Today's class is on ANTIDETECT BROWSERS

In this class, we are going to talk about ANTI-DETECT BROWSERS (AD) in general, and
analyze two of the most popular ADs available on the market today to understand
some of the features and tricks in working with this software
For those who have been in the fraud business for some time, AD browsers are
something very common and well known, but for beginners who have just recently come
into contact with this business, it will be very useful to get to know these
programs.
ANTI-DETECT is a program or a set of programs that allow you to create a unique
fingerprint of a system, change various parameters and configurations in order to
bypass the ANTI-FRAUD system in online websites, payment systems (PAYPAL, SKRILL…),
online banking, and wherever else you want to change your identity for a specific
purpose.
A huge advantage of AD is that they allow you to use your system for working
without changing any of the settings directly on your system, thereby saving you
precious time. Previously, the main purpose of AD was to create a unique digital
fingerprint of a system, but now it is not only that, but to also make all prints
and parameters natural, so that you can appear as generic and as normal like every
other person using the internet. This is extremely useful for our work.
To better explain this, I will use real life examples of how ANTI-DETECT & ANTI-
FRAUD work together. First, let’s imagine the FACE ID on your iPhone is an ANTI-
FRAUD SYSTEM, and to unblock it you need to show a NEW face every time. Thanks to
ANTI-DETECT, we can make perfect faces, for as many users as we need, working fast
and efficiently.
Now for another example, let’s imagine that FACE ID on iPhone is again, an ANTI-
FRAUD SYSTEM/PROTECTION, and in order to bypass it, you need to show the same face
every single time, which in principle, is the actual reality with iPhone. Then we
can “copy” the owner’s face and successfully bypass this protection (of course,
knowing approximately how this “faceprint” should look like).
In modern AF SYSTEMS, updates are released and new securities are launched for the
system, literally every single week, and in some cases, every single day.
For example, in such a large store like Amazon or PayPal, the behavioral factor is
assessed by a neural network, your IP, DNS, and your “fingerprint” on the Internet,
which are also assessed by various parameters (more details below).
Therefore, although ANTI-DETECT plays a very important role, success lies not only
in its use, but in its correct use in combination with other factors, which I
indicated above and in previous classes. With deliberate work, analysis of your
setup and various tools that you use, you are bound to succeed. Below is a link to
a video of how THREATMETRIX (a very well-known AF system) works. Watch after the
class is over, and you will understand that the browser plays an important role,
but it’s far from being the only one.
https://www.youtube.com/watch?v=2PQxoQQOPpY
http://prntscr.com/isj1yg
On the screenshot above, you can see how many parameters are considered, when AF
systems analyze an email address.
ANTI-DETECT TYPES
There are two types of AD:

1
AD which allow you to change the hardware parameters of your system or virtual
machine. These parameters include information about system processor, video card,
BIOS, network card, date of creation of root folders, and system, and various other
parameters relating to the hardware of a computer. These ADs are needed when
working with programs that are installed in Windows such as PokerStars. EXAMPLES of
this type of AD:
A) ANTIDETECT VEKTOR T13 – A well-known software for use in VIRTUALBOX. The
disadvantage of this solution is that it is free, so you will not receive full-
fledged technical support, and getting a consultation for money will still take a
huge amount of time and it’s not a fact that you will still get it.
B) AFF COMBINE (KRAKEN PRO) – A relatively new AD for VMWARE, which also includes
the browser ANTIDETECT. Sold on WWH-CLUB for $1400. The AD is supported by the
author, and there is support in Telegram, as well as a general chat for discussing
work and solving various problems.

