TOR: Negligence of leadership
Preamble
Tor is a network built on the onion routing , used by people all over the world for safe, anonymous and uncensored communication.More information about the Tor Project: www.torproject.org
Interesting moments:
- A lot of important information is transmitted over the web.
- Relays are created voluntarily, everyone can himself become a TOR-relay (for more details see here - note of the translator)
- Exit points are a very important part of the network, since each end node (exit point) can produce a traffic dump (at the exit point, pure (unencrypted) traffic already reaches the initial recipient (server) address - note of the translator) .
TOR'a Guide
Tor uses its servers to publish a list of all relays.
Interception traffic at the exit point
Intercepting traffic at the exit point is a known problem. It can be solved by using encryption protocols. TLS and TLS over HTTPS are commonly used.
')
Aggressive MitM attacks
Encryption can be circumvented in the following ways:
- Connections using TLS can be decrypted using MitM attacks. Of course, this will cause a certificate mismatch warning, but it is likely that the user will ignore this warning. A user with little knowledge of cryptography is easy to trap.
- HTTPS can be intercepted in a better way than by a man-in-the-middle attack (MitM), for example, simply replacing <form action = "https: // ... with <form action =" http: // ... in HTTP (not encrypted) responses. And no warnings in the user's browser.
These attacks are quite easily detected, as they change the transmitted information.
We check relays!
The sad thing is that the administration of the TOR project does not check or does not want to simply fight off aggressive MitM attacks.
It is necessary to develop a script that would check every hour every exit point and report problems
Proof of concept
According to the link, the result of 3-day interception of HTTP and HTTPS POST requests, using aggressive MitM and modified sslstrip
http://perso.epitech.eu/~chmiel_p/TorPOC.zip
| sha512 | 60fbb49b36b271f543ffb34b87ebccf889ddad070c5e04f386f530a639 |
CONTACT
piotr.chmielnicki@epitech.eu
Source: https://habr.com/ru/post/134517/
All Articles