DEV Community: Bpass25

How do websites, governments, or others detect that you are using a VPN, Tor, or proxy even though you have enabled protection?

Bpass25 — Wed, 15 Apr 2026 15:38:54 +0000

Look, my friend, before I answer you, you need to understand something, or rather, the difference between two things:

1- Hosting IP (Data Center): This is the IP provided to you by global companies like Amazon, DigitalOcean, and others. Most VPN companies buy VPS or systems from them, convert them into their own VPNs, and then resell them. This depends on the company.

2- Residential IP: This is the IP provided by internet service providers of all types. Any ISP that gives you access to it comes from the same company, regardless of the company. It's a source from the same country. Do you understand?

Now that we understand the difference, let's move on to the most common ways you can be exposed:

1- The concept and term (DNS leak): Look, my friend, the internet is vast. When you activate a VPN or other connection and try to connect to a specific website, what does your device do? It sends a real connection from your real IP address to the website, even though you're running a VPN. This is how you're exposed, so you need to disable this option or use extensions to block it.

2- The concept and term (DPI): This type of technology is most commonly used by governments. Every VPN and every connection method differs from the original packet structure and order. For example, (protocols specific to OpenVPN and WireGraduate) have a specific packet order, code, and unique signature. DPI technology examines and interprets this packet order to distinguish it from the original packet, thus directly revealing that a VPN is active.

3- The most common concept and term (IP Reputation) Global websites have something called a data center for their hosting providers (IP addresses belonging to these companies). We explained this concept previously; when you try to access a website while connected to one of these IP domains, you are detected.

4- The concept and term (WebRTC): This is a vulnerability that allows your browser, whether Firefox or another, to send real IP addresses and information to websites. This is very common and should be patched, even though it exists in newer versions. This is done through very simple JavaScript commands.

5- Time zone and time conflict (very important): You know, my friend, that when you send data to a website, it naturally sends a set of headers, such as your device version, browser, time, etc. What will this website do? The website will compare, for example, your IP address in London with your laptop's time zone. What will it show? That you're using a location changer, which is very dangerous.

That's why you often see websites detecting you, governments quickly tracking you, and even hackers sometimes unable to commit fraud. You can find information about this in something called "block IP lists"; search for it online.

Also, an additional piece of information: recently, some VPN websites have started providing you with a residential IP address, which reduces detection. However, with recent advancements, especially modern banking websites, you'll be comparing the IP address used to log in to your account with the new login IP and requesting identity verification. Do you understand?

How are satellites hacked? And how were television broadcasts hacked back then?

Bpass25 — Wed, 15 Apr 2026 15:37:45 +0000

My friend, this is a very sensitive topic. Hacking it isn't done through missiles, physical means, or war, as we might say. No, it depends on certain things, including manipulating something called signals or terrestrial systems.

So, what do we mean by this in relation to satellites and hacking them?

1- If we think about it together, what controls a satellite? Simply put, you might say that there are ground stations that control this, sending and receiving signals. Well, if these stations, or one of their users or operators, are compromised, you gain access to the satellite's broadcast and the satellite itself, as if you own it and can manipulate it as you please.

2- If we consider what the satellite is doing up there, how it knows all the details, and so on, satellites broadcast signals over very large areas of the Earth. This depends on the distance and proximity to the Earth, and these are physical factors. Here, you need a signal receiving dish like an SDR to capture the incoming data. The challenge you'll face is encryption. Older satellites used to transmit unencrypted data, but now the situation is completely different.

3- In systems with vulnerabilities that lack verification and authentication mechanisms, the attacker can inject specific frequencies or malicious commands that can trick the satellite into granting them privileges or enabling them to perform a function. Specifically, even sabotaging the satellite itself.

So, how does TV broadcast hacking happen?

Such operations are often called Signal Intrusion, and there are several methods:

1- The hacker broadcasts a signal stronger than the original channel's signal, using the same frequency directed to the satellite. Consequently, the satellite receives the stronger signal, and the broadcast ends up with the hacker.

2- Modern channels now transmit their content via the internet. If the hacker manages to access the main broadcasting servers or encoders, they can replace the channel's video with their own and rebroadcast it.

3- Sometimes, it's not necessary to hack the channel itself. Hackers compromise people's receivers through malicious software updates, causing people to see a different broadcast.