1
AD which allow you to change browser settings, thereby imitating a system or
device. With the help of these AD, you can imitate any system (Windows, Mac OS X,
Linux, Android, iOS, etc…) as well as any browser (FF, Chrome, Opera, Safari, etc…)
and any console (Smart TV, Game Console, etc…). These AD are divided into two
categories.
A) AD BASED ON FIREFOX BROWSER – This includes ANTIDETECT 7.5, ANTIDETECT FROM GOOD
JOB, AFF COMBINE, ANTIDETECT IVAN IOVATION.
B) AD BASED ON CHROMIUM BROWSER. This includes ANTIDETECT FROM CERT, ANTIDETECT 8 &
GENESIS SECURITY.
Category “B” AD have a higher purchase price than the first ones, because they
require more cash investments, and more knowledge to create.
And finally, we have AD which are written directly into the source code of an
engine. Of examples that I know of, LinkenSphere and AntiDetect from Cert. Cert is
available for $5000. The price is unreasonably high and each update also costs from
$50-300. I personally do not recommend it.
Overall, in my experience, there are many AD available, but I only use LinkenSphere
(for some types of carding/accessing bank accounts...) as well as Incogniton, CHE &
Dolphin.
Those are what I recommend every one uses
ANTIDETECT 8 is a Chromium based AD. The author also developed AD 5, 6 and 7 which
are based on the FIREFOX browser. These tools are very good and have proven
reliable with time. AD 8 is not a very popular product, there are no more than 30-
40 users of AD in total. It is sold for $3000 + $100 monthly subscription fee. The
AD is not updated quickly and efficiently, but it does have some advantages over
LinkenSphere such as FREE CONFIGS, NON-UNIQUE CANVAS, and SMALL NUMBER OF USERS.
More on Canvas below.
BYTE ANTIDETECT 7 is an AD based on the FIREFOX BROWSER. In contrast, version 8 of
AD is supported and version 7 of AD is periodically updated. The author sells it
for $500 lifetime payment or for $100 monthly. You can buy the version 7.1 from
BILLY BONES on WWH-CLUB.
ANTIDETECT IVAN IOVATION is an AD from a Romanian author, which appered on forums
very recently. It also includes an IRON AD, but the main focus is towards browser-
based AD, which is why I put it in this category. AD based on FIREFOX. The price of
this solution is $200 per month, which is quite a considerable amount for a
beginner. Among the disadvantages of this AD are its price, complexity in
installation, difficulty to install and even according to the manual, it is very
difficult to use and not very user friendly. Technical support from the author
costs $99 per day.
GENESIS SECURITY is not an AD like the others I explained. It is mostly used for
logs
The product has a GENESIS MARKET addon with a large number of bots that you can
buy. The price of a bot is average $20-60. A bot can contain logs, browser cookies,
and most importantly, a fingerprint of the system, which from the point of view of
AD can be called a config (more on this later). Buy a bot that has access to PayPal
in its logs, a browser cookie and its fingerprint, we essentially get an excellent
option for working with logs, thereby increasing our chances of success, since in
addition to browser logs and cookies, we have a system fingerprint, which will
convey high trust in AF system.
However, from the point of view of conventional carding, it is not very useful for
$30 or more per config. But the plus of this option is that access to the config
shop is completely free, and there is no monthly payment involved. All expenses
will only consist of buying bots (configs).
Another significant disadvantage for a beginner in this shop is that there are no
replacements. For example, if you take the PayPal or Amazon log or some other shop
and the LOGIN/PASSWORD turn out to be incorrect, then no replacements will be given
from GENESIS SHOP. Therefore, with beginners, there is a risk of losing money like
that.

AD TIPS
First, I recommend you use different configs on different websites.
Secondly, periodically change these configs.
Thirdly, store the software itself on an encrypted USB flash drive or hard drive,
or a veracrypt hidden container.
An excellent solution for anonymity and security on the Internet is to use the
Sphere (https://sphere.tenebris.cc/).
The Sphere is a free product from the developers of LinkenSphere. The advantages of
this solution, in contrast with ANTIDETECT BROWSERS, are that:

1
2
3
4
5
6
7
The product is completely free
The product does not have server bindings, hardware bindings, and
so can be used wherever you want
The product does not require installation, it is 100% portable
The information about sessions itself in this solution are completely
encrypted
The product has all the necessary tools in its arsenal
LINKENSPHERE SETUP
First of all, open the general browser settings. These are located in the “Edit”
tab. From the drop-down menu find “Preferences”.
https://prnt.sc/lkaf5p
You can read about all the settings and what each of them do in the documentation
on their website. In the screenshot I have highlighted all the most important and
necessary settings for a beginner.

