Machine Translated by Google

Manual: Setting up real configs from scratch. Working

with logs: Tips and tricks for working with logs and
using antidetect
Getting basic information from the system log

In the log, the most basic information about the system is contained in the file System.txt,
or Information.log. Screenshot: https://prnt.sc/lx4rp1. In the screenshot, I highlighted the parameters
that we need to configure the system.

1. Windows - This parameter contains information about the version of Windows and the bitness
of the system (32-bit or 64-bit, 64-bit is much more common). Most often you will see logs
Windows 7, Windows 10, less often - Windows 8, 8.1, XP. We will configure
need this
"navigator.UserAgent",
parameter to
and some
derivatives.
2. Display Resolution - This parameter contains information about the resolution of the user's
screen. Required to configure all settings related to screen resolution and browser window
size and other related settings.
3. Display Language, Keyboard Languages - These parameters contain information about the
language/languages of the system. Needed to configure the "navigator. Language", "navigator.
Languages" and HTTP_ACCEPT_LANGUAGE.
4. CPU Count - This parameter contains information about the number of
processor threads. Required to configure the "navigator.hardwareConcurrency" parameter
5. RAM - This parameter contains information about the amount of RAM. Required to configure
"navigator.deviceMemory"
6. Videocard - This parameter contains information about the video card of the system.
Required to configure WebGL. I draw your attention to the fact that the system can contain
two video cards: one is discrete, and the other is integrated. This is commonly used on
laptops. And which one runs for the browser is 100% unknown. Firstly, the user can manually
set which video card will be used, and secondly, for example, it can be like this: if the laptop
is charging, a discrete video card is used, if on battery power, then an integrated one.
Therefore, in laptops, you should not rely on this parameter 100%.

7. [Network] We take almost everything except Geo (Latitude and Longitude); This information
will be useful to you for a more competent selection of Socks / SSH tunnel. There is no ZIP
in my log, but it is not difficult to break through it. To do this, you just need to punch the IP
address in the MaxMind database, or find the user's home address in the autocomplete of the
browser, or in the mail or in the shop. It is desirable to select an IP not only as close as possible
to the ZIP address, but also, if possible, with the same IP mask and the same Internet provider.

Our next step is to determine the browser type and the browsers to create the configuration.
It happens that PC owners use several browsers, and not just one. Therefore, if necessary, it is better
to create two sessions in the sphere, i.e. two configurations rather than loading the cookie into one.
To do this, we look at the sites we need with logins and passwords in the “passwords.txt” file, the
“Soft” parameter Screenshot: https://prnt.sc/lx5ofi, as well as the files in the “Cookies” folder for the
presence of the necessary sites (files in this folder are divided into browsers, it is possible that Cookies
can be stored in a shared folder, it all depends on which stealer the log is from). Example: http://
prntscr.com/lx5oag

In my case, there is only one Google Chrome browser in the log, so I mark myself only
1 browser. Let's move on to more interesting information that does not lie on the surface.

Determine if there is FLASH in the system and its version, determine the version of the browser
(if possible)

Contact the author: Jabber: [email protected]

Machine Translated by Google

To do this, go to the System.txt file, or Information.log and in the installed programs [Software] section, look for
"Adobe Flash Player". If found, then we mark that Flash is, we write down its version. There are two types of
Adobe Flash Player: Adobe Flash Player ** NPAPI - for Firefox browser. Adobe Flash Player ** PPAPI - for
Opera/Chrome browser. Screenshot: http://prntscr.com/lx5ztv

Following in the same screenshot, we see the version of Google Chrome, if not, then we try it
find in the file on request "Google Chrome". We also mark the version for ourselves. We will need the
browser type and version to configure the “navigator.UserAgent” parameter, and in exceptional cases, to disable
Canvas substitution. We are looking for the Mozilla Firefox browser on the request "Firefox", we should find
something like this "Mozilla Firefox 64.0 (x64 en-US) [64.0]". The name of the Firefox browser contains the
bitness of the program (32 or 64 bit), which is also useful in the “navigator.UserAgent” setting. We are looking for
the Opera browser on the request "Opera", we should find something like this "Opera Stable 57.0.3098.106
[57.0.3098.106]".

For various reasons, it is not always possible to determine the version of the browser, one of which is
that the browser can be Portable, i.e. not installed on the system. The IE browser will not be visible, because. it
is already native in Windows, with Edge in Win 10 the same hat.

We will need the presence of Flash and its version in order to add it to plugins and, if
necessary, include its physical version in the antidetect.

We determine the user's desktop computer (Desktop) or Laptop (Laptop)

You can determine this using various options.

1. According to the screenshot in the log. In the screenshot of the screen, we are looking for what is peculiar
laptop on the taskbar in the lower right corner, or on the desktop what is typical of a laptop (program icons
for a laptop, etc.).

On the taskbar, you can find the Battery icon, the Wi-Fi connection icon. I'll show it now
on examples.

Examples: http://prntscr.com/lx86z7

https://prnt.sc/lx871y

2. According to information about the processor in the system. To do this, go to the System.txt or
Information.log file and look at the “Processors” parameter Screenshot: https://prnt.sc/lx88az

We copy the value and google information about the processor. Here is an example of information
on this processor from the Intel site, which shows us that the user has a desktop computer. Screenshot:
https://prnt.sc/lx89jp

An example of information about the processor for a laptop. Screenshot: http://prntscr.com/lx8g8y

Well, another option is to look in processes or installed programs in the file

System.txt or Information.log processes/programs related to the laptop. For example, these are
processes in which the keyword “Bluetooth” appears, programs specific to a particular laptop
manufacturer (ASUS, DELL, MSI, ACER, etc.)

Process examples: "Intel (R) Wireless Bluetooth (R)", "Dell Touchpad".

It is necessary to know several options, because sometimes there may not be a screenshot,
or a screenshot is obtained of a certain area without a taskbar, sometimes the taskbar is hidden.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Taskbar: determine the position of the taskbar on the screen, the size of the icons and
whether the taskbar is hidden (if possible)

The first question that comes to mind is: “Why the hell is this necessary?”. Answer: it is necessary for
in order to set the screen size; dimensions of the browser window and dimensions of the browser
working area in the browser's full-screen mode (parameters "window.innerWidth", "window.innerHeight",
"window.outerHeight", "window.outerWidth").

Of course, not every log will have such an opportunity to look and understand everything 100%.
Sometimes there may not be a screenshot, sometimes there is a screenshot of an incomplete area of the screen.

Now I will show how to properly evaluate these parameters. Screenshot: https://
prnt.sc/lxy3x0

These examples are made on OC Windows 7. If you wish, you yourself can then
view and play with these settings on any OC Windows.

1) The position of the taskbar. Happens: horizontal and vertical. Most

User position is by default: horizontal. 2) The size of the taskbar icons.
There are two sizes of icons: large and small. The default icon size is large. Large icons are installed
by most users. On Windows 7, there is a feature: if the icons are small, then the start button icon
protrudes beyond the taskbar area. Sometimes it is not always possible to understand the size of
the icons even from a screenshot, I also advise you to pay attention to the Display Resolution in
the log; One thing is a screenshot of the screen size "1024 x 768", another thing is "2560 x 1440"
3) Hidden taskbar. By default, the taskbar is not hidden for most users. A hidden taskbar doesn't
mean it doesn't exist at all. It just does not appear on the screen, but appears when you hover the
mouse cursor. If you have a full screenshot in the log and there is no taskbar, then it is just hidden. 4)
If in the screenshot the PC owner has the type of browser you need open, this is also

note, it will come in handy in the setup. Screenshots with an open browser are quite common.

