult is the most popular styler, but it was only recently when its author closed the official sales and threads on the forums. It has been around for a long time, but Vidar is not so popular anymore, and it is a good choice for those who want to get logs by themselves. If you want detailed information can be found on thematic forums, or who is too lazy to search, can write to the PM, I will throw up a link. Personally do not do myself getting logs. Although there are different steelyers, but the basic information and its structure is very similar, so it does not matter which steelyer log.
Now let’s move on to working with logs. For all parameters, all logs can be divided by importance (in descending order of importance):
For beginners, the first advice would be to not disdain logs of the 2nd and 3rd category, to treat them as seriously as logs of the first category in order to gain experience, to fill up your hand and to learn technically how to correctly use the log and the selected tool for its processing.
Forums often distribute worked out logs for different categories; this option is also a good way to start working with logs.
You can determine the degree of importance by Logins/Passwords, auto-fills, and sometimes even by the splash screen on the desktop, you can distinguish a nerd from a good log. With experience, depending on your skills and financial situation, you’ll be able to figure out by yourself which log is worth working with, which is not so hard, and which is worth throwing away and not wasting your time.
Log processing in Linken Sphere is very convenient because, using different tabs, you can process several logs at once, which also saves time.
Log processing can be complex, or processing of one particular request.
It often happens that newbies work with logs for just 1 request, for example for Paypal, and if they fail, they get upset and throw the log away. This is a bad approach to work, because you will not get a normal profit and knowledge; if you have a lot of time and little experience, work the log to the fullest, build up your hand.
Logging tips and tricks
For example, you can urgently call the holder to work, send a wreath with threats (Saying that this is from the mafia, the insurance will return everything, don’t move until we clean you out). It is important to understand the essence of the given thoughts, and imagination in variants of use of the useful information can be boundless.
Retrieving basic system log information The most basic system information is contained in the System.txt file, or Information.log.
Screenshot : https://prnt.sc/lx4rp1
In the screenshot, I have highlighted the parameters that we need to configure the system.
Our next step is to determine the type of browser and browsers to create the configuration. It happens that PC owners use multiple browsers, not just one. So if necessary, it’s better to create two sessions in a sphere, i.e. two configurations, rather than loading a cookie into one. For this purpose we look necessary to us sites with logins and passwords in file “passwords.txt” parameter “Soft” Screenshot: https://prnt.sc/lx5ofi, and also files in folder “Cookies” on presence of necessary sites (files in this folder are divided on browsers; it is possible that files Cookies can lie in the general folder. It all depends on which styler the log is from). Example: https://prntscr.com/lx5oag In my case there is only one Google Chrome browser in the log, so I only tag 1 browser. Moving on to more interesting information that doesn’t lie on the surface.
Determine whetherFLASHis present in the system and its version, determine the browser version (if possible) To do this, go to the file System.txt, or Information.log and in the section of the installed programs [Software] search for “Adobe Flash Player”. If found, then mark that Flash is, write down its version. There are two kinds of Adobe Flash Player: Adobe Flash Player ** NPAPI – for Firefox browser. Adobe Flash Player ** PPAPIfor Opera/Chrome. Screenshot: https://prntscr.com/lx5ztv Next, in the same screenshot, we see the version of Google Chrome, if not, try to find it in the file by searching for “Google Chrome”. We also mark the version. Browser type and version will be needed to configure the “navigator.UserAgent” parameter, and in some cases to disable Canvas substitution. Browser Mozilla Firefox search for the query “Firefox”, we should find something like “Mozilla Firefox 64.0 (x64 en-US) [64.0]”. The Firefox browser name contains the bit depth of the program (32 or 64 bit), which will also be helpful when configuring the “navigator.UserAgent”. Browser Opera is searched by “Opera”, we should find something like “Opera Stable 57.0.3098.106 [57.0.3098.106]”
For various reasons it is not always possible to determine the browser version, one of which is that the browser may be Portable, i.e. not installed on the system. IE browser will not be visible as it is already in Windows, Edge in Win 10 is the same thing.
We will need Flash and its version in order to add it to plugins and, if necessary, to include its physical version in the anti-detect.
Whether the user hasaDesktop or Laptop You can determine this using various options.[/DATAENCODE
On the taskbar you can find the Battery icon, Wi-Fi connection icon. I’ll show it now with examples.
Examples: https://prntscr.com/lx86z7 https://prnt.sc/lx871y
Copy the value and google the processor information. Here is an example of this processor information from Intel’s website which shows us that the user has a desktop computer. Screenshot: https://prnt.sc/lx89jp Example of CPU information for a laptop. Screenshot: https://prntscr.com/lx8g8y Another option is to look in the System.txt file or Information.log of processes/programs installed that are specific to the notebook computer. For example, these are processes that contain the keyword “Bluetooth”, programs specific to a particular laptop manufacturer (ASUS, DELL, MSI, ACER, etc.) Examples of processes: “Intel (R) Wireless Bluetooth (R)”, “Dell Touchpad”.
Know a few options because sometimes there may be no screenshot, or a screenshot of a certain area without the taskbar, or the taskbar may be hidden.
Taskbar: determining the position of the taskbar on the screen, the size of the icons, and whether the taskbar is hidden (if possible) The first question that comes to mind is, “Why do I need this?” The answer is: it is needed to set the size of the screen; the size of the browser window and the size of the browser working area in full screen mode of the browser (parameters “window.innerWidth”, “window.innerHeight”, “window.outerHeight”, “window.outerWidth”).
