Securing Firefox

From TCF Wiki
Jump to: navigation, search

Contents

Introduction

Chaining a socks with proxychains/proxifier means forfeiting the protection of Torbutton, which leaves you open to browser fingerprinting.

Set everything up as you would at the point of entering card details (enable javascript & allow noscript), then run a test at http://ip-check.info (just cancel the pop-up).

You might get a nasty surprise at some of the info your browser is leaking. Admittedly some of it is a bit alarmist (they're trying to sell a product after all), but some are of genuine concern - particularly if you're trying to card the same site a few times.

I tend to use one browser (regular firefox) for only chaining proxies, and have found the following adjustments helpful. Please feel free to add to the list. http://check2ip.com is also a useful check for mismatches


about:config

  • geo.enabled = false
  • geo.wifi.uri = [leave blank]
  • network.http.accept.default = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • network.http.use-cache = false
  • network.http.keep-alive.timeout = 600
  • network.http.max-persistent-connections-per-proxy = 16
  • network.proxy.socks_remote_dns = true
  • network.cookie.lifetimePolicy = 2
  • network.http.sendRefererHeader = 0
  • network.http.sendSecureXSiteReferrer = false
  • network.protocol-handler.external = false [set the default and all the subsettings to false]
  • network.protocol-handler.warn-external = true [set the default and all the subsettings to true]
  • network.http.pipelining = true
  • network.http.pipelining.maxrequests = 8
  • network.http.proxy.keep-alive = true
  • network.http.proxy.pipelining = true
  • network.prefetch-next = false
  • browser.cache.disk.enable = false
  • browser.cache.offline.enable = false
  • browser.sessionstore.privacy_level = 2
  • browser.sessionhistory.max_entries = 2
  • browser.display.use_document_fonts = 0
  • intl.charsetmenu.browser.cache = ISO-8859-9, windows-1252, windows-1251, ISO-8859-1, UTF-8
  • dom.storage.enabled = false
  • extensions.blocklist.enabled = false

Other Settings

  • Disable all plugins [tools -> addons -> plugins]
  • Disable all live bookmarks [bookmarks -> bookmarks toolbar -> R/click latest headlines -> delete]
  • Disable all updates [tools -> options -> advanced -> update]
  • Enable 'do not track' feature [tools -> options -> privacy]
  • Enable private browsing, configure to remember nothing & disable 3rd party cookies. [tools -> options -> privacy]

Useful add-ons

  • BetterPrivacy
  • Close n forget
  • Ghostery
  • Https-Everywhere
  • Modify Headers
  • NoScript
  • RefControl
  • User Agent Switcher

Reference

Internal Link: Carding Setup (Firefox)