User network: determine an approximate router and its model (if possible)

Sometimes the log can determine the brand of the user's router or its approximate model.
This may be necessary to fine-tune the WebRTC, or rather the Local IP Address.

To do this, you need to look in the log in the file with logins / passwords or in the file where
the browser history is stored, popular masks of IP addresses of routers. Here is a link to a table of
brands of the most popular routers and default local ip addresses:

https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4w
gl4/edit?usp=sharing

The most popular search masks in the log: "192.168.", "10.0.", "10.1.", "10.90.". Most
I highlighted the popular brands in the table in light blue.

If the login and password are still indicated there, you can try to look at the standard login / password
bundles by brand here: https://192-168-1-1ip.mobi/default-router-passwords-list/

Here is an example https://prnt.sc/ly3sww it can be assumed that the user has a PC router
D Link. But this is not 100%, since several other routers have the same bundle.

Much more accurate information can sometimes be shown to us by the browser history file. Here is
an example: https://prnt.sc/ly41tw

Contact the author: Jabber: [email protected]

Machine Translated by Google

In the browser history, we see the Local IP Address and plus the page title, which gives us a huge plus in
determining the router. If you google "B593s-931", you can determine that this is the name of the router "HUAWEI
B593s-931". Another example: https://prnt.sc/ly49nx

If you google "userRpm/DdnsAddRpm.htm", you can see that the router belongs to
TP-Link TL-WR741N / ND, or to TL-WR841N or some others.

In addition to the Local IP Address WebRTC, the information will be useful if someone changes the MAC
address, since the “beginning” of the MAC address is different for each manufacturer.

Browser plugins: identify popular plugins that are installed in the browser.

Plugins in any program are add-ons that allow you to expand its capabilities. Most popular browsers
have the ability to install plugins that allow you to expand its capabilities. For example, it could be a Flash plugin from

Adobe, the ability to read PDF pages in the browser; in Chrome, this plugin already comes by default; the ability
to run any Audio / Video codecs.

With each new release of updates, the number of new features and variations of supported content
increases, so plugins gradually lose their relevance. As a result, in Chrome, Firefox, Opera, Edge browsers, only built-
in plug-ins and one added one remained: Adobe Flash Player. Therefore, with the search for plugins, it is more relevant
for the Internet Explorer browser, or for older versions of Firefox (up to version 52), Chrome, Opera.

Most popular plugins: Flash, Java, Microsoft Office, Adobe PDF Reader, Windows Media Player, Real
Video/Audio.

At the beginning of the article, we already determined whether Flash was present in the system. So Flash
Player is also a plug-in in the browser. Therefore, if Flash is available, then in some types of browser it will be in plugins.
We mark ourselves if it exists.

We will also look for other plugins in the System.txt file, or Information.log in the section
installed programs [Software].

We find the QuickTime plugin on the request "QuickTime", the approximate name of the plugin:
"QuickTime 7 [7.79.80.95]"

We find the Silverlight plugin at the request "Microsoft Silverlight", the approximate name of the plugin is:
"Microsoft Silverlight [5.1.50907.0]"

We find the Java plugin on the request "Java", the approximate name of the plugin: "Java 8 Update 191
[8.0.1910.12]"

We find the RealPlayer plugin at the request "RealPlayer", the approximate name of the plugin:
«RealPlayer [18.1.15.]»

We find the Adobe Acrobat plugin (for reading PDF files) at the request "Adobe Acrobat Reader DC", in the end
it will be something like "Adobe Acrobat Reader DC [19.010.20064.]"

There are many other different plugins, this was just an example of popular plugins. The list can go on for a very
long time.

This completes the collection of information on the log. As a result, we have collected the following information:

Windows: Windows 10 Home [x64]

Display Resolution: 1920x1080

Contact the author: Jabber: [email protected]

Machine Translated by Google

Display Language: en-US

Keyboard Languages: English (United States)

CPU Count: 4

RAM: 8139 MB

VideoCard: NVIDIA GeForce GTX 970

[Network]

IP: 38.104.174.234

Country: United States (US)

City: Pleasant View (California)

ZIP: 93260

ISP: Cogent Communications (Txox Communications)

--

Browser: Google Chrome ver. 68.0.3440.106

Flash: available, ver. 30.0.0.154

--

PC: Notebook(Laptop)

--

[Task bar]

Position: Horizontal

Icon Size: Large

Hidden taskbar: No

Is there a browser in the screenshot: YES

--

Router: ~TP-Link TL-WR741N or TL-WR841N

---

[Browser plugins]

Adobe Flash Player

RealPlayer

Adobe Acrobat

Contact the author: Jabber: [email protected]

Machine Translated by Google

Of course, this example has too much information. In practice, it may be

less.

Manual for setting up real configs from scratch

using antidetect.

Let's move on to the most interesting section of this article.

The basis of all the basics -
UserAgent UserAgent is the basis in creating a config. As building a house begins with a
foundation, so the creation of a config begins with a UserAgent (abbreviated as UA). Let's start with theory. Let's figure out
what UA is.
UserAgent is a property (parameter) that contains properties by which the determination is made -
which browser, which operating system, which version, and which specific software is installed.
user.
In the configs of any Antidetect, this parameter is located in navigator.UserAgent and in
HTTP_USER_AGENT. Note: navigator.UserAgent and HTTP_USER_AGENT are always the same, but there
is an exception:
Internet Explorer browsers. Very often in these browsers, navigator.UserAgent contains information about the user's
software. Example: HTTP_USER_AGENT: "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
navigator UserAgent: "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0
.50727; .NET CLR 3.5.30729; Media Center PC 6.0; rv:11.0) like Gecko» Let's start with the simplest -
Mozilla Firefox. UserAgent structure:

Mozilla/5.0 (<Windows version>; <bit tags>; rv: <Firefox version>) Gecko/20100101

Firefox/ <Firefox version>

Above, I highlighted the parameters that you need to know to create a real UA.

<Windows version> - Operating system versions. Options:

Windows NT 6.0 – Windows Vista, Windows Server 2008.

Windows NT 6.1 – Windows 7, Windows Server 2008 R2.

Windows NT 6.2 – Windows 8, Windows Server 2012.

Windows NT 6.3 – Windows 8.1, Windows Server 2012 R2.

Windows NT 10 – Windows 10, Windows Server 2016&2019.

This parameter is available in all UAs on Windows. Note: on Edge browsers it is static, i.e. does not change,
because The browser is sharpened just under Windows 10.

<bit tags> - "bitness" of the system. I think everyone knows and everyone has met with the fact that there
are two 32-bit Windows systems and 64-bit ones. It is the browser that transmits the possible variations:

win64; x64 – this value is passed if the system is 64-bit.

An empty value (nothing is passed) if the system is 32-bit. UA example: Mozilla/5.0 (Windows NT
6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Contact the author: Jabber: [email protected]

Machine Translated by Google

WOW64 - This value is passed when a 32-bit browser application is running on a 64-bit system.

