Sniffing/MITM attacks on the Tor network
After just posting about a command line solution to using Tor I thought it’d be a good idea to quickly mention a few security concerns about the network.
Tor is designed to make your traffic somewhat anonymous, and does not make you more secure by using it. If you use tor with encrypted protocols and avoid fake SSL certificates then you should be fine. However, if you use a plain text protocol such as HTTP, you are pretty much inviting a hostile exit node to examine your traffic.
Here’s an example of what I mean
chuck@chuck-laptop:~$ sudo ngrep -q 'GET /search' -d wlan0 interface: wlan0 (10.0.0.0/255.255.255.0) match: GET /search T (internal IP):55225 -> 74.125.53.99:80 [AP] GET /search?hl=en&source=hp&q=See+what+I+mean%3F+This+is+the+text+I+inputed +in+google&aq=f&aqi=&oq=&fp=ee36edbd3c16a1c5 ....
If you look in there you can see the text I inputed in Google’s search box. This attack can be carried out with ease by even an amateur, and can be much more sophisticated. Here’s another example, this time sniffing for the string ‘password’ anywhere in transmitted text
chuck@chuck-laptop:~$ sudo ngrep -q '.*password.*' -d wlan0 interface: wlan0 (10.0.0.0/255.255.255.0) match: .*password.* T (internal IP):56025 -> 74.125.53.103:80 [AP] GET /url?sa=T&source=web&ct=res&cd=1&url=http%3A%2F%2Fen.wikipedia.org%2Fwi ki%2FPassword&ei=BI2tSpzzDIb2sQPQqNyYBQ ...
Yes, I know I did not actually get real results for a password, but I wasn’t really trying. I did determine that a user on my local network was searching for the password article on Wikipedia though.
And I am sure if I ran this little command line setup on an actual running Tor exit node that I would quickly gather a scary number of username and password combinations, for everything from email to social networking websites. I could even search for just plain email addresses if I felt like it, and throw them all in a database for spamming later.
My point is that if you do not encrypt your traffic while using Tor you are just inviting all sorts of abuse. Sure, it’s hard to track a smart Tor user down, but if you have their email creditentials it honestly wouldnt be that hard.
Notice: All comments are owned by their respective authors. We do not take responsibility for the content of said comments, and reserve the right to remove, edit, or report identifying information to authorities for comments we deem unfit for any reason. If you believe a comment violates United States law, particularly in the case of copyright infringement, please contact the webmaster. Court orders will be required for the release of identifying information/take downs in such cases.
Recent Comments