[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Torifier" for Windows

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] "Torifier" for Windows
From: Christopher Schmidt <christopher@xxxxxxxxxxxxxxxx>
Date: Mon, 17 Jun 2013 21:44:53 +0100 (BST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Jun 2013 17:22:31 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=ch.ristopher.com; s=mail; t=1371501893; bh=fnE33Q8EkBYqAr/ogUJETzLI7GeNphtCmQEOWBbnRkc=; h=From:To:Subject:In-Reply-To:Message-ID:References:MIME-Version: Content-Type:Date; b=KToEUnMRz1bhhkr5rkf1wvNdMQyuaiUkaQNXtJblGDvEHRJXxGNcCwQQ5EjO4i55V /myKJ8LdCnGUWjMszwhlygEpIqm9sm3G5buVD79ci7bz5GmjuU2KiIB3XRa6OaFBBo 2okmnyqvzN+8/idvWyHi6Mm0+6Rj5yYYvU/ExD1Q=
In-reply-to: <51BF6E60.8070205@xxxxxxxxx> (David Goulet's message of "Mon, 17 Jun 2013 16:15:28 -0400")
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
References: <20130617182154.D465E200B7@xxxxxxxxxxxxxxxxx> <51BF6E60.8070205@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

David Goulet <dgoulet@xxxxxxxxx> writes:
> On *nix system we LD_PRELOAD the program thus hijacking the necessary
> symbols to make sure all your TCP and DNS traffic goes through Tor. On
> Windows, I'm a bit clueless on how to proceed but for that I'm really
> looking for contributors to help. :)

I'd hotpatch all Winsock functions.  Patch the prologue; do not patch
the IAT - this is not enough!

    https://easyhook.codeplex.com/
    https://research.microsoft.com/en-us/projects/detours/

Detours are pretty much the easiest and most applicable means to achieve
traffic redirection in user mode.  Unfortunately a hostile application
can easily defeat ordinary detours by bypassing Winsocks or loading its
own copy of the Winsocks dll.

Filter drivers, anyone?

        Christopher
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] "Torifier" for Windows
  - From: mancha
- Re: [tor-talk] "Torifier" for Windows
  - From: David Goulet

Prev by Author: [tor-talk] how tails sync the clock afer network connection ?
Next by Author: Re: [tor-talk] Research paper "The Parrot is Dead: Observing Unobservable Network Communications"
Previous by thread: Re: [tor-talk] "Torifier" for Windows
Next by thread: Re: [tor-talk] "Torifier" for Windows
Index(es):
- Author
- Thread