Dose Tor leak you password or something?

Discussion in 'privacy technology' started by febainy, Apr 20, 2014.

Thread Status:
Not open for further replies.
  1. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    When you are sending data or getting data through Tor network, does the nodes reveal something from your data, like the password, web URL, contents and etc?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    The exit relay can always see the URLs, unless you tunnel a VPN through Tor. But then, the VPN provider would see the URLs. There's no free lunch ;) As long as you're using HTTPS, neither Tor exit relays nor VPN providers can see your passwords or the content that you're browsing.
     
  3. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    It depends on what you're connecting to as well, but regardless they'll see someone is connected to some site but not who or where they came from. If a site doesn't support HTTPS then everything is just like sending stuff over a postcard (basically don't login to stuff that isn't HTTPS protected while using Tor). HTTPS Everywhere is included with Tor distors, and that's why: https://www.eff.org/https-everywhere/faq
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    No. An exit relay can not see HTTPS URLs.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The exit relay resolves the DNS and then connects to that URL. It has to see it. HTTPS prevents the relay from seeing the actual unencrypted traffic.
     
  6. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    what about the vulnerable TBB protected by vulnerable OpenSSL
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    For the most part, it's vulnerable (and potentially pwned) servers that we need to worry about.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Here is what they say about Heartbleed and Tor:
    https://blog.torproject.org/blog/tor-browser-354-released

    hqsec
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Yes but there so no "cure" for vulnerable servers, except patching them. No security measure can help there.

    hqsec
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Patching isn't enough. If there's any doubt, nuke from orbit and reinstall.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    I didn't know that was necessary. As I understand this bug only allows attacker to gain random 64 KB of memory. Is there any other hacking that can be done using this bug?

    hqsec
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Until the bug was patched, adversaries could get random 64 KB blocks of memory many times, very quickly, without (normally) triggering logging. It's my understanding that the most important server credentials load into memory at boot. If adversaries could trigger reboots using DDoS attacks, they would have better odds for getting those credentials. If the server wasn't otherwise sufficiently hardened, they might have learned enough to login. Then it was likely game over. And if they were subtle, server admins wouldn't know what had happened :(
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Yes that makes sense. If attacker could get local credentials everything is possible and reinstall is a must.

    hqsec
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Incorrect. The URL is also encrypted when using HTTPS. What the exit node could potentially see if DNSCrypt wasn't being used is the domain.

    To try and explain: If you logged onto youtube via HTTPS the exit node could potentially see that you requested youtube.com but they'd have NO idea what you did there, what pages you loaded, etc. For all they know, that domain may have been requested because a video was embedded in a whole other site.

    Hopefully that explains it.
     
    Last edited: Apr 20, 2014
  15. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Seen how there is a direct connection between your browser and every HTTPS site you connect to, every HTTPS site would get your REAL IP address.

    So therefore can somone tell me what is the point in using HTTPS everywhere on your TOR browser??
     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    No, every site would get the IP address of the Tor exit node, Tor hides your IP address. It's the same way using a proxy server works.
     
  17. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    thx Funky noone_particular must be right with the fact that exits nodes can see what HTTPS site you connect to, because the exit node has to be able to know where to foward the traffic to.
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    It just needs to know the domain (IP), which I'm guessing is what you meant. I clarified that in my previous post, I hope. It doesn't know what you're doing there.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, it knows the site, such as < https://www.wilderssecurity.com/ >. Amplifying on what funkydude said, it's not until an end-to-end TLS-encrypted TCP connection is established that the browser requests a particular page.

    For example, here's what I see on eth0 using Wireshark when I browse < https://www.wilderssecurity.com/forums/test-forum.7/ >. I've redacted most of the encrypted stuff, but please believe me that "test-forum.7" did not appear in plaintext.

    Code:
    ...........,m..d$L7s..j.;.~I|. 6.....r.... .DO).pl...[..T....3. .X..Lx.=.w....+./.
    .............3.2.E.9.8...../.A.5...
    .......^.........www.wilderssecurity.com......
    .................#..3t............ ........................A...=..STAM#......:.H.V.1.9....p......L........................#.................0...0...............i..t0 ..*.H.. .....0l1&0$..U.
    ..Wilders Security Organization1 0...U....Wilders Security Forums1 0...U....www.wilderssecurity.com0.. 140408224202Z. 150403224202Z0l1&0$..U.
    ..Wilders Security Organization1 0...U....Wilders Security Forums1 0...U....www.wilderssecurity.com0.."0 ..*.H.. ..........0..
    ......6^......&..(.}#.2..^....z.MX.../WGI.3.....%.Sk..i... p;,p..:.....D.........+ . .9.r.D.I1.oN.......$...y?*@G...._GR|,Or..qj4=....\q....=]H9.O.....@fl,.#@.a....."L....qi..-J-..F.......L|..*!..).@.g..*........Z.8....)..6M+.vj%.9.._..7........p..R...\c}.....7......P0N0...U......0...;.S.H.......2.$.0...U.#..0...0...;.S.H.......2.$.0...U....0....0 ..*.H.. ...........y....7......BR..N..
    [SNIP]
    zI.$....?,"K/...(8._p.PZ.E_.]i.."..i.....L.~..(.........Ht.A.<.....s..=M....]......x......B.. .3x.U.................xb=-BE>ka.o.....<....4..kra.`....w:...!_....j...c3..N.B.T.yc...u.L.-..g.......0.........o.2#.2...*....g..2.iq.g!u.../.;..E..q..
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    :thumb:
     
Loading...
Thread Status:
Not open for further replies.