Of course, not every log will have this opportunity to look and understand 100%. Sometimes there may be no screenshot, there may be a screenshot of not the full screen area. Now I will show you how to properly estimate these parameters.
Screenshot : https://prnt.sc/lxy3x0
These examples are made on Windows 7. If you wish, you can then see and play around with these settings on any Windows OS.
User Network: determine the approximate router and its model (if possible) Sometimes you can determine the brand of the user’s router or its approximate model from the log. It can be necessary for more accurate configuration of WebRTC, more precisely – Local IP Address. To do this, you need to look in the log in the file with logins/passwords or in the file where the browser history is stored, popular router IP address masks.
Link to a table of the most popular router brands and default local ip addresses: https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit?usp=sharing
The most popular log search masks are “192.168.”, “10.0.”, “10.1.”, “10.90.”. I have highlighted the most popular brands in the table in light blue. If the login and password are still listed there, you can try looking at brands here:
Standard login/password mappings: https://192-168-1-1ip.mobi/default-router-passwords-list/
Here, using https://prnt.sc/ly3sww as an example, we can assume that the PC user has a D-Link router. But it is not 100%, as several other routers have the same mapping.
Much more accurate information can sometimes be shown by the browser history file. Here is an example: https://prnt.sc/ly41tw In the browser history, we see the Local IP Address and also the page header, which gives us a huge advantage in determining the router. If you google “B593s-931”, then we can determine that this is the name of the router “HUAWEI B593s-931”. Another example: https://prnt.sc/ly49nx If you google “userRpm/DdnsAddRpm.htm”, you can see that the router refers to TP-Link TL-WR741N / ND, or TL-WR841N or some others.
In addition to Local IP Address WebRTC, the information will be useful if someone changes MAC address, since the “beginning” of MAC address is different for each manufacturer.
Browser plug-ins: identifying popular plug-ins that are installed in your browser. Plug-ins in any programs are add-ons that allow you to expand its capabilities. Most popular browsers have the ability to install plug-ins that allow to extend its capabilities. For example, it can be Flash plugin from Adobe, the ability to read PDF pages in the browser; in Chrome this plugin already comes by default; the ability to run any Audio/Video codecs.
With each new release of updates, the number of new features and variations of supported content increases, so plug-ins gradually lose their relevance. As a result, Chrome, Firefox, Opera, Edge browsers are left with only built-in plug-ins and one add-on: Adobe Flash Player. So with the search for plugins is more relevant for Internet Explorer browser, or for older versions of Firefox (before version 52), Chrome, Opera.
Of course this example has too much information. In practice, there may be less.
Manual on configuring real configs from scratch using anti-detect Let’s move on to the most interesting section of this article.
The foundation of all fundamentals is the UserAgent UserAgent is the foundation in config creation. Just like building a house starts with the foundation, creating a config starts with UserAgent (abbreviated as UA). Let’s start with the theory. Let’s find out what UA is. UserAgent is a property (parameter), which contains the properties, by which is determined – which browser, which operating system, which version, and what specific software the user has.
In any Anti-Detect configurations this parameter is in navigator.UserAgent and in HTTP_USER_AGENT. Note: navigator.UserAgent and HTTP_USER_AGENT always match, but there is an exception: Internet Explorer browsers. Very often navigator.UserAgent in these browsers contains information about the user’s software.
Пример: HTTP_USER_AGENT:”Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko” navigator UserAgent: “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; Media Center PC 6.0; rv:11.0) like Gecko”
Let’s see how to make UA of the most popular browsers in Windows. [COLOR=rgb(0, 128, 255)]Let’s start with the easiest one – Mozilla Firefox[/COLOR]. UserAgent structure: Mozilla/5.0(Windows version; bit tags; rv: Firefox version) Gecko/20100101 Firefox/Firefoxversion Above I highlighted the parameters you need to know to create a real UA. Windows version Operating system versions. Options:
Windows NT 6.0- Windows Vista, Windows Server 2008. Windows NT 6.1 – Windows 7, Windows Server 2008 R2. Windows NT 6.2 – Windows 8, Windows Server 2012. Windows NT 6.3 – Windows 8.1, Windows Server 2012 R2. Windows NT 10 – Windows 10, Windows Server 20162019.
This parameter is in all UA on Windows. [COLOR=rgb(0, 128, 255)]Note[/COLOR]: on Edge browsers it is static, i.e. it does not change, as the browser is customized just for Windows 10.
bit tags “bitness” of a system. I think everybody knows and everyone knows that there are two 32-bit and 64-bit Windows systems. It is the browser that passes possible variations: Win64; x64 – this value is passed if the system is 64-bit. Empty value (nothing is passed) if the system is 32-bit. UA example: Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 WOW64 – this value is passed when a 32-bit browser application is running on a 64-bit system.
Firefox version [/I]- this value shows the version of your Firefox browser. Note: only value with one digit after the dot is transmitted, even if the browser version is “63.0.3”, only “63.0” will be transmitted to UA.
List of all current versions of Firefox: https://www.mozilla.org/en-US/firefox/releases/
Go to Google Chrome browser. Google Chrome UserAgent structure: Mozilla/5.0(Windows version; bit tags) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Chromeversion Safari/537.36 Although UA Chrome seems more complicated, it is actually even slightly easier, since the version. chrome does not need to duplicate twice. Windows version and bit tags are exactly the same values as in Firefox. Chrome version – This value shows the version of your Chrome browser.