<Firefox version> - This value shows the version of your Firefox browser. Note: the value with only one digit after
the dot is transmitted, even if the browser version is “63.0.3”, then only “63.0” will be transmitted to the UA. Here is a
link listing all current versions of Firefox: https://www.mozilla.org/en-US/firefox/releases/

By combining these values, we get different UserAgent's. Do not forget that the value of "rv:" and "Firefox /" must
match.

Examples:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 - UserAgent Windows 10
[64bit] with Firefox 64 browser.

Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 0 - UserAgent Windows 7 [32 bit] with Firefox
browser version either 52.0.1 or 52.0.2

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 – UserAgent Windows 7 [64 bit] with
Firefox browser, which is designed for 32-bit systems with version 43.0.1, or 43.0.2, or 43.0.3 or 43.0.4

Let's move on to the Google Chrome browser.

Structure of UserAgent Google Chrome:

Mozilla/5.0 (<Windows version>; <bit tags>) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/ <Chrome version> Safari/537.36

Despite the fact that UA Chrome seems more complicated, in fact it is even a little easier, because. version. chrome
doesn't need to be duplicated twice.

<Windows version> and <bit tags> are exactly the same as in Firefox.

<Chrome version> - This value shows the version of your Chrome browser. Here is a link to a list of current
versions of Chrome: https://filehippo.com/download_google_chrome/history/

Example: Chrome/71.0.3578.98

71.0.3578 is the browser version.

98 - Build. It shows how many fixes of various bugs, improvements were in this
versions.

Examples:

Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/71.0.3578.98 Safari/537.36 – UserAgent Windows 8.1 [64 bit] with Google Chrome browser version
71.0.3578 with build 98.

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/70.0.3538.110 Safari/537.36 – UserAgent Windows 10 [64 bit] with Google Chrome browser version
70.0.3538 with build 110.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 36 –

UserAgent Windows 10 [32 bit] with Google Chrome browser version 70.0.3538 with build 110.

Let's move on to Opera.

Mozilla/5.0 (<Windows version>; <bit tags>) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/ <Chrome version> Safari/537.36 OPR/ <Opera version>

The Opera browser is implemented on the WebKit and V8 engine in the Chromium shell, so UA also has
«Chrome/<Chrome version>» , we can say UserAgent is not much different.

<Windows version> and <bit tags> and <Chrome version> are absolutely the same, as I described above. The only
point is with chrome versions, but more on that below.

<Opera version> - This value shows the version of your Opera browser. Here is a link to the list of current versions
of Opera: https://blogs.opera.com/desktop/

We are most interested in "Stable update", "beta update, developer update, initial release" - to a lesser extent.

Example: OPR/56.0.3051.116

56.0 – browser version

3051 - Build browser

116 - Patch browser.

I clarify what is special about Chrome. A certain version of Opera, a certain version of Chrome. It is impossible to write a
version of Chrome from the bulldozer or vice versa. These two values should be
agreed.

Here is a table, I threw in 11 versions of the Opera browser as examples.

https://docs.google.com/spreadsheets/d/1OglvdCpkWxr0GztpQ3Nzi3Ij0Ep4oEZxdfZn PVwdqU/edit?
usp=sharing

Examples:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 - UserAgent Windows 10 [64 bit] with browser
Opera version 55.0

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 - UserAgent Windows 8 [64 bit] with browser
Opera 32-Bit version 55.0

Let's move on to the Edge browser.

Structure of UserAgent Edge:

Mozilla/5.0 (Windows NT 10.0; <bit tags>) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/ <Chrome version> Safari/537.36 Edge/ <Edge version>

<bit tags> and <Chrome version> are exactly the same, as I wrote above. Contact the
author: Jabber: [email protected]
Machine Translated by Google

<Edge version> - this value shows the version of your Edge browser. Just like Opera, a specific version of
Edge has a specific version of Chrome.

Here is a link to the latest versions of Edge: https://en.wikipedia.org/wiki/Microsoft_Edge

Note: We need the values "EdgeHTML version" and not "Version".

Example: Edge/17.17134

17 –EdgeHTML Version

17134 – Window Build.

Table with examples of Edge Chrome versions

https://docs.google.com/spreadsheets/d/1QkUj5f0oPIUGU6aGyZSS9DNUpGCaywv9W50y
tvSVPM/edit?usp=sharing

Examples:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 - UserAgent Windows 10 [64 bit] with browser
Edge version 17.

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/

537.36 Edge/17.17134 - UserAgent Windows 10 [32 bit] with Edge browser version 17.

That concludes the topic of UA, there is a lot more to be said about existing UAs, since I have only
covered the most basic browsers and the most popular and simple options. If at all this article comes in,
then I will reveal in more detail about more complex UserAgent variations from different types of browser;
about mobile UserAgents and new types of browsers.

Other options where you can get UA: 1)

Real devices.

2) https://developers.whatismybrowser.com/useragents/explore/

Many different UAs by browser type, by OC, mobile UAs, etc. Lots of choices to choose from. The
disadvantages are that there is a lot of any “slag”, there are not so many newest versions; there is a UA
popularity parameter, but I would not advise you to focus on it.

3) Configshops. Actually, in configshops, you can safely see this parameter without buying a config.
The option is very convenient, because you can make a selection according to the necessary parameters
and in the configshops the most relevant UAs. Some of them are easy to register. I will not throw links here,
who will really need it - write in a LAN or contact.

Let's go through the simple config settings in Linken Sphere (Extended session settings).

Navigator.vendor - This parameter displays the name of the browser vendor. In our browser types,
the Value is empty, or "Google Inc.". The parameter is static, i.e. does not change. Values in our browser
types:

Firefox - blank

Edge - empty

Contact the author: Jabber: [email protected]

Machine Translated by Google

Chrome - Google Inc.

Opera- Google Inc. [/QUOTE]

Navigator.ProductSub - This parameter shows the Build number of the browser. The parameter is static, i.e.
does not change. Values in our browser types:

Firefox – 20100101

Edge– 20030107

Chrome - 20030107

Opera- 20030107

Navigator.hardwareConcurrency - This parameter shows the number of processor threads, and not the number
of physical processor cores, as many believe. The parameter does not depend on the type of browsers we are
considering. Popular values for this parameter: "2", "4", "8", "12".

For a better understanding, I will consider a new processor on laptops: Intel Core i7-8750H. This is a 6-core
processor, but it has 12 threads, therefore the parameter will be set to “12” and not “6”. Sometimes the number of
threads corresponds to the number of cores. By the name of the processor, you can always look up these values
\u200b\u200bin the Internet. As for the information in the logs, it just contains information about the number of
threads, so you can safely set this parameter, but double-check just in case (parameters: # of Cores and # of
Threads)

Navigator.MaxTouchPoints - this parameter shows the maximum number of simultaneous touch

clicks that the device supports, i.e. if the device
has several touch screens with different maximum values, the maximum value is shown. The parameter
does not depend on the type of browsers we are considering. In general, they usually say that this parameter
is more relevant for mobile configs, and this is true,
but not quite.

Actually, a regular desktop computer or laptop with a connected mouse and keyboard will show the
value "0". Most often this is the value of the parameter.

But there are touch monitors in laptops, touch monitors for desktop PCs. Therefore, in this case, the value of the
parameter is usually "1" or "2". Therefore, when setting up our config types, it is permissible to set these values.

According to the information from the log, it is not possible to determine in 95% which particular laptop or which
particular display, so it is better to set the default value to "0".