1
2
3
4
5
6
7
8
9
This parameter sets the default website that will open after creating a session. I
recommend changing this to browserleaks.net
since we will check this website on each session to make sure we have a good setup.
This parameter sets the default search engine, when you search something using the
address bar of the browser.
This parameter sets the physical size of the screen. It is best to put this the
same as the system default config, i.e. if the config is 1920x1080, then in this
parameter we set the same value.
This parameter sets the substitution of the system time. You can choose two
options, either using JavaScript, or the system time will change. Choose OPTION 2
(SYSTEM TIME).
This parameter sets whether to use TOR for authorization in the AD. Make sure this
box is checked
This parameter sets whether or not to save the password from your account on login.
For safety reasons, it is best to disable this.
This parameter allows you to close ports in Web Sockets. Web Sockets is a protocol
for exchanging messages between a browser and a web server. Simply put, the website
can check your open / closed Web Sockets ports. It is best not to change this.
This parameter allows you to enable / disable GPU acceleration in the browser.
Simply put, if this function is enabled, then the drawing of elements and windows
is faster. If possible, it is better to enable this item, but if the browser
crashes, stops working after, then it is better to disable it.
The rest of the parameters are very trifle, and do not greatly affect our work, so
you can read more about them in the LS documentation if you want to.
Now let’s move on to setting up the sessions, aka the configs.
We will analyze in more detail about free and paid configs in this AD and options
for work at the end of the lecture.
So, let’s start with the first area (SESSION SETUP).
https://prnt.sc/lkak5t

1
2
3
4
5
6
7
8
This parameter allows you to select a session from the list
This parameter is needed to create a new session. To do this, enter the session
name in this field
This parameter allows you to write a note for the session. It is useful to indicate
all the necessary information on the session, for example, IP LOCATION, OPEN PORTS,
whether it has been successfully used for carding certain shops, etc… A very useful
feature. In order not to get confused in the sessions and to simplify your life by
analyzing the details, I advise you to indicate all the useful information in this
field: Proxy Score, Risk Score, which shops were carded, by what method, map used,
the result of carding, etc…
This parameter sets the color of the session in the browser. Useful to use so that
it is more convenient not to get confused in them.
This parameter allows you to make a full session imprint and, if necessary, not
copy canvas, fonts, rect, audiofingerprint prints.
Rename the session
This parameter allows you to enable / disable WebGL rendering using graphics card
resources (WebGL was discussed in the first class where we touched on terminology).
Disable only if the video card on your machine is weak, or if you’re using a remote
server/machine.
9, 10 – These parameters allow you to enable / disable HTML5 STORAGE, 9 – Allows
you to save data and use it even after the browser is restarted, Allows you to save
and use data through the standard for storing large structured data “IndexedDB”.
What you need to know: it is better to enable them to card, and if the session is
for security reasons, then disable it.
Let’s go to the next area.
http://prntscr.com/lkb5e2

1
2
3
4
5
6
7
8
9
10
11
12
13
This parameter allows you to enable or disable the substitution of Canvas. I have
already explained what Canvas is. This substitution makes the Canvas unique,
thereby changing this fingerprint. The only drawback of all AD is that the
uniqueness of Canvas becomes 100%, and the uniqueness of the real system is about
99%. Therefore, you can periodically disable this parameter if there is a suspicion
that because of this, AF may not allow you to card.
This option allows you to enable or disable AUDIO FINGERPRINT. Audio Fingerprint in
2020 is no longer as rare as it used to be; it has gained a lot of popularity in AF
systems lately.
This option allows you to enable or disable font substitution. The detection has
appeared a long time ago and is used everywhere. A special plus of the Sphere is
that you can not only replace the imprint, but also use any list of fonts or create
your own.
This parameter allows you to enable or disable the substitution of the browser
coordinate system (rects). The “getClientRects” element allows you to get the exact
position and pixel size of the desired element, and depending on the system, or
rather on the system screen resolution, fonts and many other parameters, the
results will be different. This detection also appeared a long time ago and is
highly popular.
This parameter allows you to enable or disable the use of random plugins. It makes
sense to use it in free configs or if there are no plugins in the config. But it is
best to write them manually when
necessary.
This option allows you to enable or disable saving and encrypting cookies. For your
own safety, the “Must Have” item.
This option allows you to enable or disable Flash. Flash technology is already
outdated, so in 2020 there is nothing suspicious about having Flash off. For many,
it is no longer installed on the system at
all. Enable only when absolutely necessary.
This option allows you to enable or disable unique fingerprinting. Those starting a
new session, it will give a completely new fingerprint every time the session is
launched. Not worth using it for
carding.
This parameter allows you to specify which prints to make unique (Canvas, Audio,
Plugins, Rects, WebGL, Fonts, Media Devices). This parameter is closely related to
the previous one.
This parameter blocks the output of the Canvas Hash. There is no need to use this.
Now let’s move on to the next area.
http://prntscr.com/lkazhi

