The Best FFox Installation Guide

Section 1.) Installing Virtualization Software/Importing FraudFox OS

Section 2.) Checking Network Connections/Connectivity Issues
Section 3.) On the topic of VPNs
Section 4.) Starting the FraudFox Application
Section 5.) Using SocksCap64 (Also covers proxy chains and using TOR)
Section 6.) Setting up proxy settings in FraudFox Browser
Section 7.) Proxifier (Covers Issues and Possible Work-Arounds)
Section 8.) VIP72
Section 9.) CCleaner
Section 10.) OSfuscate/�dhcpcsvc patcher.exe�

Disclaimer: The information found in this document is intended entirely for

educational and/or entertainment purposes only. This guide is neither intended to
be used to facilitate any illegal activities, nor is it intended to condone any
illegal activities. If you so happen to choose to use this guide for such purpose,
the consequences fall entirely on you.

Introduction

The FraudFox Operating System is the perfect tool for testing out security measures
on websites. It is such a powerful suite of tools that it has become notorious
amongst fraudsters everywhere as it is very effective in defeating security
measures across the board. FraudFox comes equipped with a variety of tools that can
be utilized to spoof user agent and device, create proxy chains, force programs to
tunnel through SOCKS proxies, prevent canvas fingerprinting, and more.

Unfortunately, FraudFox Operating System is not freeware and this prevents many
less fortunate souls from being able to partake in the use of such a terrific
product. Fortunately, there has been such demand for said product to be cracked
that as of 2016 this was successfully accomplished. Now, almost anyone can get use
of FraudFox�s plethora of tools. Being free does not come without a cost however!
There are some glitches and technical issues that must be addressed when it comes
to the cracked version of FraudFox.

This manual/tutorial/guide covers as in depth as possible the setup and

installation of FraudFox OS, the various tools that it comes equipped with and
their operation, and the issues/work-arounds that are a must know for those who
choose to use the cracked version of FraudFox OS.

Section 1

1.) Download and install the Virtual Machine Software of your choice. In this
example we will be using Oracle VM VirtualBox as it is my favorite.

2.) Download the FraudFox .ova file from the source. If the file has anything but
the suffix �.ova� simply remove all of the text that follows the �.ova� suffix so
that the virtualization software recognizes the file.

Now that you have the FraudFox OS (FF.ova) and the software necessary to run it
(VirtualBox in this example,) you will need to import the OS into the
virtualization software in order to be able to run it. This leads us to our next
two steps.

3.) Open VirtualBox.

4.) To import the OS into VirtualBox all we have to do is click on �File� and then
click �Import Appliance.� A screen will display showing a blank textbox with a
folder that has an upward facing green arrow on it. Click the folder then select
the FF.ova file to begin the import. A list of �Appliance Settings� should appear
after you have selected the FF.ova file; do not change these settings. The next
thing that you should do now is click on the box next to the word �Reinitialize the
MAC address of all network cards� so as to prevent networking errors. And, finally,
press the �Import� button. This import process will take about 5 minutes or so.

5.) Once you have the OS imported, go ahead and select it from the list on the left
hand side of the VirtualBox application and then click �Start� which is found above
the list.

6.) The operating system will go through a process in which it advises you that new
hardware has been found. Simply click �Finish� to proceed. The OS will then display
a new prompt asking you if you would like to restart the OS now or wait. Please
proceed to restart the operating system. Once the system is restarted we can
continue on

Section 2

Sometimes users run into issues when the FraudFox OS is first installed which
prevents the user from being able to connect to the internet. The solution to this
problem is very simple and will be covered in this section.

Now that the import and setup of the new OS is complete, we will move on to making
sure the network settings are correct. This is a fairly easy process; start by
opening the Start Menu, then hover over Settings, then select �Network
Connections.�

Once you select �Network Connections� you will see a window pop up that should have
a section titled �LAN or High-Speed Internet.� Under this section you will find an
icon that is titled �Local Area Connection 2� which you will now double-click.

There should now be a window titled �Local Area Connection 2 Status.� Click the
button that reads �Properties� then (under the primary tab �General�) select from
the textbox the line that reads �Internet Protocol (TCP/IP)� and then click the
button that reads �Properties.�

You should now have a new window display titled �Internet Protocol (TCP/IP)
Properties� and you should simply make sure that the radio button labeled �Obtain
an IP address automatically� is selected and that the radio button �Obtain DNS
server address automatically� is selected.

Section 3

Now that we have everything set up I highly advise setting up VPN software in the
Virtual Machine. Setting up a VPN software is a useful step to ensure our complete
anonymity is maintained during our use of the FraudFox OS. But, if you already have
a VPN on your host OS (as everyone reading this document should) adding another VPN
will significantly slow internet speed within the Virtual Machine and is not
entirely necessary. So, you would be sacrificing speed for security if you chose to
go this route. However, if (for whatever reason) you do not have a VPN on your host
OS, please make sure to set one up in the FraudFox OS prior to connecting to the
internet with it!

Section 4

Now let�s move on to getting started using the FraudFox Browser.

Double-Click the FraudFox icon on the desktop. The FraudFox program will open and
you will see a screen that prompts you for username and password. With the cracked
version of FraudFox we can enter whatever we like. For example, I use the username
�123� and the password �456� simply because that is how I was taught, but any combo
works. Make sure to change the connection type to �Using tor2web server,� then
click the �Login� button. You may have to click the button several times until the
error message no longer displays.

Once you are logged in, you will have several options as to what you would like to
do next. Some of these options are covered below, but now I will simply cover
profiles. This is pretty straight-forward, the idea is to spoof the browser to
display the user agent and device as close to the victim�s user agent and device as
possible. The amount of information that you have on the victim may be limited, but
it is important to at very least make it seem that you are in the same region as
the victim (also remember to change your system clock to match the time it is where
the victim resides.) So, go ahead and click the �Create New� under the profile
section and proceed to enter the requested information. As I mentioned, you will
not always know everything about the victim to the last detail so feel free to
choose random settings as necessary.

You can save profiles as .fox files and import profiles as well if someone has
provided them or if you are resuming the work on a project that you had to take a
break from prior.

Once you are finished, click �Start Browser,� and remember to always make sure your
set up is working the way you want it to by checking the results that display on
the whoer.net website prior to beginning any projects.

Section 5

Moving along, we will talk about configuring SocksCap64.

SocksCap64 works flawlessly with the FraudFox Browser which is terrific because it
provides us with a method of creating a proxy chain that will utilize the TOR
network to substantially increase our anonymity when using FraudFox Browser.

SocksCap64 is designed to allow the user to force programs to tunnel through a

SOCKS proxy even if the program doesn�t support said function itself. While this is
one of the more simple functions that SocksCap64 may serve, I have devised an even
better implementation of it by using it to allow me to chain the TOR to another
outside SOCKS5 proxy. In this section we will primarily focus on how to do this,
but I will also touch on other features that Socks64 has available that may be of
interest to you.

So, from the get go, SocksCap64 opens the moment you click the �Start Browser�
button just after you finish setting up/loading the FraudFox profile of your
choice. You will see a blue, red, and yellow icon appear in the task bar once
SocksCap64 is running. Once you see the SocksCap64 icon in the task bar, please
double-click it to bring the program to the forefront of everything.

As I said, I will be touching on other features that SocksCap64 has available aside
from functioning simply as a way to chain TOR to an outside proxy. So, I will now
have you click on the button at the top of the application titled �Proxy Manager.�
This brings up a list of all the proxies that you have saved for SocksCap64 to use.
As you notice initially, there is only one proxy listed, 127.0.0.1:9951. You can
add additional proxies to your hearts desire by clicking the �+� button located on
the left and just below the box showing the list of proxies. In this screen you
will also find two buttons, one titled �Test Settings� and the other �Start
Testing.� These are pretty self explanatory (or so I should hope) and I will
therefore not be elaborating any further on them.