Navigator.Platform - this parameter shows the platform on which the browser is running. Within our browser
and OS types, there can be two values: "Win32" and "Win64". But even if Windows is 64-bit and the browser
software is 64-bit, the value "Win32" is still used. Therefore, we put
just this value.

Navigator.doNotTrack - this technology allows you to enable or disable the ban on tracking by sites,
various systems. The most itpopular values used
is not enabled. Thisare: "Null"
option - the commonly
is most user did not set this
used. "1",parameter,
"true" - the therefore
user has
enabled this function, "0",

Contact the author: Jabber: [email protected]

Machine Translated by Google

"false" - the user has disabled this feature. In configs, you can use all three values, preferably "null"
or "0".

As for the substitution without antidetects, Google has instructions with pictures for each type of
browser on how to enable / disable this technology.

Navigator.gamepads - this technology shows connected gamepads and their properties (joysticks
like on Xbox and Playstation). By values in the sphere: "True" - the function is enabled, "False" - the
function is disabled.

Feature: even if there are no connected gamepads in the system, this function is enabled. So we basically
use the T"rue" value for our browser types regardless of the OC version. Even on most mobile browsers, ,

the feature is also enabled.

Navigator.battery - this technology shows information about the state of the battery (whether it is
charging, the level of charge in%, the amount of time to fully charge / discharge, etc.). According to the
values in Linken Sphere: "True" - this function is used without substitutions, "False", "Fake" - identical to
True, only the parameters of the battery itself are replaced.

By use: in Edge, Firefox (after version 52) we set only “False”, in Chrome and Opera we set either
“true” or “fake”.

This feature, as you might think, applies not only to laptops. On desktop computers, the Battery
feature is enabled. The difference is that the settings will be static, as if it were a laptop charging at 100%.

Information on setting this parameter from the log: if you have determined that a PC user from a laptop
can enable “fake”, but if your system where Linken Sphere is installed has static Battery parameters and
the log user has a desktop computer, then it makes sense to enable “True ".

On real systems, if you have a laptop, it is very easy to change this parameter, you just need to
discharge / charge the battery. Then the values of this function will change.

Navigator.webdriver. Webdriver in the browser is a software library (driver) that allows other
programs to interact with the browser; control the browser. This technology appeared in the
browser not so long ago, therefore it is experimental, there is not so much information on it. The
webdriver technology is supported by all major types of browsers of the latest versions. The main values
for the Webdriver property are "true", "false", and "undefined". For use in Linken Sphere: if we make
configs for older versions of the browser (below 63 Chrome and 50 Opera , then we use the “undefined”
value). In other cases, it is allowed to use the value "true",specifics
and "false".
of this
Buttechnology
taking into and
account
how the
it is
implemented in browsers, I advise you to use "false" in 95% of cases.

Navigator.Online - this parameter shows the status of the browser. Parameter options: "True",
"False", "1", "0". Here it’s a no brainer that the value should be “True” or “1”. In the field
the ability to set only these parameters is specially set.

Navigator.deviceMemory - This parameter shows the amount of RAM in GB. Values: 0.25 -
256 MB RAM, 0.5 - 512 MB, 1 - 1024 MB, etc. to a value of 8. If the RAM is more than 8 GB (12 GB, 16
GB, 32 GB, 64 GB), then the value will still be "8". If you configure the Firefox browser config, then set
the value to "False", .tk. there is no given
Contact the author: Jabber: [email protected]
Machine Translated by Google

parameter. If you are setting up the config of Chrome, Edge, Opera, then set this parameter (Works in Chrome
from version 63, Opera 50 and Edge 17 versions). The most popular values are "2", "4", "8".

Incognito - the parameter shows whether incognito mode (private mode) is enabled or disabled in the browser.
For work, we set only "False".

Incognito mode in the browser, this is when the browsing history in the browser, cookies, autocomplete, etc.
is not saved. A great option for schoolchildren to watch porn so that mom or dad does not burn))

Setting the language in the config

Three parameters are responsible for the language in the config in antidetects. Two in navigator (language,
languages) one in browser headers (HTTP_ACCEPT_LANGUAGE)

Navigator.language - this parameter shows the language of the browser interface (that is, roughly speaking,
which language of your browser, and not the system, will be displayed in this parameter.) Example: "en-US", "en-
GB", " ru-RU", etc. This setting is set up like this:

[Name of Language]-[ Country codes]

Name of Language - Below is a link to a list of all languages and designations: http://
www.loc.gov/standards/iso639-2/php/code_list.php (take value from "ISO 639-1 Code")

Country codes - below is a link to a list of all languages and designations:

https://www.iso.org/obp/ui/#search/code/ (take value from "Alpha-2code")

Navigator.languages - This parameter shows the user's preferred languages and is taken from
HTTP_ACCEPT_LANGUAGE

Example: «en-US,en,ru-RU,ru», «de-DE,de,en-US,en»

The parameter is composed as follows for EACH language (each language is separated by a comma without a
space):

[Name of Language]-[ Country codes], [Name of Language]

HTTP_ACCEPT_LANGUAGE - this parameter shows the preferred languages that the user can understand (system
language, browser interface language) and "preference"
language.

Description: "ru-RU, ru; q=0.9, en-US, en; q=0.7"

The parameter is composed as follows for EACH language (each language is separated by a comma without a
space):

[Name of Language]-[ Country codes], [Name of Language]; q=[quality values]

quality values - the "preference" value of the language. It can have a value from 0.1 to 0.9. The higher, the
preferred language. I advise you to set for the main language from 0.6 to 0.9, for the second from 0.4 to 0.7.

In the realm, to configure language settings, you only need to set HTTP_ACCEPT_LANGUAGE

Contact the author: Jabber: [email protected]

Machine Translated by Google

(https://prnt.sc/lypoyp). The easiest way to change the language without AD is to simply change the language in your
browser. The log also contains information about the user's language and layout languages
keyboards.

Adjusting screen settings

Let's move on to the parameter settings that relate to the user's system screen. I won’t go into much theory, I’ll try to
explain these parameters very simply in practice.

To begin with, let's see you the main screen parameters in Linken Sphere clearly in the screenshot:

http://prntscr.com/lz6cwt

screen.width| device-width - these parameters show the width of the screen in pixels. Of course, in some subtleties,
these are different parameters, but within the framework of our article, I combined them, since the values will be the
same.

Screen.height| device-height - these parameters show the height of the screen in pixels. Merged for the
same reason.

device-width and device-height in the sphere are configured in the general settings (Physical screen size).

Screen.width and Screen.height are configurable in session screen settings (NOT in Extended settings)

Screen.availWidth - this parameter shows the width of the screen in pixels that the browser can take. In the
screenshot, we have the taskbar at the bottom, therefore, it is not related to the width, but to the height; the
browser may take the full length. Therefore Screen.availWidth= Screen.width| device-width

Screen.availHeight - This parameter shows the height of the screen in pixels that the browser can take. In the
screenshot, in order for the browser to take up its full height, the taskbar interferes, so this parameter will be
calculated as Screen.width MINUS the height of the taskbar.

Let's analyze the examples from the first part of the article, when we looked at the taskbar there.

