Full Disclosure mailing list archives
Re: Intercepting TOR
From: valdis.kletnieks () vt edu
Date: Thu, 16 Aug 2012 06:01:09 -0400
On Wed, 15 Aug 2012 13:09:38 -0700, full-disclosure () grid32 com said:
Read an interesting article on "intercepting TOR users via proxies
Any ideas on how this could be mitigated?
Well... using TOR the way it was intended would help mitigate a lot of it. TORButton, NoScript, SSL-Everywhere.. all the usual stuff. The TOR people are *very* up front about the fact that it does *not* protect you after it leaves the exit node so you should https: from there if possible. Also, the suggestion in the paper to hit a page directly and via TOR and comparing the two results is probably a *bad* idea, because it allows fingerprinting. You really need to hit the page both times with the same User-Agent string and all that, in case the page you test acts differently for different values (it sucks to false-positive a mismatch just because the site saw a spoofed IE8 header one time and FIreFox the other and sent different HTML for teh two cases). And if you hit it twice with the same setup, then it becomes easier to equate the two hits unless you work *real* hard to minimize the amount of leaked info, and hit a *really* high activity site like CNN's homepage. Go check these links out: https://panopticlick.eff.org/index.php https://www.eff.org/press/archives/2010/05/13 and then ask yourself if you want to hit anything twice...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Intercepting TOR full-disclosure (Aug 16)
- Re: Intercepting TOR valdis . kletnieks (Aug 16)