And that's all, because this topic is widespread, and many people have been deceived into believing that so-and-so hacked a channel and did this or that, when it's all just a scam. Photoshop

Today's lesson is about social engineering.

Bpass25 — Wed, 15 Apr 2026 15:36:33 +0000

Our friends and followers, you are all familiar with the term "social engineering" in the field of cybersecurity or information security in general. It's not limited to one area; this term is also used in other contexts, such as by negotiation and diplomacy experts in government, politics, and all public spheres.

But today, we'll discuss its application within the digital and technical field:

The goal of social engineering in the world of technology is (control) and (increasing trust and dependency in people). When someone gains trust and dependency, the other person's power over them becomes stronger, granting them privileges not even afforded to those closest to them.

We mustn't forget that it has both negative and positive aspects, but its foundation rests on the mind manipulator—the person who uses social engineering techniques for their own benefit or against others.

But does everyone possess this ability? Absolutely not! Because such a person either possesses it innately or acquires it through harsh life experiences and interactions with all kinds of people, or through reading profound philosophical and psychological books that study different personality types.

For example, we will give you some examples that you may have seen before:

1- A person who feigns stupidity and ignorance. This type of person sometimes uses this tactic to obtain information from intelligent people and later use this information against them.

2- Someone who is accused of something, for example, Ali goes to Ahmed, and Ahmed hasn't done anything wrong, and Ali accuses him of saying such and such things about him, and Ahmed doesn't say anything! How did this happen? The person who engineered Ali, or the so-called "mind hacker" (proved to him that Ahmed had spoken about him in some way; the essence of engineering is proof, evidence, or persuasion by any means, whether legitimate or illegitimate).

3- The person with two categories: (social) and (calm). I don't mean everyone, but rather people who possess the engineering mindset. You might see this person as social with everyone, but what goes on in their mind is something else. For example, Ali hates Ahmed, and Ahmed hates Ali. What does this person do? They create a relationship between the two and remain neutral. Why? Because there might be a mutual benefit for both of them. But problems might arise between the engineer and these two. For example, Ahmed finds out that the mind hacker is in contact with Ali, so he might cut off contact with him. In this case, the person with the engineering mindset will switch to a calm mindset and abandon the social one.

For example, what does he do? (He tells Ahmed that his staying with Ali is for a very serious reason, such as being monitored by the professor, who informed him, thus giving Ahmed a convincing reason to stay in contact with Ali, or telling him things about Ali that aren't true, and so on.)

Note: Social engineering isn't limited to tricking someone into clicking a link, or convincing them to enter a certain website. If this is how you think, then you have a limited or superficial way of thinking.

Therefore, the foundation of mind hacking and social engineering is (planning, continuous thinking, gathering evidence and information, studying the human mind, music, qualifications, and relationships).

How can the National Intelligence and Security Agency and the Intelligence Service locate a person using only their phone number?

Bpass25 — Wed, 15 Apr 2026 15:34:27 +0000

This is a common question, and the answer is quite simple:

1- They need a court order against this person to obtain their information.

2- What is the mechanism by which this information will be obtained?

Look, my friend, you know that every device has two things (IMEI and IMSI). These are present in the device and are very important. They contain information about the device and also information about the company that issued it.

When you buy a SIM card and put it in your phone, and then you top up your credit, make a call, or even just it picks up a signal, what happens? During any operation, your device will send information (IMEI and IMSI) to the company along with the device's exact location and its proximity to which cell tower—that is, which tower the signal is coming from. Therefore, they will know all your information, including the information registered on the SIM card, its location, and device information.

So, one question remains:

Why are some SIM cards or numbers difficult to track or trace their origin?

For example, "phantom lines" or what are called "phantom lines"

Firstly, these lines are registered under other people's names, meaning their information differs from yours. Secondly, when you buy this type of line, data will be continuously transmitted, but the person's identity will remain unknown.

Note: Even if the person changes the line, their digital fingerprint will still be present and they can be identified.

What is Honeybot? (With Honeybot)

Bpass25 — Wed, 15 Apr 2026 15:33:08 +0000

1- Honeybot: Some call it a honeycomb, others a trap, and there are countless other names, but it serves the purpose of protecting your system or service.

For example, we'll discuss the Honeybot process on a service with an open SSH port for shell execution, sharing, and other functions.