Now in more detail and with an example. Take a Full HD 1920x1080 screen. If the taskbar is the default (at the bottom,
with large icons like in the screenshot) then its height will be 40 px. With these values "Screen.availWidth" will be 1920
and "Screen.availHeight" 1040 px (1080-40 =1040)

If the icons in the taskbar are small, then the height of the taskbar will be 30 px, and the value of
"Screen.availHeight" will be 1050 px

If the taskbar is hidden, the "Screen.availHeight" value will be 1080 px.

Exactly the same story will be if the taskbar is placed not at the bottom, but at the top.

Further, the taskbar can be placed on the right or left, and then the parameter will change
"Screen.availWidth". It will default to 1858 (1920 MINUS the 62 px taskbar width). If the icons are small, then
with this placement of the taskbar, nothing changes in the width of the panel, and the value will be 1858; if the taskbar
is hidden, the value will be 1920.

That's actually why we looked at the taskbar from the screenshot in the log.

Screen.availTop - shows the first top (vertical) screen coordinate of the pixel,
which is not occupied by the taskbar.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Screen.availLeft - shows the first top (horizontal) screen coordinate of the pixel,
which is not occupied by the taskbar.

If the taskbar is placed at the bottom or on the right, these parameters will have a value of "0".
Exception: if there is a second monitor, then the "Screen.availLeft" parameter can be
negative and even positive.

If the taskbar is placed at the top or left, then these options will have a value depending on whether
the icons are large or small. If the taskbar is hidden at the same time, then these parameters will have the
value "0".

Otherwise: if the taskbar is on the left by default, then “Screen.availLeft” will have a value of 62 px, if the
taskbar icons are small, then also 62 px (since when it is placed sideways, the width does not change)

If the taskbar is at the top, then "Screen.availLeft" will have a value of 40 px, if the taskbar icons are
small, then the value will be 30 px.

Simply put, Screen.availTop shows the height of the taskbar if placed at the top, Screen.availLeft
shows the width of the taskbar if placed on the left.

Knowing the placement of the taskbar about the screenshot in the log, we can calculate the data
options.

The above values are relevant for a Full HD screen of 1920 px by 1080 px.

In the attachments of the topic (at the very bottom), I attached the simplest, but very convenient
checker for calculating screen and browser window parameters. I'm not a programmer and I'm not fond of
it, so the checker works correctly and stably only on Chromium browsers (Chrome, Opera). Therefore, this
checker should not be used on Firefox. I hope there is a person who knows jQuery and adapts this simple
checker for Firefox as well.

Bonus link to the table where I indicated the most popular screen resolution values by OC and calculated
the parameters for different browser resolutions:

https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing

Screen.colorDepth and Screen.pixelDepth - these parameters show the color rendering quality. The
values of these parameters are the same. Possible values are "24" and "32". As part of our article, we put
only "24". The value "32" has such devices as Iphone, Ipad, etc.

Screen.orientation - This parameter displays information about the screen orientation. The easiest
way to explain this is with a screenshot. https://prnt.sc/lz7j8w

We use only the “landscape-primary” parameter within the PC; other options for mobile devices,
tablets, etc.

Screen.angle - this parameter shows the screen rotation angle. "landscape-primary" value 0;

"portrait-primary" value 90; "landscape-secondary" value 180; "portrait-secondary" value 270

Browser window settings

Contact the author: Jabber: [email protected]

Machine Translated by Google

To begin with, let's see all the main parameters of the browser window in Linken Sphere clearly in the screenshot for a
better understanding (the screenshot was honestly stolen and modified):

https://prnt.sc/lz7r9g

We will consider the setting from two options:

1) Full screen mode, when we expand the browser to full screen. 2) Windowed mode, when the
browser occupies only some part of the screen. On the screenshot for
example just shows this option.

Window.outerWidth - This parameter shows the width of your browser window, including
scrollbar, toolbar, etc.

Window.outerHeight - This parameter shows the height of your browser window, including the toolbar, URL bar, browser
tabs, loading area, etc.

The screenshot above perfectly demonstrates these parameters, and what they are
different from others. If the browser is in full screen mode, then we can specify the exact values. If we are working in windowed
mode, then there can be a huge number of values, the main thing is that the values are "coordinated" with other parameters
(innerWidth, client.Width, innerHeight, clientHeight, screenLeft, screenTop, screenX,screenY) . The best and easiest

The option to get the values for windowed mode is to use the script that I have attached to
topics.

In full screen mode, these parameters correspond to the parameters "availWidth" and "availHeight"

Window.innerWidth and body.clientWidth - these parameters show the value of the width of the browser workspace, in
other words, the entire width in pixels on which your sites are loaded, excluding the width of the scrollbar, the taskbar, if it is placed
on the right, and other elements that narrow this width . I combined these parameters, since in the framework of our article they will
coincide.

Window.innerHeight and body.clientHeight - these parameters show the value of the height of the browser workspace,
in other words, the entire height in pixels to which your sites are loaded, excluding the height of the horizontal scroll, the height of
the tab area, the height of the URL line in the browser and other elements that reduce this width. I combined these parameters,
since in the framework of our article they will coincide.

These parameters are the most dynamic and unpredictable compared to other parameters. Even in full screen
mode, besides outer.Width/Height, a bunch of others are affected
windows.

For example, in Google Chrome , the browser appearance settings setting (“Show bookmarks bar”) affects whether the
downloaded files bar is displayed in the browser (Example: http://prntscr.com/lzd3r5) and etc.

In Firefox , the settings in the "Customize" section (https://support.mozilla.org/en-US/kb/customize firefox-controls-buttons-and-

toolbars?redirectlocale=en-US&redirectslug=Navigation+Toolbar+items) are affected. Specifically, the Toolbars parameters
(Menu, bookmarks, Title), the “Density” parameter.

And so in each browser, different settings affect these values.

Contact the author: Jabber: [email protected]

Machine Translated by Google

In windowed mode, in addition to these parameters, the parameters “screenLeft, screenTop, screenX,
screenY, outerWidth/Heght) also affect.

In any mode, the devicePixelRatio parameter affects, but more about it below. Again, the best and
easiest way to get the values is to use a script.

In the table, I will give options for setting different screen resolutions in full screen mode with default browser
settings.

https://docs.google.com/spreadsheets/d/12KM12QLMdwdmBKDuxlM
uh31WZNMQ6hdlIz_QnipAVg/edit?usp=sharing

window.dexicePixelRatio - this parameter shows the ratio of the size of a physical pixel to a logical one.
Simply put, within the scope of our browser types, this is a page scale parameter. By default it is 100% and
the parameter is "1". If we increase the scale of the page or decrease it, then this parameter changes.
Increased the scale of the page by 125%, the parameter changed to "1.25", reduced the page to 90%, the
parameter changed to "0.9".

Clarifications: changes to this parameter affect the parameters "Window.innerWidth,

body.clientWidth, Window.innerHeight, body.clientHeight) both in full screen mode and in windowed mode.

To naturally change the parameter, you need to use the increase or decrease step as in a real browser.
Example:

Firefox browser scale values:

"50%", "60%", "70%", "80%", "90%", "100%", "110%", "120%", "130%", "140%" and .etc. (Step 10%)

Chrome browser zoom values: "33%",

"50%", "67%", "75%", "80%", "90%", "100%", "125%", "150%" ,,"175%",,"200%",,"250%", "250%", etc.
(Step dynamic).

And so for each browser.

Another subtlety with the values of this parameter. Let's take the Chrome browser:

100% - the value of the parameter "1"; 110% parameter value is not "1.1", but "1.100000023841858";
125% parameter value "1.25". Those. not always the value can be exactly the same; in different browsers
differently

The last subtlety: the size of the working window, decreases or increases NOT EXACTLY by the
value of devicePixelRatio. Those. if we zoom in by 25%, it doesn't matter that the height of the browser's
client area will decrease EXACTLY 25%. Percentages will vary.

window.screenLeft and window.screenX - these parameters show in pixels how much the browser window
in windowed mode is shifted to the right from the first pixel.

window.screenTop and window.screenY - These parameters show in pixels how much the browser
window in windowed mode is shifted down from the first pixel.

Contact the author: Jabber: [email protected]

Machine Translated by Google

In the screenshot, I clearly showed these parameters. Combined these parameters, because.
they coincide within the framework of our article. Chrome, Opera, Edge browsers use all these
options. Mozilla Firefox browsers only use these options: ScreenX and ScreenY.

If the browser is in full screen mode and the control panel is at the bottom or on the right, then
these parameters are equal to "0".

If you are using full screen mode in the browser and the control panel is on the left or
top, then the values of these parameters are equal to the width or length of the control panel.

If the browser's windowed mode is used, then the parameters will depend on how far they are
shifted from the left first pixel of the screen and the top first pixel of the screen. It is best to use a script
to calculate these parameters. These parameters do not directly depend on the Outer.Width/Hegiht,
innerWidthHeight parameters, i.e. the rule “Screen Width= screenLeft/ screenX+Outer.Width” DOES
NOT WORK, because there are no parameters responsible for the right and bottom side of the screen,
and, therefore, the value of “outer.Width” with a screenLeft/ screenX value of 50 px can be the same as
600 px, and 500 px, and 900 px - it all depends on how much we "stretch" the browser window in width.
This rule also applies to height.
screen.

window.pageXOffset - this parameter shows how much the page is scrolled to the right (vertically in
pixels) using the scrollbar relative to the upper left window.

window.pageYOffset - this parameter shows how much the page is scrolled down (horizontally in
pixels) using the scrollbar relative to the upper left window.

For a better understanding, see the screenshot.

In full-screen mode, the window.pageYOffset parameter is dynamic, because on almost any large
popular site, we scroll down the page, rarely when the site fits completely into the working window, the
main google search page does not count :) Therefore, this parameter is best NOT to replace.

In full-screen mode, the window.pageXOffset parameter is mostly “0”, since sites are adapted to
different screen resolutions, and scrolling to the side is wildly inconvenient. But if we have a windowed
browser mode, then it can also be, depending on the site and the size of the browser window.

Therefore, it makes no sense to set constant values \u200b\u200bfor these parameters. As for me,
if we take a substitution, then the only possible meaning is to make it random within any values.

Setting up plugins in the config

I talked about plugins in detail in section 1 of the article. In the new versions of Chrome, Firefox,
Opera, Edge, there are only built-in plugins and 1 plugin that can be installed - Adobe Flash Player.
There are two types of Adobe Flash Player: Adobe Flash Player ** NPAPI - for Firefox browser.
Adobe Flash Player ** PPAPI - for Opera/Chrome browser.

Now we will analyze in detail how to configure plugins and what variations can be made.

Firefox has two default plugins "Widevine Content Decryption Module" and "OpenH264 Video Codec
provided" built in, but these plugins are not shown when prompted.

Contact the author: Jabber: [email protected]

Machine Translated by Google

In Firefox, the only plugin you can add is Flash. Subtleties: when installed in the Flash system, the default setting
is "Ask to Activate", with this setting, Flash is shown only when a site is requested; plugin in checkers does not
glow; if the "Always Activate" parameter is set, then the physical Flash and the plugin are lit. Therefore, by installing
Flash into the system, we can uniqueize this fingerprint even without antidetection.

With antidetect, we have two options: either add a Flash plugin, or not. If we add, then we have different variations
in the form of Flash versions. This gives us the opportunity in different configurations to make a different Flash
plugin, and not add the same one. Below is a link to a table for the Firefox browser type, what the Flash setting in
the plugin looks like, as well as a list of different versions. I remind you that in the sphere, plugins are configured in
“Extended session settings”.

https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?u sp=sharing

Google Chrome has 4 plugins by default, some of them can be enabled/disabled; the only plugin that can be added
is also Flash.

Plugin options are static by default; they don't change. The Flash plugin has the same parameters that
change depending on the version of the plugin and depending on the system bitness: 32-bit; 64-bit. More
about default plugins:

Chrome PDF Plugin and Chrome PDF Viewer - these plugins are responsible for PDF documents in Chrome and
allow, for example, to open PDF directly in Chrome online, without downloading the file to your computer. These plugins
are linked; so you either add both plugins to the config or neither. You can turn it on/off in a regular browser in Advanced
settings --> Content settings --> PDF documents.

Widevine Content Decryption Module - this plugin is responsible for prohibiting the copying of audio and video
content by the copyright holder. Since version 57 of Chrome, the plugin cannot be disabled. But at the same time, I have
repeatedly seen in systems and configs that this plugin did not light up, although Chrome versions were
one of the latest.

Native Client - the plugin is responsible for launching some online games and applications. You can’t disable it, so we
add this plugin 100%.

Here is a table for configuring plugins in the sphere for the type of Google Chrome browser and the variation of
settings with Flash:

https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/edit?u sp=sharing

In the Opera browser, everything is identical to Chrome, except for some subtleties.

1) The names of plugins responsible for PDF differ. Instead of "Chrome PDF Plugin"
value "Chromium PDF Plugin"; instead of "Chrome PDF Viewer" the value is "Chromium PDF Viewer".

2) No Native Client plugin. 3) Plugin

"News feed handler". Responsible for feeds, i.e. for receiving content from the site directly to the browser using
the RSS protocol. Activated by default. Therefore, we add this plugin.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Here is a table for configuring plugins in the sphere for the Opera browser type and the Flash variation:

https://docs.google.com/spreadsheets/d/1BPCD97WmsiSsHoFDZ3MJjtbbvtqBMgpJfXpF4SGnjc0/e dit?
usp=sharing

Customizing the font list

All antidetects on the market allow you to change the font imprint. The configs of most antidetects contain a list of
fonts. The sphere allows you to conveniently edit the list of fonts in the config or create from scratch by loading
font names from a file.

In the system itself without antidetect, you can edit the list of fonts very simply. To do this, go to the control panel --
> design and personalization --> fonts.

There you can add new fonts, after downloading them, delete existing fonts. Performing such manipulations, we
change our list.

In each system, due to various programs installed and other factors, the list of fonts and the number of fonts
will be different. But there are basic fonts for each version of OC Windows.

List of base fonts and their styles for Windows 7

https://docs.microsoft.com/en-us/typography/fonts/windows_7_font_list

List of base fonts and their styles for Windows 8

https://docs.microsoft.com/en-us/typography/fonts/windows_8_font_list

List of base fonts and their styles for Windows 10

https://docs.microsoft.com/en-us/typography/fonts/windows_10_font_list

You can build on these base fonts when creating your list. Some clarification: all font-family links are
clickable. Inside you can find information about which Windows operating systems and programs use this font family.
You do not need to list all font styles, you can only specify the font family. Check the font families on the site; for
example the "Wingdings" family actually contains 3 fonts.

