SimplifiedPrivacy/bareass_mullvad
SimplifiedPrivacy/bareass_mullvad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bareass_mullvad/README.md
Support 559b6cc9fc Add README.md
2026-02-21 00:13:33 +00:00

44 lines
2.3 KiB
Markdown
Raw Blame History

# Video Format
We have a short demo video to explain these concepts and showcase the tool. If you are new to these concepts, please see the video first:
[Video Link](https://simplifiedprivacy.com/bareass_mullvad.mp4)
<br/><br/>
# BareAss Naked Tool
Simplified Privacy presents an original script for ripping down Mullvad & Proton VPNs without needing sudo, by abusing the DBUS and network interfaces. Any app can easily do these same types of actions, and unfortunately the vast majority of VPNs are exposed. Now this demo implementation just rips down the VPN, but in the wild, any app could make an API call to a server the attacker controls. Please see our self-host git for the code:
[https://git.simplifiedprivacy.com/SimplifiedPrivacy/bareass_mullvad](https://git.simplifiedprivacy.com/SimplifiedPrivacy/bareass_mullvad)
<br/><br/>
# Tool's Use:
The following are commands to use the `BareAss Naked Tool`.
<br/><br/>
### List Interfaces
The user can list all interfaces.
```bash
bash bareass.sh list
```
<br/><br/>
### Butt Naked Mullvad
Kill Mullvad, through their "lockdown" mode"
```bash
bash bareass.sh kill-mullvad
```
Please see our [podcast](https://podcast.simplifiedprivacy.com/mullvad/index.html) on Mullvad's other poor decisions. Also our [yellow paper's](https://simplifiedprivacy.com/hydraveil/yellow-paper/technical-deep-dive-vpn-browser-security.html#keyIsolation) key section, discusses disagreement with their multi-hop strategy.
<br/><br/>
### Rip Down Proton
First list the interfaces, see a proton interface and take it down:
```bash
bash bareass.sh kill proton0
```
Please see our article on [Proton's negligence](https://simplifiedprivacy.com/proton-vpn-and-mail-use-cloudflare/outright-negligent-harm.html) for other critical points we disagree with them on.
<br/><br/>
### Proof of Concept DBUS Protection
To showcase what apps (such as a web browser) can do or access from inside the bubblewrap, do the following with the layer-one system-wide VPN already on:
```bash
bash bareass.sh bwrap-kill wg
```
And once again to repeat, all the apps inside HydraVeil have this automatically. This script is just a demonstration of the attack being done from inside the Bwrap. So you're experiencing being denied from the point of view of the app.
<br/><br/>
Reference in a new issue View git blame Copy permalink