[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Snakes On A Tor Scanner - 0.0.3



Thus spake Mike Perry (mikepery@xxxxxxxxxx):

> Over the past month or so I've been testing and improving my Tor
> network scanner, and it seems to be shaping up pretty nicely.
> 
> http://fscked.org/proj/minihax/SnakesOnATor/SnakesOnATor-0.0.3.zip

Found another DNS poisoner/injector/evil upstream ISP. Exit node
Andrewgao poisoned the scanners access of
http://linuxmafia.com/faq/Debian/installers.html

to give me instead:

http://fscked.org/proj/minihax/SnakesOnATor/linux-mafia.Andrewgao.html

Seems to be a javascript popup to set a cookie and then close the
window. Seems to be slightly broken (the window is never closed for
me), but the scary thing is if it worked, the user's experience would
be that they had accessed the page un-hindered.



Also, as an FYI, I'm exporting my scanner's failure statistics to
http://fscked.org/proj/minihax/SnakesOnATor/fail_rates

Right now it's probably difficult to do anything with that. I will
try to enhance it to be broken down by failure type RSN, then it 
should be more clear which nodes are failing circuits/streams and 
why.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs