Home » Security Tutorials » Securing Firefox
Click Here To Hide Tor

Securing Firefox

Written By: Unknown

Introduction

Chaining a socks with proxychains/proxifier means forfeiting the protection of Torbutton, which leaves you open to browser fingerprinting.

Set everything up as you would at the point of entering card details (enable javascript & allow noscript), then run a test at http://ip-check.info (just cancel the pop-up).

You might get a nasty surprise at some of the info your browser is leaking. Admittedly some of it is a bit alarmist (they’re trying to sell a product after all), but some are of genuine concern – particularly if you’re trying to card the same site a few times.

I tend to use one browser (regular firefox) for only chaining proxies, and have found the following adjustments helpful. Please feel free to add to the list. http://check2ip.com is also a useful check for mismatches

about:config

Quote

geo.enabled = false

geo.wifi.uri = [leave blank]

network.http.accept.default = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

network.http.use-cache = false

network.http.keep-alive.timeout = 600

network.http.max-persistent-connections-per-proxy = 16

network.proxy.socks_remote_dns = true

network.cookie.lifetimePolicy = 2

network.http.sendRefererHeader = 0

network.http.sendSecureXSiteReferrer = false

network.protocol-handler.external = false [set the default and all the subsettings to false]

network.protocol-handler.warn-external = true [set the default and all the subsettings to true]

network.http.pipelining = true

network.http.pipelining.maxrequests = 8

network.http.proxy.keep-alive = true

network.http.proxy.pipelining = true

network.prefetch-next = false

browser.cache.disk.enable = false

browser.cache.offline.enable = false

browser.sessionstore.privacy_level = 2

browser.sessionhistory.max_entries = 2

browser.display.use_document_fonts = 0

intl.charsetmenu.browser.cache = ISO-8859-9, windows-1252, windows-1251, ISO-8859-1, UTF-8

dom.storage.enabled = false

extensions.blocklist.enabled = false

Other Settings

Quote

Disable all plugins [tools -> addons -> plugins] Disable all live bookmarks [bookmarks -> bookmarks toolbar -> R/click latest headlines -> delete] Disable all updates [tools -> options -> advanced -> update] Enable ‘do not track’ feature [tools -> options -> privacy] Enable private browsing, configure to remember nothing & disable 3rd party cookies. [tools -> options -> privacy]

Useful add-ons

BetterPrivacy
Close n forget
Ghostery
Https-Everywhere
Modify Headers
NoScript
RefControl
User Agent Switcher

4 comments

  1. Brilliant tutorial, can you please advice the if config script do you enter this into the cmd prompt terminal in windows?

  2. there is no mention of javascript.enabled, which makes me question the rest.

  3. Still a lot of good info in here.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *