Pavel Piatruk’ tech & personal blog

Fighting against Passive OS Fingerprinting

The article describes steps to install OSfooler-ng to prevent your host OS be recognized by Passive OS Fingerpringting (p0f).

I used a fork of OSfooler-ng because original project seems to be abandoned. Moreover the fork can be installed on modern Linux distros and doesn’t require old packages.

Check the fork’s page: https://github.com/moonbaseDelta/OSfooler-ng

Centos 7

yum install epel-release
yum install python git python-pip wget gcc make python-devel libnetfilter_queue-devel libnfnetlink-devel 

Centos 8

sed -i s/enabled=0/enabled=1/ /etc/yum.repos.d/CentOS-PowerTools.repo 
yum install epel-release
yum install python2 git python2-pip wget gcc make python2-devel libnetfilter_queue-devel libnfnetlink-devel

Ubuntu 18.04

apt install libnetfilter-queue-dev libnfnetlink-dev python python-setuptools python-pip

Install OSfooler-ng

This step and following steps are OS-independant.

pip2 install NetfilterQueue
git clone https://github.com/moonbaseDelta/OSfooler-ng ; cd OSfooler-ng
python2 setup.py install
osfooler-ng -u 
osfooler-ng -o Windows  -d "SP3" -i tun0 

Check

curl http://witch.valdikss.org.ru/ -Ss | sed -n '/^<pre/,/NTL/p'

Should return Detected OS = Windows NT kernel [generic]

Or visit https://whatleaks.com or https://doileak.com or https://whoer.net

Notes

  • some home routers do change TCP options, so consider using a VPN to the cloud for tests
  • Virtualbox also may change TCP options, so GuestVM->Host->VPN may not work because TCP opts are changed between GuestVM->Host.
  • for tests you can use P0F (https://linux.die.net/man/1/p0f) on remote side.