1
2
3
4
5
6
7
8
9
10
11
Selecting the type of connection. We mostly use SOCKS & SSH TUNNEL for our work.
Tor can be used for navigating the web, and No Proxy can be used when you need to
access something with your VPN IP.
SOCKS / SSH IP & PORT. Input example 154.251.234.3:62039
This item disables Local IP in WebRTC
This is responsible for the LOGIN / PASSWORD if needed to access a SOCKS or SSH
server
This checkbox enables / disables WebRTC substitution. I recommend always leaving
this enabled to spoof your WebRTC.
This checkbox is responsible for the External IP WebRTC. External WebRTC IP must
match your IP SOCKS or SSH TUNNEL. The checkbox must be disabled if the IP of the
connection is different from the IP that we receive “at the output”. The output IP,
is usually indicated in the history of the service where you take SOCKS from.
This checkbox enables IPv6 substitution.
This checkbox completely disables WebRTC in a session.
This feature allows you to manually input a DNS server. This parameter is very
important, since there are often SSH TUNNELS or SOCKS that show the DNS of another
country, or your native DNS
system.
A button that greatly simplifies the work. When you click on it, it checks the
validity of the SOCKS / SSH TUNNEL and automatically sets the geolocation, session
language, time zone, external WebRTC
Moving on to the next area
http://prntscr.com/lkan72

1
2
3
4
5
This section is related to UserAgent. In it you can manage UserAgents, i.e. add,
edit or delete. The buttons “Chrome”, “Safari”, “MSIE”, “Other” allow you to
quickly select UserAgent by browser type. The item “Regenerate config after
useragent change” allows you to change the session parameters after changing the
UserAgent.
This section is responsible for the language of the session. There is no need to
register it manually, it is easier to press the “Check proxy / geo” button and the
language will be automatically installed under the country of the SOCKS / SSH
TUNNEL.
This function allows you to block pop-ups on websites in the session, prohibits the
creation of new pop-ups. Use only if really necessary.
This feature should not be enabled unnecessarily. Simply put, it should be turned
on when the website loads crookedly or is not fully functional.
This feature blocks the entry of Russian characters on the website when carding. It
is useful to include in which case it does not allow you to enter Russian
characters when working if you use a Russian keyboard.
Move on to the next area.

1
2
3
4
5
6
7
8
9
CONFIG MANAGER – Free configs for the Sphere. At the moment, there are more than
60,000 of them. The downside is that all active users can use them, and the
selection is random. You can only select the browser type and OC when downloading
the free config.
WebGL PARAMETERS – I already discussed what WebGL is above, this section just
allows you to configure all the parameters of WebGL 1 VERSION and WebGL 2 VERSION
or disable it completely if
necessary.
SECTION “ADVANCED SETTINGS”. One of the most interesting and important sections of
the field for me. In it you can edit most of the parameters, add plugins, edit HTTP
Headers.
FONTS – In this section you can create / add or edit the names of fonts, i.e.
create your own list of fonts, which will be seen by the anti-fraud system in
addition to the font imprint itself, which we discussed above.
Button for simulating window resolution. This feature allows you to adjust your
real screen resolution to match the session data. The function is required when
working with mobile configs (Android, iPhone, as well as with tablets).
Button for simulating Touch Screen. The most useful function when working with
mobile configs. It fully simulates Touch Screen, just like on mobile devices.
This parameter determines the length of the screen. Example 1920
This parameter determines the width of the screen. Example 1080
The next two small areas
http://prntscr.com/lkapz3