Current Chrome versions: https://filehippo.com/download_google_chrome/history/
Moving on to Opera. UserAgent structure Opera: Mozilla/5.0(Windows version; bit tags) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Chromeversion Safari/537.36 OPR/Operaversion Opera browser is implemented on the engine WebKit and V8 in the Chromium shell, so the UA has “Chrome/Chromeversion”. , we can say the UserAgent is not very different. Windows version and bit tags and Chrome version is absolutely the same, as I described above. The only point with chrome version, but about this below. Opera version – this value shows the version of your Opera browser.
Actual versions of Opera: https://blogs.opera.com/desktop/
We are most interested in “Stable update”, “beta update, developer update, initial release” to a lesser extent. Example: OPR/56.0.3051.116 56.0 – browser version 3051 – Build browser 116 – Patch browser.
Clarifying what’s special about Chrome. A certain version of Opera, has a certain version of Chrome. You can’t just randomly write a version of Chrome or vice versa. These two values must be consistent.
Table with examples of Opera versions: https://docs.google.com/spreadsheets/d/1OglvdCpkWxr0GztpQ3Nzi3Ij0Ep4oEZxdfZn-PVwdqU/edit?usp=sharing
Moving on to the Edge browser. UserAgent Edge structure: Mozilla/5.0 (Windows NT 10.0; bit tags) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Chromeversion Safari/537.36 Edge/Edgeversion bit tags and Chrome version exactly the same, as I said above. Edge version this value shows the version of your Edge browser. Just like Opera , a certain version of Edge has a certain version of Chrome.
Current Edge versions: https://en.wikipedia.org/wiki/Microsoft_Edge
Note: We need “EdgeHTML version” values, not “Version” values. Example: Edge/17.17134 17 -EdgeHTML Version 17134 – Window Build.
Table with examples of Edge Chrome versions: https://docs.google.com/spreadsheets/d/1QkUj5f0oPIUGU6aGyZSS9DNUpGCaywv9W50y-tvSVPM/edit?usp=sharing
Here we finish the topic of UA, there is much more to say about the existing UA, because I have analyzed only the most basic browsers and the most popular and simple options. If at all this article will be interesting, I will describe in more detail more complicated variations of UserAgent from different browser types, mobile UserAgent and new types of browsers. Other variations where you can get UA:
Let’s walk through some simple configuration settings in Linken Sphere (Extended session settings).
Navigator.vendor – This parameter shows the name of the browser vendor. In our browser types, the value is empty or “Google Inc. The parameter is static, i.e. does not change.
Values in our browser types: Firefox-empty Edge-empty Chrome Google Inc. Opera- Google Inc.
Navigator.ProductSub – this parameter shows the Build number of the browser. The parameter is static, i.e. does not change.
Values in our browser types: Firefox- 20100101 Edge- 20030107 Chrome 20030107 Opera- 20030107
Navigator.hardwareConcurrency – this parameter shows the number of CPU threads, not the number of physical CPU cores as many people believe. The parameter is independent of the type of browsers we consider.
Popular values for this parameter are “2”, “4”, “8”, “12”.
Navigator.MaxTouchPoints – this parameter shows the maximum number of simultaneous touch presses that the device supports, i.e. if the device has multiple touch screens with different maximum values, the maximum value is shown. The parameter is independent of the type of browsers we are considering. Generally, they say that this parameter is more relevant for mobile configurations and this is true, but not quite. Actually usual desktop or laptop with mouse and keyboard connected will display “0”. Most often this value of the parameter.
But there are touch monitors in laptops, touch monitors for desktop PCs. So in this case, the value of the parameter is usually “1” or “2”. Therefore it is acceptable to put these values when configuring our config types. According to the information from the log it is impossible to determine in 95% what kind of laptop or what kind of display, so it is better to put the default value “0”.
Navigator.Platform this parameter indicates the platform on which the browser runs. Within our browser and OS types there can be two values: “Win32” and “Win64”. But even if Windows 64-bit and browser software is 64 bit, the value “Win32” is still used. So we put only this value.
Navigator.doNotTrack – This technology allows you to enable or disable the ban on tracking sites, various systems. The most popular values used: “Null” user did not set this parameter, therefore, it is not enabled. The most common use of this parameter is. “1”, “true” user enabled this feature, “0”, “false” user disabled this feature. In configs you can use all three values, preferably “null” or “0”. About substitution without antidetects, in Google there is an instruction with pictures for each type of browser how to enable/disable this technology.
Navigator.gamepads – this technology shows connected gamepads and their properties (joysticks like on Xbox and Playstation). According to the values in the sphere: “True” feature is enabled, “False” feature is disabled.
Feature: even if there are no connected gamepads on the system, this feature is enabled. So basically use the T “rue” value for our browser types regardless of the OC version. , Even on most mobile browsers the feature is also enabled.
Navigator.battery – this technology shows the information about the battery status (whether the battery is charging, the level of charging in %, the amount of time to fully charge/discharge etc.). By values in Linken Sphere: “True” is used this function without substitution, “False”, “Fake” is identical to True, only parameters of the battery itself are substituted.
For usage: in Edge, Firefox (after version 52) we put only “False”, in Chrome and Opera we put either “true” or “fake”.