Once you have added multiple proxies to the list, you will be able to switch
between them depending on your needs during your operations. This can be done by
right-clicking on the task bar menu icon for SocksCap64 and hovering over the menu
item titled �Proxy,� by selecting the proxy from the list in the Proxy Manager
screen and clicking activate, or by selecting the proxy from the drop-down menu
titled �Current Proxy� on the main screen.

Unfortunately, there are limitations to using CapsSock64 in that you are only able
to force programs to use a single proxy at a time. Fortunately, we can set
CapsSock64 up to connect to the TOR network, and then set FraudFox Browser to
connect to it as well as tunneling through an additional proxy outside of the TOR
network which will be our final hop after the TOR exit node. This will be the IP
that shows up when we do our projects thus it must match the victims location as
closely as possible. Since in this section I will only be covering how to set up
SocksCap64, please just hold the thought of adding a final hop after the exit node
in mind until I explain more in the next section. Thank you!

So, first we must download the Expert Bundle from the TorProject website. The
current version changes frequently to ensure that security features are as up to
date as possible, so I will direct you to the download page instead of giving you a
direct link to the download. The download page can be found here:
https://www.torproject.org/download/download (just select �Download Expert Bundle�
and then extract the files to the desktop of your FraudFox OS once the download is
complete.)

Now that you have these files downloaded and unzipped to the desktop, we must
backtrack to set up SocksCap64 to help us connect our FraudFox Browser to the TOR
network. So, go ahead and pull up the main screen on the SocksCap64 program and
right click in the white area in the box (or click on the down arrow next to the
�Apps� button at the top of the screen) and select �Add an executable file.� A
window will open titled �New Application Profile.� Now, click the button that says
�Browse,� navigate to the C:/ folder, then navigate to the FraudFox folder and
select �firefox.exe� to add the portable version of firefox to the list of
applications. Now SocksCap64 knows that we want to have this file run through
whatever proxy it may be that we happen to select.

Next, we will go ahead and click �Proxy Manager� at the top of the screen. Go ahead
and click the �+� button to add a new proxy and add 127.0.0.1:9050. Don�t forget to
hit the �Save� button, or the proxy will vanish and you will have to re-enter it
(worth mentioning since I can�t count the number of times this has happened to me.)
Now, select the proxy you just entered and click the �Activate� button.

You�re finished! Well, almost, all you have to do now is open the folder on your
desktop that contains the Tor Bundle files, go to the folder titled �Tor,� and run
�Tor.exe� A o prompt window will open and a connection to the tor network will be
established.

Alright, now open the FraudFox Browser like we do normally, and you�re free to
browse the web through the TOR network in total anonymity!

Section 6
So, now all we have to do is add the final hop after the exit node which will be
our SOCKS5 proxy that matches as closely as possible the location of the victim.
Once we have this proxy information, we will open FraudFox Browser. At the top of
this window there is a drop-down menu titled �Tools� that you will open and then
select �Options.� Once you have the �Options� page open, locate the section titled
�Advanced� in the list on the left hand side of the screen and click it. Now go
ahead and proceed to the page titled �Network� by clicking it, and on this page
under the �Connection� section you will select �Settings.� A window titled
�Connection Settings� will appear and you want to click on the radio button labeled
�Manual proxy configuration:� and enter the SOCKS5 puroxy information into the
relevant fields and check the box that it labeled �Remote DNS.� Click the �OK�
button and you�re good to go!

To ensure you are routing the traffic through the proxy after the TOR network you
can go to SocksCap64 and click on the �Connections� button at the bottom of the
main screen. Now, check the IP and Port numbers that are being displayed under the
column titled �Target.� These IP addresses and Port numbers should ALL match your
proxy IP address and Port number, if not you must go back and double check your
work.

Section 7

Using Proxifier is a better alternative to using SocksCap64 coupled with the proxy
settings found in the FraudFox Browser because it allows us to create a much longer
proxy chain. This sounds great in theory, however since we are using a cracked
version of FraudFox and proxifier there are some issues. The primary issue being
that attempting in any way shape or form to use proxifier in combination with the
FraudFox Browser will cause the FraudFox Browser to crash as soon as you attempt to
open it. I have tried every way under the sun to avoid and prevent this, but I have
not been successful.

The only work-around I can really think of would be to set up another portable
Firefox Browser and install add-ons to mimic the functions of the FraudFox Browser
and use this instance of Firefox with Proxifier. Two such add-on that would be
useful in this regard include �Random Agent Spoofer� and �Chameleon.� The only
dilemma is that such add-ons do not offer as many spoofing options as those
available when using the FraudFox Browser. Missing features include spoofing of
Fonts, Plug-Ins, Canvas, Time-Zone, Screen Resolution, and Language. That�s a lot
of missing features!

A couple add-ons that I am aware of that may assist in covering these missing
features is one published by Browser Plugs that can be found on the Mozilla website
as �Browser Plugs Spoof FP Random� and another by Multilogin titled �Canvas
Defender.� The first allegedly spoofs and/or blocks many of the things that cannot
be spoofed by �Random Agent Spoofer� or �Chameleon,� but there are few reviews and
I have little personal experience. The second has somewhat poor reviews and thus
may not be the best alternative. Because of these things I HIGHLY recommend against
attempting to utilize Proxifier until someone comes along and develops better add-
ons that are more effective.

If you should so choose to use Proxifier simply understand that it will not be
possible to do so with the cracked version of FraudFox Browser included in the
installation of FF OS you have just installed. As I said, there are potential work-
arounds that have major issues preventing them from being feasible options so we
will not be covering anything further on the set up of Proxifier at this time.

Section 8
VIP72 is a well known SOCKS proxy and VPN service provider amongst those who have
been around on the dark net for a while. Their proxies are entirely anonymous and
encrypted even without a VPN, no one can see your real IP on the proxies, no logs
are kept whatsoever, and HTTP headers are not modified. The installation of
FraudFox OS that you now have fully functional is equipped with a copy of the VIP72
software for your use.
In order to get started however, one must have a username and password which is
very easy to obtain. There are two methods of going about this: either by going to
the VIP72 website and registering for a username and password then purchasing
service, or by purchasing the login credentials from someone on the dark net. Costs
range from 3 USD for a 2 day trial that only allows the user to choose from 10
proxies to 299 USD for a years worth of access to unlimited proxies and 181 days of
VPN as well if you go the route of purchasing via the official website. Else wise,
on the dark net, you�ll only be spending about 20 USD for unlimited proxies for a
lifetime.
Once you have the login credentials, feel free to login and get started. Simply
find the proper proxy and click it then start the FraudFox Browser and you�ll be
all set to go. Always double check that your IP is effectively changed by visiting
https://www.whoer.net/ext before beginning your operation.

Section 9

CCleaner is an excellent tool for cleaning out cookies, history, and registry
files. It comes with the FraudFox Operating System and should be used to clear the
system cache just prior to beginning your projects. I will not delve much into this
as the program is the most user friendly thing included in the FraudFox Operating
System. Just remember to clean things up right before starting your operations and
in between each operation and you�ll be solid.

Oh, and keep in mind, CCleaner does not affect the browsing history, cookies, or
other such files stored in .fox profiles; CCleaner only clears the files in the
browser itself.

Section 10

Osfuscate and �dhcpcsvc patcher.exe� were both designed to allow the user to change
his/her Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMiner, Ettercap, Nmap,
and other similar OS detection tools. I personally find it is of very little
practical use and also it is only somewhat effective, but it is a fun little tool
that you may like to fool with if this topic is one that interests you at all.

Due to its limited practical applications and its only having partial
effectiveness, I will not cover this program in depth in this manual. I felt the
need to at least give it the brief explanation it deserves. And, if you would like
more information, please visit the official webpage at:
http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-
ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-
tools