The idea behind it: This honeybot makes the server appear very weak, as if it's riddled with vulnerabilities. However, it's actually an isolated environment, completely disconnected from the system – a form of sandboxing – to trick the attacker into thinking the server is vulnerable.

How it works: Honeybots operate in various ways, but we'll focus on the most important type: the type that gathers information about the hacker. How does this happen?

It works through what's called an Epport (Electronic Random Port), which is opened between you and the server to transfer information or data. Once this port is closed, what happens? Your server will disconnect.

Example: A hacker enters the trap. This trap contains fake information and data to deceive the hacker while it gathers information. For example, if the hacker pulls this data, you will then corrupt this data and let the hacker open it. This could allow you to gain access to it or gather information about it.

In short: Instead of trying to defend against and stop the hacker, turn your efforts into gathering information about the intruder.

What are data collections and how are they related to the concept of OSINT?

Bpass25 — Wed, 15 Apr 2026 15:31:45 +0000

Hello everyone! Today we're going to talk about some concepts and clarify a few points.

1- Data Collections: We can say that it's about obtaining information from various sources. Through your collection, you can arrive at a specific result or conclusion. This isn't limited to the data itself, but also includes clarifying its accuracy, validity, and so on.

It includes three types:

1- Structured Data: This includes databases containing names, dates, etc., regardless of whether these databases are public, governmental, or otherwise.

2- Unstructured Data: This includes public images, social media sites, public comments, emails, etc.

3- Semi-structured Data: This includes files such as JSON, XML, and Hex.

2- OSINT: This stands for Open Source Intelligence, which refers to public sources or open-source intelligence.

This includes:
The Internet (websites, blogs, etc.) Forums)
Social Media (SOCMINT)
Public Government Records and News Articles
Geographic Data (Satellite Imagery)

What is the relationship between the two?

The answer is that you can't do one without completing the other.

Technologies used to gather information: There are many, and they depend on the individual's search method, whether legal or illegal, but generally, they are considered legal.

Examples of tools used in such matters (automation):
1- Maltego
2- SpiderFoot

What is a buffer overflow vulnerability?

Bpass25 — Wed, 15 Apr 2026 15:30:06 +0000

Hey everyone! Today we're going to talk about this vulnerability, and I'll explain it simply with examples:

Real-world example: Imagine you can only drink one bottle of water at a time. After that, you can't drink more. If you drink more than you can handle, you might get hurt, or even explode.

Programming example: You have a program that can handle a certain amount of data. If you give it more than that amount, the program will return more data and information that shouldn't be displayed.

Practical example: You have a website with an input box, and it asks you to enter, for example, a maximum of 5 characters. What will a hacker or attacker do? Simply put, they'll enter 50 characters. This will cause the program to fill up the first 5 characters, and the remaining extra characters will fill up other areas of memory. This will either cause the program to malfunction or give you information that shouldn't be displayed. And it's not limited to data; it can also involve executing instructions (command points). Prompt

Most Common Vulnerability Types:

1- Stack-based Overflow (Most Common)

2- Heap-based Overflow (More complex, but the vulnerability can still be exploited)

How to Protect Yourself from This Vulnerability:

1- You must be an experienced programmer, especially regarding functions, particularly in languages like C++ and C. Avoid using suspicious functions, for example. Modern languages like Python and others are relatively protected from this attack because they manage memory themselves.

2- Use protection techniques (stackcanaries, dep, aslr)

What is the RCE vulnerability?

Bpass25 — Wed, 15 Apr 2026 15:28:20 +0000

Hello everyone! Today we're going to talk about RCE, which stands for Remote Code Executions.

It's a vulnerability that allows a hacker or attacker to execute malicious code directly on a system. These commands are executed without any filtering or blocking, and it's considered one of the most dangerous high-level vulnerabilities.

A simple example: If we have a tool that pings a website to see if there's a response, what would a hacker or attacker do? They would modify this command. How?

The correct command is: ping 1.1.1.1. What the hacker would do is: ping 1.1.1.1; ls
What does this mean? It tells the server that after you finish your operation, you want it to perform another operation, which is ls, meaning "display files." This allows you to view files and also execute other commands.

What are the most common types of RCE (Remote Control)?

1- Code injections

2- Command injections

How does a hacker or attacker gain control? My friend, they will insert malicious code, or rather, they will use tools that exploit vulnerabilities, for example, by creating a reverse connection from the server to their computer, for example, via SSH. There are many ways, but all roads lead to Rome. Once they reach the shell, they will begin the privilege escalation process, which we will explain later. Or they might not use this method because they can execute commands from a previous tool directly with high privileges, depending on the attacker's thinking and method. The important thing is that they have found a way to access the server.

How is it detected? 1. Perform a static source code analysis of the website or server to identify functions that exploit REC vulnerabilities, commonly referred to as SINKS by programmers.

Perform a dynamic analysis that examines headers, cookies, and input data used to inject payloads to understand the responses and potential consequences. For example, I wrote malicious code and included a response. If the server takes 10 seconds to respond, it means the command was executed. This is another example of how to determine if the server has the ability to perform external scans or make external connections via, for example, curl.

3- The libraries used in the project are checked, as one of them might also be infected, which would expose the server to the same problem.
4- And many other methods.

How to solve these problems:

1- Forget about using built-in functions like eval or system.

2- Isolate tools or other user-server-based applications in an environment separate from the main server. Even if someone manages to gain access, they won't be able to do anything. Permissions on the server or other entity should also be minimized.

3- Enabling a web application firewall is crucial for blocking suspicious requests and filtering commands from being executed directly.

What is a PGP key?

Bpass25 — Wed, 15 Apr 2026 15:23:57 +0000

Hello everyone!

Today we're going to talk about PGP, a very complex encryption algorithm that can only be cracked by possessing certain things. So, what are these things? What's the purpose of this encryption? And where is it used?

This encryption is a very complex algorithm or encryption whose details are difficult to understand. It's either RSA or ECC. It has a size of approximately 1024 or 4096.

You can also specify an expiration date for this code, preventing anyone else from using it.

What does it look like?

-----BEGIN PGP PRIVATE KEY BLOCK----
xcFGBGlUNI0BBADAPYHvRd7RMmKVCtgWnoGJmpTziZXJ8nX0ON3FlPbmFMECvf14
X1UGVToEM1KZg/p++NcMyFq01wXkuHrYrBCpNgLxxdgzMeTZF2WK6e9DEH9jWSnk
LaqYqT9Y6kNdwz535TmfZV7KcHzmHTFTC1mvIOPVHRnZ0ao1RFpSO7eYdQARAQAB
/gkDCIcCY/36UTwhYHcEPZ+J0Q9n0FZ3kyjFB64YsGBhjAf94fXK62p4CNat4lwh
KfoR3 9GOZyu5wLNVQnbVlcq7/IA/h8tAQS9f/Rvw7plbsawtk7JgbRXFUCeeTk96
ED4gGa39vkQlE5vGkv3lQH4BKyJRFKWOhwrrPQjviRQJ4D946l+Mf8O4lMO9UULn
CQwFjAIXfjsR37PtLKh+cxfcL2Je2thRrwD/a8F/2LCnKQRnYELWq8HnqyqiTCHb
ONDa+nBqWZqKWxO9pWLtBZd8nZBplh6CB2Z6h3ECxiGejkeCZwR+MWrApgqn
.....................to Finally

Okay, there are two types:

1- Public code, which can be shared anywhere, whether in messages, conversations with friends, or anywhere else. No hacker can break it or know its contents.

2- Private code. This must be kept secret because it puts you at great risk. Everything encrypted with the public code can be read, thus exposing you to the risk of having your sensitive data compromised.

Note: When creating the code, you will be required to add a password. This is very important because the decryption will be based on that password. It must be very strong and not known to anyone. This encryption is also signed using PGP to confirm that the message or content is indeed from that person.

What is its benefit? To encrypt sensitive data or data that is vulnerable to theft or other issues, so that no one can read its content.

How it works: Simply put, you write your message, then take the public key (available to anyone), insert your message into it, and it will be automatically combined with the code before being published. In general, no one can read it anywhere. Then, someone will take it to a person responsible for the key and open it. They will ask for their password to decrypt it, and thus they will get the message's content.

This key is widely used on the black market, or what is called the dark web and the deep web.

Note: This is a metaphor to say that encryption cannot be broken, but such encryptions or algorithms would take thousands of years to break. (Laughs) You understand them, like quantum computers, of which only one chip has been found so far, at Google, so it's practically impossible.