This feature is not just for laptops, as you might think. On desktop computers, the Battery feature is enabled. The difference is that the settings will be static, as if it were a laptop on charge at 100%. Information on setting this parameter from the logger: if you have determined that the PC user is from a laptop you can enable “fake”, but if on your system where Linken Sphere is installed the Battery parameters are static and the logger user has a desktop computer then it makes sense to enable “True”. On real systems, if you have a laptop, it is very easy to change this parameter, you just need to discharge/charge the battery. Then the values of this function will change.
Navigator.webdriver. Webdriver in Browser is a software library (driver) that allows other programs to interact with the browser; to control the browser. This technology appeared in the browser not long ago, so it is experimental, and there is not much information on it. The webdriver technology is supported by all major browsers of the latest versions. The main values for the Webdriver property are “true”, “false” and “undefined”. (undefined). For use in Linken Sphere: If we make configurations for older browser versions (below 63 Chrome and 50 Opera, we use “undefined”). In other cases, it is allowed to use “true” and “false”. But considering the specifics of this technology and the way it is implemented in browsers, I advise you to use “false” in 95% of cases.
Navigator.Online this parameter shows the status of the browser. Its options are “True”, “False”, “1”, “0”. It is very clear that it must be “True” or “1”. In the sphere it is specially set to put only these parameters.
Navigator.deviceMemory this parameter shows the amount of RAM in GB. Values: 0.25 – 256 MB of RAM, 0.5 – 512 MB, 1 – 1024 MB etc. to a value of 8. If the RAM is more than 8GB(12GB,16GB,32GB,64GB), the value will still be “8”. If you are adjusting Firefox browser config, then the value will be “False”, because there is no such parameter there. If you are configuring Chrome, Edge, Opera config, then set this parameter (Works in Chrome since version 63, Opera 50 and in Edge version 17).
The most popular values are “2”, “4”, “8”.
Incognito parameter shows whether incognito mode (private mode) is enabled or disabled in the browser. It should be set to “False” only. Incognito mode in your browser, it’s when the browsing history, cookies, autocomplete, etc. are not saved. [S]This is a great option for school kids to watch porn without mom or dad catching you))[/S]/DATAENCODE
Configuration of language in config Three parameters are responsible for language in config in antidetects. Two in navigator (language, languages) one in the browser headers (HTTP_ACCEPT_LANGUAGE) Navigator.language – This parameter shows the language of the browser interface (i.e. roughly speaking what language your browser (not the system) displays in this parameter). Example: “en-US”, “en-GB”, “ru-RU” etc.
[COLOR=rgb(0, 128, 255)] This parameter is made up as follows: [/COLOR][Name of Language]-[ Country codes]
Name of Language – below is a link to a list of all languages and designations:
https://www.loc.gov/standards/iso639-2/php/code_list.php (take value from “ISO 639-1 Code”)
Country codes – below is a link to a list of all languages and designations:
Navigator.languages – this parameter shows the user’s preferred languages and is taken from HTTP_ACCEPT_LANGUAGE
Example: “en-US,en,ru-RU,ru”, “de-DE,de,en-US,en”
The parameter is composed for EACH language (each language is separated by a comma without a space): [Name of Language]-[ Country codes], [Name of Language]
HTTP_ACCEPT_LANGUAGE this parameter shows the preferred languages that the user can understand (system language, browser interface language) and the “preferred” language.
[COLOR=rgb(0, 128, 255)]Example[/COLOR]: “ru-RU,ru;q=0.9,en-US,en;q=0.7”
The parameter is composed for EACH language (each language is separated by a comma without a space): [Name of Language]-[ Country codes], [Name of Language]; q=[quality values]
quality values – language “preference” value. Can have a value between 0.1 and 0.9. The higher the value, the more preferable the language. I suggest 0.6 to 0.9 for the primary language and 0.4 to 0.7 for the secondary language.
In the scope, you just need to configure HTTP_ACCEPT_LANGUAGE(https://prnt.sc/lypoyp) to configure language settings. The easiest way to change the language without AD is simply to change the language in your browser. There is also information in the log about the user’s language and keyboard layout languages.
Configuring the screen settings Now let’s move on to the settings that relate to the user’s system screen. I won’t go into the theory too much, but I’ll try to explain these parameters very simply in practice.
To get you started, let’s take a look at the basic Linken Sphere screenshot:
Screen.width| device-width – these parameters show the screen width in pixels. Of course, in some subtleties they are different parameters, but for the purposes of our article I have combined them, because the values will be the same. Screen.height| device-height – these parameters show the screen height in pixels. I combined them for the same reason. device-width and device-height in the scope can be adjusted in the general settings (Physical screen size). Screen.width and Screen.height should be adjusted in the session screen settings (NOT in Extended settings)
Screen.availWidth – this parameter shows the screen width in pixels that the browser can occupy. In the screenshot we have the taskbar at the bottom, hence it is related not to the width but to the height; the browser can occupy the full length. Therefore Screen.availWidth= Screen.width| device-width
Screen.availHeight-this parameter shows the screen height in pixels that the browser can occupy. In the screenshot, in order for the browser to occupy the full height, the taskbar is “in the way”, so this parameter will be calculated as Screen.width MINUS taskbar height.
