Anonymity - puzzlepeaches/CredMaster GitHub Wiki

CredMaster fixes a number of potential anonymity issues with password spraying and/or the FireProx tool:

• IP Rotation on every authentication request

• UserAgent spoofing (optional)

• Automatic Header spoofing, all of the following are spoofed for anonymity

  • X-Forwarded-For leaks original IP addresses on each request
  • x-amzn-apigateway-api-id leaks the API ID of the FireProx instance tied to your account
  • X-Amzn-Trace-Id leaks some AWS data, unsure what it is, but still good to spoof

Further data and screenshots will be in an upcoming blog post.