Posts: 47 | Thanked: 10 times | Joined on Jan 2008 @ UK
#11
A live example for people. I would first like to state this cookie has had the first 3 charetors replaced with X's and the last three charectors replaced with X's to make sure no harm comes to the inaccent.

GET /mail/ru/images/logon.gif HTTP/1.1
Host: img.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Referer: http://mail.ru/
If-Modified-Since: Wed, 02 May 2007 17:31:16 GMT
Cookie: p=XXXDAFj0BXXX; c8=XXXGRwAAAADQEgIAAAAAAd6WAQAAAAAB3wABAXXX; Mpop=XXX9953936:020340704341777119050219091d031b0b 044f6c5150445e000e03091b02007c1f5c484d585b445b105a 545e591f4XXX:XXX@mail.ru:; mrcu=XXX8478471E25D8BC4EE59DBDXXX; t=XXXD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAkGwXXX; c56=XXXPRwAAAAHe/QEAAXXX; Mpopl=XXX760XXX
Connection: close

But this is just a example of how easy the data can be obtained, this was done through a unmodifyed Tor endnode.
 
Posts: 333 | Thanked: 32 times | Joined on Jul 2007
#12
Originally Posted by Ricky-Lee View Post
A live example for people. I would first like to state this cookie has had the first 3 charetors replaced with X's and the last three charectors replaced with X's to make sure no harm comes to the inaccent.

GET /mail/ru/images/logon.gif HTTP/1.1
Host: img.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Referer: http://mail.ru/
If-Modified-Since: Wed, 02 May 2007 17:31:16 GMT
Cookie: p=XXXDAFj0BXXX; c8=XXXGRwAAAADQEgIAAAAAAd6WAQAAAAAB3wABAXXX; Mpop=XXX9953936:020340704341777119050219091d031b0b 044f6c5150445e000e03091b02007c1f5c484d585b445b105a 545e591f4XXX:XXX@mail.ru:; mrcu=XXX8478471E25D8BC4EE59DBDXXX; t=XXXD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAkGwXXX; c56=XXXPRwAAAAHe/QEAAXXX; Mpopl=XXX760XXX
Connection: close

But this is just a example of how easy the data can be obtained, this was done through a unmodifyed Tor endnode.
And for anybody reading this thinking " I don't use Tor so I'm safe," you can do the same thing VERY easily via either a rouge wireless AP or a rouge client connected to a secure AP.
 
Posts: 13 | Thanked: 1 time | Joined on Aug 2007
#13
Maybe I need to have my tinfoil hat adjusted, but I have always just assumed that Tor was a NSA project to get people with something to hide to funnel all their traffic through NSA sponsored servers. I would be kind of disapointed in the NSA if they didn't do something like this.
 
free's Avatar
Posts: 739 | Thanked: 159 times | Joined on Sep 2007 @ Germany - Munich
#14
As I said from the start
Originally Posted by free
Tor set you a better anonymity, not privacy. Keep this in mind!!
Read TOR manpage. This is stated in clear that TOR brings NO PRIVACY. If people think it does, it's their problem.
Use HTTPS and watch out for popup about wrong certificate.



I don't see the point of dumping packets..
Just launch tcpdump and that's it.. The same can be achieved for the people in an ISP or on a core router.

There's no exploit here, nothing new
 
brendan's Avatar
Posts: 531 | Thanked: 79 times | Joined on Oct 2006 @ This side of insane, that side of genius
#15
Originally Posted by andyfromtucson View Post
Maybe I need to have my tinfoil hat adjusted, but I have always just assumed that Tor was a NSA project to get people with something to hide to funnel all their traffic through NSA sponsored servers. I would be kind of disapointed in the NSA if they didn't do something like this.
i believe the navy started the project and its currently maintained by folks in MIT. many authority groups use it along the lines of pedophile stings and the like.

AFAIK, the NSA and FBI are currently trying to "hack" tor, so that the features of anonymity are rendered useless. from what i get, they haven't been successful.

if you use privoxy effectively, and disable many of the browser add-ons like java and flash, you can mitigate the amount of information available to the sites you connect to.

i run two versions of privoxy on my box. one is forwarded to from squid on the loopback only. the other forwards traffic through tor from the ip.

for the most part the filtering is the same for both instances, but the big difference is that the logging for the second (that routes through tor) is sent to /dev/null. the point is anonymity, so why would i log what gets requested, right?

i have also found a utility called torK from sourceforge.net that allows you to manipulate the tor configuration via GUI. it also manages bandwidth and shows the route through the tor network that your requests make. kinda neat, but one of the issues i keep running into is the cookie based auth that it uses to attach to the instance of tor that is running.
__________________
Nokia n800
OS 2008
Pharos iGPS 360-BT
ElmScan 5 BlueTooth
BlackBerry Bold (9000)
AT&T Wireless
 
Posts: 551 | Thanked: 46 times | Joined on Oct 2007
#16
Guys,

I have gotten these popups about wrong certificates(maybe one or two), but I get them on my Mac too. I'm new to this so bear with my newbie question. Do I disconnect the browser immediately or do I answer no and continue? lol, Dan
 
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#17
As for the original question: I started to port tor for OS2007 a while back, just to see if it could be done out of the box. As it turned out there are a couple of libs it'll need that are not directly available, so I stopped at that point. However, I intend to revisit this later when I get some more time, unless someone beats me to it.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 

The Following User Says Thank You to TA-t3 For This Useful Post:
Posts: 47 | Thanked: 10 times | Joined on Jan 2008 @ UK
#18
It don't seem like any one has done it yet so you will have to keep us up to date on how it goes
 
free's Avatar
Posts: 739 | Thanked: 159 times | Joined on Sep 2007 @ Germany - Munich
#19
I've recompiled it for our devices, fetch it from the repo below. In case of installation problems, please paste the log. I had to change a few stuffs in the user handling/ removal scripts so that it can install. It will create a user debian-tor for more security.
The default service conf file is in /etc/default/tor. If RUN_DAEMON is set to yes, tor will start when the device starts. Otherwise you'll have to do it manually (/etc/init.d/tor start as root)
We have to make a special configuration with privoxy support.
 
free's Avatar
Posts: 739 | Thanked: 159 times | Joined on Sep 2007 @ Germany - Munich
#20
http://www.smh.com.au/news/security/...766589522.html

"The hack of the year"
Dumb journalists..
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 21:43.