Bitcoin Forum
March 28, 2024, 08:58:35 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: TOR users be aware, Flash and Javascript reveals IP address.  (Read 16129 times)
Serith (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250


View Profile
April 25, 2012, 05:20:13 PM
 #1

The following sequence of events occurs when somebody is unmasked:

  • VictimHost connects through MyTorNode, to SomeWebSite
  • MyTorNode changes outbound traffic to SomeWebSite so that HTTP1.0 and gzip compression are not used (HTTO headers are stripped / changed)
  • MyTorNode replaces inbound traffic from SomeWebSite, inserting and <iframe> reference to MyEvilWebServer. This  reference also contains a recognizable Cookie
  • MyEvilWebServer receives request via Tor from VictimHost, including Cookie, serves up Trigger. Trigger contains:
    • Javascript code that requests "/VictimHostName_VictimHostIP.gif" from MyEvilWebServer
    • A Shockwave Flash Movie that makes a direct connection to MyEvilWebserver (since Flash doesn't support / know about Tor / proxies / etc, this will be a direct connection)
  • Javascript executing on VictimHost makes VictimHost connects via Tor and request /VictimHostName_VictimHostIP.gif
  • Shockwave flash executing on VictimHost connects directly, without Tor, and resends the Cookie, allowing mapping between the original page being browsed via Tor, and the real VictimHostIP


Discussion of the vulnerability:
Hacker News: The Underpants Project
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
1711659515
Hero Member
*
Offline Offline

Posts: 1711659515

View Profile Personal Message (Offline)

Ignore
1711659515
Reply with quote  #2

1711659515
Report to moderator
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 25, 2012, 05:23:07 PM
 #2

Good information, but not new news at all.  This is why the Tor Browser Bundle and Tails have javascript and flash disabled by default.

mila
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
April 25, 2012, 05:32:42 PM
 #3

no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.

your ad here:
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 25, 2012, 05:35:56 PM
 #4

Also, http://panopticlick.eff.org/ is a much more informative page than your link.

Serith (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250


View Profile
April 25, 2012, 06:07:18 PM
 #5

no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.

Any link on this forum that I missed?
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 25, 2012, 06:14:52 PM
 #6

no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.

Any link on this forum that I missed?
Well there are warnings on the actual tor download page.

https://www.torproject.org/download/download-easy.html.en#warning

a nice guy
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
April 25, 2012, 06:50:06 PM
 #7

Hello,

just setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network).
eth1 routes then all traffic through tor.
Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy.
ALL traffic is now routed through tor and immune to those attacks.

I think there is a tutorial on the torwiki too.

kind regards,
a nice guy
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
April 25, 2012, 07:14:55 PM
 #8

You can't do it with just JavaScript, which is why torbutton allows JavaScript. You need a plugin like Flash.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 25, 2012, 08:25:50 PM
 #9

Hello,

just setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network).
eth1 routes then all traffic through tor.
Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy.
ALL traffic is now routed through tor and immune to those attacks.

I think there is a tutorial on the torwiki too.

kind regards,
a nice guy
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1003



View Profile
April 26, 2012, 03:55:22 PM
 #10

Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing.

I'm grumpy!!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 26, 2012, 05:57:53 PM
 #11

Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing.
Tor and illegal actions do not at all have to be connected.  There are plenty of legitimate reasons for usage of Tor.

I don't like when people automatically assume anonymity is only needed for illegal purposes.  I don't want to live in that world.

Xenland
Legendary
*
Offline Offline

Activity: 980
Merit: 1003


I'm not just any shaman, I'm a Sha256man


View Profile
April 29, 2012, 02:15:22 AM
 #12

Every poster above or below this post should be considered a terrorist
I didn't know this, thanks for the post OP.

a nice guy
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
May 01, 2012, 08:49:52 AM
 #13

Every poster above or below this post should be considered a terrorist

Is this a bad or a good thing? Cheesy
Tuxavant
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000

Bitcoin Mayor of Las Vegas


View Profile WWW
May 01, 2012, 02:18:55 PM
 #14

I don't like disclosing TTPs, but if you put more than a few brain cells on this problem, it's pretty easy to mitigate it.

Tuxavant
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000

Bitcoin Mayor of Las Vegas


View Profile WWW
May 01, 2012, 03:30:07 PM
 #15

But it really sucks when anonymity is sometimes needed. Talking about some politics where I live can get you 15 years in jail.

WAY too many laws to break now aday... Tell someone is a jerk from with Arizona Internet connection and you go to jail. WTF. There is no such thing as a "law abiding citizen" any longer.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!