Let’s break down the examples from the first part of the article when we looked at the taskbar there. Now in more detail and with an example. Let’s take a Full HD 19201080 screen. If the default taskbar (at the bottom, with large icons as in the screenshot) then its height will be 40 px. With these values, “Screen.availWidth” will be 1920 and “Screen.availHeight” will be 1040 px (1080-40 =1040)
If the icons in the taskbar are small, the height of the taskbar will be 30 px and the value of “Screen.availHeight” will be 1050 px If the taskbar is hidden, the value of “Screen.availHeight” will be 1080 px. Exactly the same story will happen if the taskbar is placed at the top instead of the bottom.
Next, the taskbar can be placed on the right or left and then the parameter “Screen.availWidth” will be changed. By default it will be 1858 (1920 MINUS the taskbar width of 62 px). If the icons are small, then this taskbar placement does not change anything in the width of the panel and the value will be 1858; if the taskbar is hidden, the value will be 1920. This is actually what we were looking at the taskbar for from the screenshot in the log.
Screen.availTop shows the first top (vertical) coordinate of the pixel screen that is not occupied by a taskbar.
Screen.availLeft shows the first top (horizontal) coordinate of the pixel screen that is not occupied by the taskbar.
If the taskbar is placed at the bottom or on the right side, these parameters will be set to “0”. Exception: If there is a second monitor, “Screen.availLeft” parameter can be negative or even positive. If the taskbar is placed on top or on the left, these parameters will have values depending on whether the icons are large or small. If the taskbar is hidden, these parameters will have a value of “0”.
Otherwise: if the taskbar is on the left side by default, “Screen.availLeft” will be 62 px, if the taskbar icons are small, also 62 px (since its width does not change when placed sideways) If the taskbar is at the top, “Screen.availLeft” will be 40 px, if the taskbar icons are small, then it will be 30 px.
Simply put, Screen.availTop shows the height of the taskbar if it is placed at the top, Screen.availLeft shows the width of the taskbar if it is placed on the left.
Knowing the taskbar placement about the screenshot screen in the log, we can calculate these parameters. The above values are valid for Full HD screen of 1920 px by 1080 px.
In the attachments of the thread (at the very bottom) I have attached the simplest, but very handy checker to calculate the parameters of the screen and browser window. I am not a programmer and I am not keen on it, so it works correctly and smoothly only in Chromium browsers (Chrome, Opera). This is why this checher should not be used on Firefox. Hopefully, there will be someone who knows jQuery and adapts this simple cheque for Firefox. The forum engine does not allow to attach HTML files, so I attached in TXT format. You just need to open file and use Save As tool and specify the format .html
The most popular OC screen resolutions and settings for different browser resolutions: https://docs.google.com/spreadsheetsit?usp=sharing
Screen.colorDepth and Screen.pixelDepth – these parameters show the quality of color rendering. The values of these parameters are the same.
Possible values are “24” and “32”. For the purposes of our article, we put only “24”. The value “32” is for devices such as Iphone, Ipad, etc.
Screen.orientation – this parameter shows information about the screen orientation. The easiest way to explain it is with a screenshot. https://prnt.sc/lz7j8w We use only “landscape-primary” parameter within PC; other parameters are for mobile devices, tablets, etc.
Screen.angle – this parameter shows the screen rotation angle.
“landscape-primary” value 0; “portrait-primary” value 90; “landscape-secondary” value 180; “portrait-secondary” value 270
Adjusting Browser Window Settings To begin, let’s see all the basic browser window settings in Linken Sphere clearly in the screenshot for better understanding (screenshot honestly stolen and refined):
Screenshot : https://prnt.sc/lz7r9g
We will consider the setup from two options:
Window.outerWidth – this parameter shows the width of your browser window, including the scrollbar, toolbar, etc.
Window.outerHeight – this parameter shows the height of your browser window, including toolbar, URL bar, browser tabs, download area, etc.
The screenshot above perfectly illustrates these settings and how they differ from others. If we have the browser in full screen mode, we can specify the exact values. If we’re working in windowed mode, there can be lots of values, just make sure the values are “consistent” with the other parameters(innerWidth, client.Width, innerHeight, clientHeight, screenLeft, screenTop, screenX,screenY) . The best and easiest option to get the values for windowed mode is to use the script that I attached to the thread.
In full-screen mode, these parameters correspond to “availWidth” and “availHeight”
Window.innerWidth and body.clientWidth – these parameters show the width of the browser working area, in other words, all the width in pixels by which your site is loaded, excluding the width of the scroll bar, taskbar (if it is located on the right side), and other elements which narrow this width. I’ve combined these parameters, as they will overlap within our article.
Window.innerHeight and body.clientHeight are parameters that represent the height of the browser working area, in other words, all the height in pixels that your site reaches, excluding the horizontal scroll height, height of the tab area, height of the URL in the browser and other elements that reduce this width. I’ve combined these parameters as they will overlap within our article.
These parameters are the most dynamic and unpredictable compared to the other ones. Even in full-screen mode, a bunch of other windows are affected in addition to outer.Width/Height.
For example, Google Chrome affects the browser appearance setting (“Show bookmarks bar”), whether the downloaded files bar is displayed in the browser (Example: https://prntscr.com/lzd3r5), etc.
In Firefox, the settings under “Customize”(https://support.mozilla.org/en-US/kb Toolbar items) are affected. Specifically, Toolbars settings (Menu, Bookmarks, Header), “Density” parameter.
And so in each browser different settings affect these values.
In window mode, in addition to these parameters, the “screenLeft, screenTop, screenX,screenY, outerWidth/Heght” parameters also have an effect.