1
2
This area is responsible for changing the geo-location of your system.
This area corresponds to the time zone and time.
These areas do not require manual configuration. You just need to click the “check
proxy/geo” button and the values will be set automatically under your SSH/SOCKS5
LOCATION.
Let’s move on to the possible options for working with LinkenSphere.

1
2
If you have access to the config shop, you can purchase configs from someone, then
take the required config, add it to the AD, configure the connection to SSH/SOCKS,
configure the time zone and geo position, fingerprints that you need replace and go
to work.
If you do not have access to the config shop or you have no one to get the configs
from, then use free configs, of which there are already more than 60,000 available.
You can also manually tweak the required parameters to make the free config more
unique.
You can buy configs for LS from this person on Telegram @configshop
USEFUL TOOLS IN LINKENSPHERE

1
2
3
There is a Web Emulator in LS – this function allows you to automatically simulate
user behavior by visiting websites for you in automatic mode/autopilot, while you
are doing something else. In practice, this is necessary to warm up the store
before carding, i.e. cookies, browsing history are typed, or you can type history
in the shop you are going to card.
LS has a function of automatic typing of text. Those who copy the text into the
clipboard, press the key combo and the LS simulates manual input (or just right
click where you want to paste and select the option). The function is very handy
and useful, but even with advanced imitation, AF may not be very good for this
function. Therefore, use only when you are more or less confident that this will
not affect the success of your work.
There is an Automator in LS – this is a more advanced method, which allows a finer
and more advanced setting for warming up shops. The downside is that to use this
tool, you need to thoroughly understand and study it, because it is not easy to
write a script for automation, and even few of the active LS users can do it.
Now, let's discuss Android systems
Their peculiarities and how to work with them for our job
Android devices (like iPhones) are gaining more and more popularity among the
workers of our profession lately and in general, people use more gadgets than
ordinary PCs
By cleverly carding through applications (banks, shops, etc..) — we can achieve a
higher percentage of successful transactions. In general, we do it by carding
either through applications that we download from the Google PlayStore or through a
browser (built-in or downloaded)
Any application you use, will ask you for a range of different information
regarding the device and will transfer that info to the store/merchant you are
using. Applications are known to collect huge amount of information from devices
such as Geolocation, Wi-Fi networks around you, and even deeper info such as Device
SERIAL NR, MAC address, build number, IMEI, Kernel version, Android version,
etc....
Our task is to be able to change all these parameters on the device, depending on
your specific work purpose
If we tweak these settings, our device will be able to cheat the anti-fraud systems
I will not overload you with technical aspects of setting up a phone/table as that
would take me forever, I will just go straight to the point.
In order to spoof the device information of an Android device for our work, we need
to have what is called "root" access
Root is like an administrator account in Windows or superuser in Linux, which will
allow you to do almost anything you want with a device. However, we must understand
that we always have a choice: either buy a phone, use it for one or two carding
setups, then throw it away, or use one device and make a new fingerprint every
single time (turn the phone into an ANTIDETECT)
Personally, I do not hesitate to buy used phones, use them for 1-2 carding setups
and throw away. Remember, the original hardware/device is always better than any
AD.
So, root will give us the ability to tweak the phone settings, up to changing the
GPS location, serial number, IMEI, and everything else we need to change
First, to start this you need an ANDROID DEVICE, and let's make it "root" access
The non-system root shell is the Magisk program, which is what we will be using.
Follow the video below and watch it after the class to have a solid understanding
of Magisk and Root.
https://www.youtube.com/watch?v=3Mz43KB5jdE
Put root with Magisk on your device, then after that you are going to install
XPOSED FRAMEWORK
This is an add-on for Android that provides many opportunities to customize
installed applications and the OS itself.
Directly in XPOSED itself, we can put various modules, ranging from those that
change the splash screen when the phone is booted to deep customizations and
changing data inside the device, which is what we want. For example: fake GPS
location, change device address, build number, android version, etc...
https://upload.wikimedia.org/wikipedia/commons/5/54/Xposed_Frame
This is how the main window of the XPOSED FRAMEWORK looks like
To tweak with device settings and replace data, we need to install the XPRIVACY
MODULE inside the XPOSED FRAMEWORK
https://together.jolla.com/question/86297/wiki-how-to-install-xposed-framework-and-
then-xprivacy/
Now let's refresh your memory and remember the sequence of actions we need to take
BUY DEVICE > SET ROOT (MAGISK) > SET XPOSED FRAMEWORK > SET XPRIVACY
We're halfway to where we want to reach
Now we need to figure out how to spoof our IP address. For this, there are several
options