Note: The RSA and ECC used here are mathematical algorithms used in encryption processes. They are used together, like combining them. It can be said that PGP is a protocol that combines more than one encryption and more than one algorithm.

What is the difference between encryption, hashing, obfuscation, and encoding?

Bpass25 — Wed, 15 Apr 2026 15:22:47 +0000

Hello everyone! Today we'll be discussing several topics.

1- Encoding: Simply put, it's the process of converting data from one format or shape to another, such as BASIC64 or URL encoding.

Benefit: Not for protection or encryption, but because some systems require it to handle complex images or text. #Anyone can easily reconfigure the data.

Where it's used: Mostly on websites.

Example: From "Hello World" to "Hello%20World%21"

2- Encryption: This process converts data into a known text or shape. A key is used to decrypt it.

Benefit: It encrypts data, making it unreadable by anyone.

Where it's used: In many applications, such as WhatsApp, for encryption. When a message is sent, it's encrypted with a key and decrypted when it reaches the recipient with a specific decryption key. (Note: If someone manages to obtain the decryption key, the message is lost. This is difficult and requires extensive expertise.)

Example: hi ali will be converted to Ax7#92!kzQ

3 - Hashing: Converts data into a fixed form or number, such as using the SHA-256 hash type.

Benefit: Ensures that the data has not been tampered with or modified, as it will be subject to matching.

Note: It cannot be reverted to its original state as in encoding, but it can be broken, meaning it is one-way, unlike binary encryption.

Where it is used: It is used in storing passwords. Databases do not store data as numbers like 1234, but as hashes, and even the website programmer cannot decipher it.

For example: The password MyPassword123 is converted to 48503dfd58720bd5ff35c102065a52d7

4 - Obfuscation: A process that converts data into a very complex and incomprehensible form, although this code will function normally when executed. Benefit: It's used to protect the application from reverse engineering, hacking, or other operations aimed at damaging or cracking it in general. Hackers also use it to bypass security measures, antivirus software, and so on. So it's useful for both sides 😂😂😂. However, the type of interference varies because it can also reveal [something].

Example: PrintPassword() to a1_x9()

Or another example using JavaScript:


From `function checkLogin(user) {
if (user == "admin") return true;

}
To `function _0x2b(_0x1){if(_0x1==\x61\x64\x6d\x69\x6e){return!![];}}`

How are Cloudflare-based websites attacked using a distributed denial-of-service (DDoS) attack?

Bpass25 — Wed, 15 Apr 2026 15:20:11 +0000

Hello friends, many of us know that the global company Cloudflare offers protection services against DDoS attacks and many other types of attacks, aiming to provide website protection or security in other words. However, despite this protection, we still notice websites falling victim to such attacks. How does this happen?

Hello friends, many of us know that the Cloudflare website offers protection services against DDoS attacks and many other attacks. Look, my dear friend, there are many methods, but today we'll talk about one of the most common in our educational journey or generally used. Attackers use something called 2CAPCH (Cloudflare bypass) and combine it with threading and requests—that is, any DDoS tool, whether it's programmed privately, set to default, or set to all-view. But be aware, this doesn't mean the site will stop working; it's simply one of the methods used to bypass CAPCH while simultaneously obtaining the real IP address.

In normal circumstances, without combining the two, Cloudflare will directly intercept the attack on the site. However, if a bypass is used, it will bypass Cloudflare's protection, and the site will be vulnerable to attack.

How to protect against this method, or DDoS attacks in general, if they occur:

1- Enable the "Under Attack Mode" option.

2- Set a limit for requests.

3- Enable Browser Integrity Check.

4- Enable the Managed Challenge service.

What is a proxy, what are its uses, and what are its disadvantages?

Bpass25 — Wed, 15 Apr 2026 15:18:55 +0000

Hello friends, today we're going to talk about proxies. So, what is a proxy?

Simply put, it's an intermediary between you and a website, or between you and something else, whether it's a server, a website, or something else.

What it offers:

1- Basic, not strong, protection.

2- It unblocks blocked websites.

3- It's relatively fast compared to other options.

4- It's used temporarily.

Disadvantages:

1- Its protection isn't strong, and your data is unencrypted. Your IP address is stored in the LOG and LAST fields of the proxy service provider, which puts you at risk if you contact the service owner or through other means.

2- Some websites detect that it's a proxy and therefore block it, preventing you from accessing it.

Thank you.