In any mode, the devicePixelRatio parameter has an effect, but more about it below. Again, the best and easiest way to get the values is to use a script.
Setting table for different screen resolutions in full screen mode with default browser settings: https://docs.google.com/spreadsheetsit?usp=sharing
window.dexicePixelRatio – This parameter shows the ratio of physical pixel size to logical pixel size. To put it simply, within the framework of our browser types consideration, it is the page scale parameter. By default it is 100% and the parameter is “1”. If we scale the page up or down, this parameter changes. We zoom in to 125% , the parameter changes to “1.25”, we zoom out to 90% , the parameter changes to “0.9”.
Clarifications: changing this parameter affects the parameters “Window.innerWidth, body.clientWidth, Window.innerHeight, body.clientHeight) both in full screen mode and in windowed mode.
To change the parameter naturally, you must use an increase or decrease step as in a real browser.
Firefox browser scale values: “50%”, “60%”, “70%”, “80%”, “90%”, “100%”, “110%”, “120%”, “130%”, “140%”, etc. (Step 10%)
Chrome browser scale values: “33%”, “50%”, “67%”, “75%”, “80%”, “90%”, “100%”, “125%”, “150%”, “175%”, “200%”, “250%”, “250%”, etc. (The step is dynamic)
And so on for each browser.
Another tricky thing with the values of this parameter. Let’s take the Chrome browser:
100% parameter value is “1”; 110% parameter value is not “1.1” but “1.100000023841858”; 125% parameter value is “1.25”. I.e. the value may not always be exactly the same; it varies from browser to browser
One last thing: the size of the working window is NOT decreased or increased by exactly the devicePixelRatio value. Thus, if we increase zoom by 25%, it does not mean that the height of the browser workspace will be decreased by exactly 25%. The percentage values will be different.
window.screenLeft and window.screenX – these parameters show, in pixels, how much the browser window in window mode is shifted to the right of the first pixel. window.screenTop and window.screenY-theseparameters show, in pixels, how far down the browser window has moved from the first pixel in window mode.
On the screenshot I have clearly shown these parameters. I have combined these parameters because they are the same for the purposes of our article. The Chrome, Opera, and Edge browsers use all of these options. The Mozilla Firefox browsers use only these options: ScreenX and ScreenY.
If the browser is in full-screen mode and the control panel is at the bottom or right side, the values of these parameters are “0”. If you use full-screen mode in the browser and the control panel is at the left or top, the values of these parameters are equal to the width or length of the control panel.
If you use a windowed browser mode, the parameters will depend on how far they are shifted from the left first pixel of the screen and the top first pixel of the screen. It is best to use a script to calculate these parameters. These parameters have no direct relation to the parameters Outer.Width/Hegiht, innerWidthHeight, i.e. the rule “screenWidth= screenLeft/screenX Outer.Width” will NOT work, as there are no parameters responsible for the right and bottom sides of the screen, and therefore the “outer.Width” at screenLeft/screenX value of 50 px can either be 600 px, 500 px or 900 px – it depends on how we “stretch” the browser window in width. This rule also applies to screen height.
window.pageXOffset – displays how much the page is scrolled to the right (vertically in pixels) with the scroll bar relative to the top left window. window.pageYOffset – this parameter shows how much the page is scrolled down (horizontally in pixels) using the scroll bar relative to the top left window.
For a better understanding, see a screenshot.
In full screen mode, window.pageYOffset parameter is dynamic, because on almost any major popular website, we scroll down the page, rarely does the site fit fully into the working window, google main search page is not included, so this parameter is best simply NOT to substitute.
In full-screen mode, the window.pageXOffset parameter is mostly “0” because sites are adapted to different screen resolutions, and scrolling sideways is wildly awkward. But if we have a windowed browser mode, it can also be, depending on the site and browser window size. Therefore it makes no sense to set constant values to these parameters. As for me, if we take a substitution, the only possible sense is to make it random within some values.
Configuring plugins in config I told about plugins in details in section 1 of the article. The new versions of Chrome, Firefox, Opera, Edge have only built-in plug-ins and 1 plug-in that you can install Adobe Flash Player.
There are two types of Adobe Flash Player software: Adobe Flash Player ** NPAPI – for Firefox browser Adobe Flash Player ** PPAPI – for Opera/Chrome browser.
Now we will take a detailed look at how to configure plugins and what variations you can make.
Firefox has two default built-in plugins “Widevine Content Decryption Module” and ” OpenH264 Video Codec provided “, but these plugins are not shown when prompted.
The only plugin you can add to Firefox is Flash. Subtleties: When installing Flash in the system, the default setting is “Ask to Activate”, with this setting, Flash is shown only when the site is requested; the plugin is not lit in the checkers; if the setting is “Always Activate”, then the physical Flash and the plugin is lit. Therefore, installing Flash in system, we can unique this print even without anti-detection.
With anti-detect, we have two options: either we add the Flash plugin or we don’t. If we add it, we have different variations in the form of Flash versions. This gives us the opportunity in different configurations, to do different plugin Flash, rather than adding the same one. As a reminder, in the realm, plugins are configured in “Extended session settings.”
Table for configuring plugins in Firefox: https://docs.google.com/spreadsheetsit?usp=sharing
Google Chrome has 4 plugins by default, some of which can be enabled/disabled; the only plugin that can be added is also Flash.