1
2
3
4
5
6
VPN (Download PROTONVPN, connect and work). The most important thing in this option
is that we need all the traffic/data from the device to go through the VPN. This is
not the best route since VPN IP is usually frowned upon by AF systems, so we move
to other methods.

SOCKS5. To do this, we install PROXYDROID, and use it for our work. If, when
checking browserleaks.net
, the DNS is not matching the country of the IP, we simply install DNS FORWARDER,
and specify our necessary DNS in it

SSH TUNNELS. This is where things get more complicated, but still doable. In my
personal preference, I settle for a program called KI4A for this purpose.
Overall, to keep things running smoothly, my advice to you is to use a second
device to connect to the proxy/tunnel. Whether that's a phone or a tablet
It will act as a router and our device for carding will be connected to it via Wi-
Fi or Bluetooth, as if we are working from home
You can of course, set up a regular router or microcomputer with Raspberry PI so
that it spreads Wi-Fi signal throughout the area you're working, the traffic of
which goes through a proxy. But this requires a lot of dedication and knowledge
As soon as you successfully connected to your proxy and checked that everything is
good on browserleaks.net
— register a Google account on the device. When you turn on the phone for the first
time, you'll be offered the option to create an account, wait until everything is
setup before doing that.
We are making this account in the name of the victim we're carding/cardholder
If your proxy is clean and your device is clean, then you will not be prompted for
SMS VERIFICATION. And this completes the preparation of our device for work.
Now we need to decide how and where we will card
There are two options, you can either do it through a browser, or through installed
applications
There are thousands of different applications, so finding them should be very easy
Use either the default browser, or an application. That is really a matter of
personal taste. I personally prefer applications, for they are much easier to use.
Before launching any application or entering the website on the browser — we MUST
make sure that the XPOSED & XPRIVACY services are successfully launched and active
on our device + we are connected to a clean, android/mobile proxy
After launching any application, the XPRIVACY module will issue the following
alerts
https://www.naldotech.com/wp-content/uploads/2015/02/xprivacy-xposed-lollipop-
module.jpg
In the photo on the left, where we see the red alert, the XPRIVACY module tells us
where the application wants to look and what to do about it. DENY/ALLOW/CONFIGURE
Requesting access to your Google account should be allowed for example. Then,
register your device on the store you want to card.
If it asks us about our GPS coordinates, in XPRIVACY, we can change this to match
the location of our cardholder
The more the application knows about you and your device, the more credibility and
trust you get when making a purchase, so keep that in mind
Think of this as a sort of verification. All shops have been suspicious of an
ordinary person on a regular computer under Windows 7 making an order. MOBILE
DEVICES convey much stronger trust
In general, you should be ready to card with this setup, but remember — after each
carding (through application) you need to reset the device to factory settings and
register a new Google account from a clean system
In order to minimize the time spent, I advise you to make a system backup. This is
done very easily — either through the recovery device, or through the TITANIUM
BACKUP PRO software
CARD DIFFERENT APPLICATIONS/WEBSITES > RESET PHONE TO FACTORY SETTINGS > DOWNLOAD
BACKUP and voila, we're back to working. Rinse and repeat.
Now we are done with the class, any questions leave them below