Here is a great list for building your font list. It lists a large number of fonts and which Windows operating systems
and programs use them.

https://docs.microsoft.com/en-us/typography/font-list/

Configuring WebRTC and .MediaDevices.enumerateDevices spoofing

.MediaDevices.enumerateDevices - This function allows you to get a list of all devices (audio and video devices
of the system, USB cameras, microphones, etc.). You can get deviceID of device data, device name and device type.

The function in Linken Sphere has settings: "True" - the function is enabled, but the parameters are not
substituted. "False" - the function is disabled, "Fake" - the function is enabled; options
are substituted.

In our browser types, we only use the "Fake" parameter.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Let's move on to setting up WebRTC. We use spoofing on all types of browser that we are discussing with you
today. Let's consider some subtleties.

1) IPv6 checkbox. Enable this checkbox if your system is leaking ipv6. You can check here: https://
browserleaks.com/ip (item "IPv6 Address")

2) External (Public) IP in WebRTC. Everything is simple here: the external IP is the same as the IP of your sock
or tunnel. But when working with logs, I also met such an unusual approach. Its essence lies in the fact that the
external IP is set to the IP of the user's system. Yes, at the same time, checkers will show that this is wrong, but
this approach takes place.

3) Internal (Local) IP in WebRTC. Here, too, everything seems to be simple: there are local IP ranges that
can be used.

10.0.0.0 — 10.255.255.255

172.16.0.0 — 172.31.255.255

192.168.0.0 — 192.168.255.255

But again, there are subtleties. Let me remind you of this board:

https://docs.google.com/spreadsheets/d/1GySRwS_QAmvPSJEDxYcsGnz_7Vu_mtj0nn_RvY4wgl4/edit ?
usp=sharing

So, there is a Default Local IP column. This is the default local IP of the router, by which you can just get into its
settings. Therefore, it is better not to set these IPs when setting up the config.

The next trick is to work with logs and local IP. In the first part, we tried to find out the approximate brand of
the router, and ideally its model. So in some cases, we can assume an approximate local IP address.

In general, where does this local address come from in WebRTC on your system? Most routers have a DHCH
server in their settings. The DHCH server assigns a local IP to each device that connects to the router. Usually,
the DHCH parameter settings are something like this, depending on the brand and model of the router: Start IP,
end IP and the time for which the IP address is issued. Let's take, for example, that the router has the following
settings:

Start IP: 192.168.0.2

End IP: 192.168.0.100

Time: 1440 min (24 hours)

We connect our laptop to the router, the DHCH server gives it a local IP: 192.168.0.2 for 24 hours; We connect
our mobile phone, the DHCH server gives it a local IP: 192.168.0.3 for 24 hours; we connect our refrigerator with
Wi-Fi to the router, the DHCH server gives it a local IP: 192.168.0.4 for 24 hours, etc. Let's say 12 hours have
passed, the lights were turned off, and the router rebooted; and the first refrigerator was connected to our router.
Now the DHCH server gives him a local IP: 192.168.0.2 for 24 hours; then the mobile phone connected - the
DHCH server gives it a local IP: 192.168.0.3 for 24 hours; then the laptop connected - the DHCH server gives it a
local IP: 192.168.0.4 for 24 hours.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Thus, this example shows that the local IP is a dynamic parameter and can change within the limits specified in the
DHCH server setting in the router.

Knowing the brand of the router and the approximate model, you can see this IP range and set the approximate local
IP in the log. Again, in the example above, the owner has a D-Link router; we have defined the start and end IP. The
owner most likely has, in addition to the computer, 2-4 more devices that connect to the router (for example, a telephone
and a TV). Therefore, we calmly set the local IP "192.168.0.2" or "192.168.0.3" or "192.168.0.4" or

"192.168.0.5". On the Internet, you can find emulators of most popular routers and see the base IP range in
the settings; in the table, I also added start and end IPs to some models.

Submen setting in config.

Although this does not apply to setting up a real config, I will go over some of the features. About all the prints
that the sphere replaces, you can find a bunch of different information, so I won’t describe the same thing 10 times.

Regarding the use of substitutions: I advise you to use all of our browser types in any of our browser types.
substitutions, but with some subtleties.

1) Enable Flash - enables Flash. Turning on flash unnecessarily is not recommended by every antidetect author,
as this is an additional variation to detect you. As for the use of Flash, the following options can be advised,
whether we create a config for working with the log or a config for any of the browser types: A) Add Flash to
the config plugins, but leave the physical flash (enable flash) turned off. Here we get an interesting situation,
according to the plugins we have it as it is, but at the same time there is no physical version. B) Add Flash to
config plugins and enable physical flash(enable flash). Minuses

I described this option above.

One more thing, in some antidetects you can configure Flash settings, so if there are such settings and you decide to
use Flash, be sure to remember to configure them (parameters such as OC, language, screen resolution, Flash version
and others)

2) Canvas substitution. We enable this substitution, but now I will write options when this substitution
can be tried to be disabled in our browser types.

There are only two of them: A) When the created config has the same browser type as the antidetect, i.e.
Linken Sphere is written based on Chromium, so if you are creating a Chrome configuration, then it is allowed as an
option to disable spoofing. The second option is a little worse: this is when the browser is made in the Chromium shell.
In our case, this is the browser type: Opera.

3) Substitution AudioFingerprint. Substitution by itself must be included. But audio also has options (http://
prntscr.com/lyqeto). Some of them can be changed in the system, so below there will be information for
reflection: as an option, in addition to the imprint, they can also be replaced. For example, it is very easy to
change the first parameter on the screen (ac-sampleRate): to do this, you need to change the Default Format
(https://prnt.sc/lyqgop) in the default settings of your playback device.

Contact the author: Jabber: [email protected]

 Machine Translated by Google

Tips, Tips, life hacks using the Linken Sphere antidetect and when working
with logs.
1. Installing Linken Sphere: Virtual Machine or Core?
Should I install it on the Virtual Machine or on the Primary? Also a very popular question. Yet again,
you can find the best option for you.
Linken Sphere on the Main Machine
Pros:
1) Ease of use 2) It
does not require large RAM resources, it loads the computer less compared to using a virtual machine, for example, on
Win 10 x64, especially if the paging file is disabled for security and the PC is not very powerful. 3) If suddenly there is
some kind of detection or detection of a virtual machine in the world that no one knows about yet, then this will undoubtedly
be a plus compared to using an antidetect on a virtual machine. Let me explain in more detail what I meant: Almost
any antidetect in the world, if it does not replace any parameter, then it is most likely taken from your system, or
simply disabled. 4) Security. I'm not going to be 100% sure, but from the point of view of security, in the chain of
anonymity, perhaps this option is worse than using Linken Sphere on a Virtual Machine or Server.