Plugin parameters are static by default; they do not change. A Flash plugin has parameters that change depending on the version of the plugin and depending on the bit mode of the system: 32-bit; 64-bit. Read more about default plugins:
Chrome PDF Plugin and Chrome PDF Viewer – these plugins are responsible for PDF documents in Chrome and allow you, for example, to open PDF directly in Chrome online without downloading the file to your computer. These plugins are linked; so you either add both plugins to your configuration, or neither. You can enable/disable it in regular browser in Advanced PDF Documents Content Settings.
Widevine Content Decryption Module – This plugin is responsible for prohibiting copyright holders from copying audio and video content. Since version 57 of Chrome, the plugin cannot be disabled. That said, I’ve seen more than once in systems and configs that this plugin was not glowing, even though Chrome versions were some of the latest.
Native Client – the plugin is responsible for running some online games and applications. It is impossible to disable, so this plugin add 100%.
Table for configuring plugins in Google Chrome:
In the Opera browser, everything is identical to Chrome except for a few tweaks.
Table for configuring plugins in Opera: https://docs.google.com/spreadsheetsit?usp=sharing
Configure font list All antidetects on the market allow to spoof font imprint. The configs of most antidetects contain a font list. Sphere allows to conveniently edit font list in config or create it from scratch by loading font names from file.
In the system itself, without anti-detection, it is very easy to edit the font list. To do this, go to the control panel design and personalizationfonts.
There you can add new fonts by downloading them or remove existing ones. By doing this, we change our list.
In each system, due to different programs installed and other factors, the list of fonts and the number of fonts will be different. But there are basic fonts for every version of Windows.
List of basic fonts and their styles for Windows 7: https://docs.microsoft.com/en-us/typws_7_font_list
List of basic fonts and their styles for Windows 8: https://docs.microsoft.com/en-us/typws_8_font_list
List of basic fonts and their styles for Windows 10: https://docs.microsoft.com/en-us/typs_10_font_list
These base fonts can be used as a starting point for creating your list. Some clarifications: All font family links are clickable. Inside, you can find information on which Windows operating systems and programs use this font family. It is not necessary to specify all font styles in the list, you can specify only the font family. Check the font families on the website; for example the “Wingdings” family actually contains 3 fonts.
Here’s a great list for making your own font list. It lists a large number of fonts and which Windows operating systems and programs use them.
Full list of fonts: https://docs.microsoft.com/en-us/typography/font-list/
Setup WebRTC and .MediaDevices.enumerateDevices substitution .MediaDevices.enumerateDevices – this function allows getting a list of all devices (audio and video devices, USB cameras, microphones, etc.). You can get deviceID data, device names and device type.
The function in Linken Sphere has settings: “True ” function is enabled, but parameters are not swapped. “False ” feature is disabled, “Fake ” feature is enabled; parameters are swapped.
We only use the “Fake” parameter in our browser types.
Let’s move on to setting up WebRTC. Let’s use swapping on all the browser types that we’re sorting out with you today. Let’s take a look at some of the subtleties.
[DATANECODE]10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.255
But again, there are subtleties. Let me remind you of this table:
Now, there is a Default Local IP column. It is the default local IP of the router, which can be used to enter its settings. Therefore, it is better not to set these IPs when configuring the configuration.
The next trick is to work with logs and local IP. In the first part, we tried to find out the approximate brand of the router, and ideally its model. So in some cases, we can guess the approximate local IP address.
Actually, where does this local address in WebRTC in your system come from? Most routers have a DHCH server in their settings. The DHCH server assigns a local IP to each device that connects to the router. Typically, DHCH settings are roughly, depending on the brand and model of router: Start IP, End IP, and how long the IP address is set for. For example, let’s take the router’s settings as follows:
Initial IP: 192.168.0.2 Final IP: 192.168.0.100 Time: 1440 min (24 hours)
We connect our laptop to the router, DHCH server gives it local IP: 192.168.0.2 for 24 hours; We connect our mobile phone, DHCH server gives it local IP: 192.168.0.3 for 24 hours; we connect our fridge with Wi-Fi to the router, DHCH server gives it local IP: 192.168.0.4 for 24 hours and so on. Let’s say 12 hours have passed, the lights went out, and the router rebooted; and the fridge is the first to connect to our router. Now he DHCH-server gives him local IP: 192.168.0.2 for 24 hours; then cell phone connects him DHCH-server gives him local IP: 192.168.0.3 for 24 hours; then laptop connects him DHCH-server gives him local IP: 192.168.0.4 for 24 hours.
This example shows that local IP is dynamic and can vary within the range specified by the DHCH server in the router.
Knowing the router brand and model, you can view this IP range, and set the approximate local IP in the log. Again, in the example above, the owner has a D-Link router; we have determined the starting and ending IP. Most probably the owner also has 2-4 devices connected to the router (e.g. telephone and TV). Therefore, we easily put the local IP “192.168.0.2” or “192.168.0.3” or “192.168.0.4” or “192.168.0.5”. You can find emulators of most popular routers on the Internet and see the base IP range in the settings; I also added the starting and ending IP to some models in the table.
Setting up swaps in config. Although it’s not related to configuring the actual config, but I’ll go over some of the specifics. You can find a lot of information about all the prints which are substituted by the sphere, so I won’t describe the same thing 10 times.
About using swaps: I suggest using all swaps in any of our browser types, but with a few tweaks.
One more thing, in some anti-detectors you can adjust Flash settings, so if there are such settings and you decide to use Flash, don’t forget to adjust them (such settings as OC, language, screen resolution, Flash version and others)
There are only two: A) When the config is created with the same type of browser as anti-detect, i.e. Linken Sphere is written based on Chromium, hence, if you create a Chrome configuration, it is allowed as an option to disable substitution. The second option is slightly worse: it is when the browser is made in the Chromium shell. In our case, this is the type of browser: Opera.
Tips, Tricks, Tips and Tricks using Linken Sphere anti-detection
Installing Linken Sphere: Virtual Machine or Host? Should I install in a Virtual Machine or in a Host? Also a very popular question. Again, you can find a better option for yourself. Linken Sphere on the Main Machine Pros:
Let me explain in more detail what I mean: Almost any anti-detect in the world, if it does not tamper with any parameter, it is most likely taken from your system, or it is simply disabled.
Linken Sphere on a Virtual Machine
It’s the other way around, though, and the minuses become pluses and the pluses become minuses.
3 use case: some use Linken Sphere on a dedicated server, which is also, in its own way, an interesting option that has some pluses from those two options above.
What type of configs are best to use for typing. “Good” options to use configs for different OS types. Actually taking into account the fact that this antidetector is written on the sources of Chromuim engine, it is ideal to use configs with Chrome browser and browsers based on Chromium platform.
If Linken Sphere is on your Windows OS, “good” config options:
If you have Linken Sphere on your OC MAC X, the “good” config options are:
Of course, you can use any configs on any OS, but these are preferable due to the fact that the OC and/or platforms overlap.
Lifehack: Using “Non-standard” configs when hammering in As a good and unusual alternative to the variations I wrote above, there can be the use of “non-standard” configs. In my mind, non-standard configs, are those systems that are not common in general and are rarely used for inbits. For the sphere and some other ADs, the criterion may still be the fact that these configs cannot be found in config shops. Here are examples of such configs: Xbox One, PlayStation 4, Blackberry, PlayBook, Kindle, etc. It’s hard, of course, to imagine holders typing with Playstation 4 or PlayBook, but nevertheless these variants have a place in some topics and as one of the factors of “non-standard” typing.
How to get these configs for the sphere? There is only one way to do this. After reading the entire manual, you will be more or less understand how to make configs. The problem is, where can we get all the data (UserAgent, WebGL, WebRTC, Window.Screen, Window.Navigator, etc.) for these devices? It’s very simple) Either look at the real device on all the necessary chekkers, or take from configs of another antidetector.
Using the “Web Emulator”tool Web Emulator is a tool in Linken Sphere that allows you to automatically visit a list of sites by simulating human behavior. This tool is useful in that it automates the process of getting cookies, thereby reducing our time spent on routine work, i.e. you enter a list of sites, turn on the emulator, and voila, we already have a browser cookies of various sites.
In practice this tool is very useful because antifraud systems of shops may very well collect and analyze your cookies. Thus, using this tool properly, we will be more like a normal user.
By setting this tool : https://prnt.sc/jkvy3p
Check the checkboxes for [COLOR=rgb(0, 128, 255)]Disable popups[/COLOR] and [COLOR=rgb(0, 128, 255)]Enable alert after complete[/COLOR]. [COLOR=rgb(0, 128, 255)]MaxVisited Page[/COLOR]- displays the maximum number of pages you can open on each site. COLOR=rgb(0, 128, 255)]3-4[/COLOR] to [COLOR=rgb(0, 128, 255)]12-30[/COLOR]. [COLOR=rgb(0, 128, 255)]Max time on page, min[/COLOR] – I would recommend putting 30 seconds to 2 minutes.
Start delay – this item is responsible for the delay (in minutes) before the emulator starts. This is up to you.
Each site should be listed on a new line and with https://.
About the list of sites. I would recommend everyone to make his list of sites to bypass depending on the country you enter (in my case it is the USA). I will make my list of 30-40 sites which you will need to switch between different sites in order to avoid doing the same thing every time
TOP SITES BY ALEXA RANK: https://www.alexa.com/topsites
There you can select top 500 sites of different countries, find out the average depth of page views, average time of users’ stay on the site for the last 3 months.
Detect Social Media Login
Here’s a common public example showing that sites can easily see if you’re logged into popular social services. So if you want to be more like a real PC user you need to make an account on popular networks and login on them right before your work (or buy ready-made accounts). The most popular services are Facebook, Twitter, Gmail, Youtube, Google , Instagram, Pinterest, Battle Net, Xbox, PSN, Tumblr, etc.
This rule also applies to logs. Check the accounts of popular social services that our user has, log in to them (if we don’t automatically get to them with our cookies), and only then go to the sites we want.
This article has come to an end. The topic of creating configuration and parameters is very broad and can be very deeply explored. I tried to tell you the most important things, so that it would be clear to everyone. Yes yes, unfortunately, because of lack of time, one of the most complicated points of configuration options WebGL I did not have time to understand this passing year. In the new year, I will try to write more interesting articles on various topics settings (including about WebGL), approaches to work, publish interesting reviews on some services. I will be glad to see your feedback on this article. If you have any questions about working with logs, configuring configuration you can write them in this thread.
5% Discount on Linken Sphere browser purchase and renewal and personal support from me on this product. Promo code: LS_XERL
dumps with pin atm cash out