Linken Sphere on a Virtual Machine It's

the other way around here, and the minuses become a plus, and the pluses
become minuses. 3rd use case: some use Linken Sphere on a dedicated server, which
also, in its own way, an interesting option that has some pluses from those two options above.
2. What type of configs is better to use for carding. "Good" Options
using configs for different types of OS.
Actually, taking into account the fact that this Antidetect is written on the sources of the Chromuim
engine, it is ideal to use configurations with the Chrome browser and browsers based on the Chromium platform.
If you have Linken Sphere on OC Windows, then the “good” config options are:
1) Win XP, 7,8, 10 + Chrome
2) Win XP, 7,8, 10 + Opera
3) MAC OS + Chrome
4) Win 10 + Edge (Most recently, Microsoft announced the replacement of the engine with
Chromium) Mobile options:
1) Android +Chrome
2) Windows Phone + IE (Internet Explorer)
3) Iphone, Ipad+ Chrome
If you have Linken Sphere on OC MAC X, then "good" config options:
1) MAC OS + Chrome
2) MAC OS + Safari
3) Win + Chrome
Mobile options:
1) Iphone, Ipad + Chrome
2) Iphone, Ipad + Safari
Of course, you can use any configs on any OS, but these are preferable due to the fact that the OC and / or
platforms are the same.
3. Life hack: Using "Non-standard" configs when driving
As a good and unusual alternative to those variations that I wrote above, there can be the use
of "non-standard" configs. In my understanding, non-standard configs are those systems that are not common
in general and which are rarely used for carding. For the sphere and some other blood pressure, the criterion
may also be that these configs cannot be found in configshops. I will give examples of such configs: Xbox One,
PlayStation 4, Blackberry, PlayBook, Kindle, etc. It is difficult, of course, to imagine holders driving from Playstation
4 or PlayBook, but nevertheless, these options take place in some topics and as one of the factors "non-standard"
carding.

Contact the author: Jabber: [email protected]

Machine Translated by Google

How to get these configs for the sphere? There is only one option - do it yourself. After reading the
manual completely, it will be more or less clear to you how to make configs. The only problem is, where can I get all
the data (UserAgent, WebGL, WebRTC, Window.Screen, Window.Navigator, etc.) for these devices? Everything is
very simple here) Either look on a real device for all the necessary checkers, or take another antidetect from the
configs.
4. Using the "Web Emulator" tool
Web Emulator is a tool in Linken Sphere that allows you to automatically visit a list of sites, simulating
human behavior. This tool is useful in that it automates the process of receiving cookies, thereby reducing our time
spent on routine work, i.e. you enter a list of sites, turn on the emulator, and voila, we already have a browser for
cookies of various sites.
In practice, this tool is very useful, because. shop antifraud systems may well
collect and analyze your cookies. Thus, using this tool correctly, we will be more like a regular user.

According to the settings of this tool (Screenshot: https://prnt.sc/jkvy3p)

Check Disable popups (turn off pop-ups) and Enable alert after complete ( Turn on alerts after the
Web Emulator is finished). MaxVisited Page is how many maximum pages on each site will be opened. Here,
everyone decides how much to bet, I would recommend from 3-4 to 12-30. Max time on page, min - I would recommend
setting it from 30 seconds to 2 minutes.
Start delay - this item is responsible for the delay (in minutes) before starting to turn on the
emulator. It's up to you here. Each site
must be specified on a new line and with http[s]://. About the
list of sites. I would recommend that everyone make their own list of sites to bypass, depending on
the country of your carding (in my case it is USA). In my list, I would collect 30-40 such sites in order to be able to
alternate between different sites, and not bypass the same ones every time. For example, TOP sites by ALEXA RANK:
(https://www.alexa.com/topsites). There you can select the TOP 500 sites for different countries, find out the average
pageview depth, the average duration of users on the site for the last 3 months.

5. Social Media Login Detection

http://www.tomanthony.co.uk/tools/detect-social-network-logins/
Here is a common public example of demonstrating that sites can easily see if you are logged into
popular social services. Therefore, in order to be more like a real user's PC, you need to create accounts in popular
networks and log in to them immediately before your work (well, or buy ready-made accounts). Most popular services:
Facebook, Twitter, Gmail, Youtube, Google+, Instagram, Pinterest, Battle Net, Xbox, PSN, Tumblr, etc.

This rule also applies to logs. We look in the accounts what popular social services our user has, log in
to them (if we do not automatically get through our cookies) and only then go to the sites we need.

Now let's move on to working with

logs. By all parameters, all logs can be divided according to the degree of importance (in descending
order of importance): 1. A log that has a set of standard services complete with BA and crypto
exchanges. 2. A log that has a set of standard services such as Paypal, Amazon, various
shops

3. A log that has a couple of services / not interesting small shops; cookies given
logs do not cause us much admiration. 4.
Useless log
For beginners, first of all, there will be advice not to disdain logs of categories 2 and 3, treat them with the
same seriousness as logs of the first category in order to gain experience, fill your hand, technically learn
how to properly use the log and the chosen tool for processing it . The forums often distribute worked out
logs of different categories; this option is also a good option to start working with logs.

Contact the author: Jabber: [email protected]

Machine Translated by Google

You can determine the degree of importance by Logins / Passwords of the log, auto-fill, and sometimes even by the splash screen on the
desktop, you can distinguish the log of a nerdy schoolboy from a good log. With experience, depending on your skills, financial situation, you

yourself will determine once or twice which log to work painstakingly, which not so much, and which one should be thrown out and not wasted your
time. Working out logs in Linken Sphere is very convenient because, using different tabs, you can work out several logs at the same time, which also
saves time. The processing of the log can be complex, or processing for one specific request. It often happens that newbies work out logs for only 1

request, for example, to Paypal, and if it doesn’t work out, they get upset and throw out the log. This is a bad approach to work, because with it you
will not get normal profit and knowledge; if you have a lot of time and little experience, work out the log to the fullest, fill your hand. Let's move on to

interesting tips, life hacks when working with logs. 1. Determine your "attack vector". Simply put, you need to understand where the holder has what

means of payment he uses most often. View Popular

money ,

means of payment holder can be in Amazon, Paypal, Ebay, etc. ) . Once you have determined where the money is, you need
to try to find out how much money thestatemans,
holder has, if possible.
etc. To do loss.
then complete this, you need to get into online banking, look at

3. Always put in the holder's mail spam filters messages from unwanted services and shops from which messages may come. Redirect the
necessary messages through filters to your mail. 4. Check all cloud storages (Google drive, icloud, onedrive, dropbox, etc.) There are 2FA
and

there is a high probability to find there Photo ID, Drive License, Credit Cards, Wallet Seed and other useful information. 5. ,

Live the life of a holder. After collecting all the information on the holder, read it on Facebook and

other social network, see where he goes tomorrow when he's not at home , when he is in the room ,

this will helptotochoose

fucks, psychological impact, as well as give the opportunity create the
a psychological portrait
best attack time For for when he
example, youeats,
can with whom
urgently hethe
call
holder to work, send a wreath with threats (Saying that this is from the mafia, the insurance will return everything don't move until we clean

you up). It is important to understand the essence of these thoughts, and the fantasy in the options for using useful information can be limitless. 6.
Leave behind backdoors. Put your secret questions on the mail, tie up

get your 2FA , phones, backup mail. Then with a high probability the holder will not be able to

back to your account quickly and painlessly, and even if it does, you may not notice your backdoor, which you can use again. 7.
Passwords. Many holders use the same passwords, therefore, even if the required service is not in the log, you can pick it up yourself
by brute force

8. Activity. By letters in the mail, you can determine the most popular and latest by date services that the holder uses. From them, choose the
ones you need - those that you know how to work out. These services will be more loyal to fraud, as the holder often uses them, and,
therefore, they have more recent cookies compared to other services.

Contact the author: Jabber: [email protected]

Machine Translated by Google

Contact the author: Jabber: [email protected]