[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Double HiddenService w/ Server Level Intercepting Request and Content Anonymization



Hi Manfred,

I find it's a very interesting idea! Just never got to actually study
your message. It's still marked unread in my inbox so I will be reminded
to read it when time comes.

Not sure why no one else answered. Perhaps because it looks at first
sight like a lot text and quite difficult.

Cheers,
adrelanos

Manfred Ackermann:
> Hi List.
> 
> Sorry to push this up, just wondering if this approach is such stupid that
> it's not even worth leaving a related comment to it ;-) Or is it just of no
> interest?
> 
> Any comments apriciated.
> 
> Greetings, Manfred
> Am 26.10.2013 01:09 schrieb "Manfred Ackermann" <manfred.ackermann@xxxxxxxxx
>> :
> 
>> I've just finished successfully a Proof-of-Concept to implement
>> anonymization at server level. I would be please if you guys can review
>> this approach and extend it and/or show me the caveats ;-)
>>
>> The rough picture is assuming someone somehow injected bad code into a
>> seized site to get hands on visitor infos collected out of HTTP
>> Request/Response (visitor not capable of setting up privoxy the right way
>> or even socksing directly into tor).
>>
>> To protect I've:
>> - setup one HiddenService (aaaVisible.onion) that connects to intercepting
>> privoxy (IPr)
>> - setup 2nd HiddenService (bbbDblHidden.onion) only accepting from (IPr)
>> - setup IPr to rewrite aaaVisible.onion to bbbDblHidden.onion removing bad
>> stuff from Req./Resp.
>>
>> This makes the Service double Hidden, more difficult to hack into it,
>> redirect-able and protects dump visitors against revealing information
>> (fingerprints).
>>
>> Client <-> Tor <-> Tor:HS <-> Privoxy <-> Tor <-> Tor:HS <-> (STunnel <->)
>> Service
>>
>> The STunnel is used to move the IPv4 Service away from the HiddenService
>> declaration and optional but recommended. Also Service is only allowed to
>> "speak" to STunnel and has no Internet access.
>>
>> To check-out this on a single server w/o STunnel do this (named
>> onion-links ARE AN EXAMPLE ONLY):
>>
>> Get Tor and Privoxy up'n'running like a normal Tor-Entry-Point.
>>
>> Modify /etc/tor/torrc:
>>
>> HiddenServiceDir /var/lib/tor/onion_relay/
>> HiddenServicePort 80 127.0.0.1:8118
>>
>> HiddenServiceDir /var/lib/tor/hidden_service/
>> HiddenServicePort 80 127.0.0.1:80
>>
>> Do on the shell
>>
>> /etc/init.d/tor restart
>>
>> or in arm do x x to sighup tor.
>>
>> As AN EXAMPLE this gives
>>
>> mr2t4bnopbqy2ql7.onion => "Onion-Relay"
>> cmt6wblsm36iuoqn.onion => "HiddenService"
>>
>> Prepare the Service (here Apache2):
>>
>> Create /etc/apache/sites-available/tor
>>
>> <VirtualHost *:80>
>> ServerAdmin root@xxxxxxxxxxxxxxxxxxxxxx
>>  ServerName cmt6wblsm36iuoqn.onion
>> DocumentRoot /var/www/tor
>> <Directory />
>>  Options FollowSymLinks
>> AllowOverride None
>> </Directory>
>>  <Directory /var/www/tor>
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>>                 SetEnvIf X-Onion-Relay-Passphrase
>> JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs ONION_RELAY_AUTH
>> Order Deny,Allow
>> Deny from All
>>  Allow from env=ONION_RELAY_AUTH
>> </Directory>
>> ErrorLog ${APACHE_LOG_DIR}/tor-error.log
>>  LogLevel warn
>> CustomLog ${APACHE_LOG_DIR}/tor-access.log combined
>> </VirtualHost>
>>
>> Do on the shell
>>
>> mkdir /var/www/tor
>> echo '<html><body><h1>cmt6wblsm36iuoqn.onion</h1> \
>>       <img src="http://cmt6wblsm36iuoqn.onion/x.jpg";></body></html>' \
>>       > /var/www/tor/index.html
>> cp some-nice-jpg-file.jpg /var/www/tor/x.jpg
>> cd /etc/apache/sites-enabled
>> ln -s ../sites-available/tor 001-tor
>> /etc/init.d/apache2 restart
>>
>> Prepare Privoxy
>>
>> In /etc/privoxy/config:
>> accept-intercepted-requests 1
>>
>> In /etc/privoxy/user.action:
>> { \
>> +hide-user-agent{Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
>> Firefox/17.0 (Tor Browser Bundle)} \
>> +hide-accept-language{en-us,en;q=0,5} \
>> }
>> /
>>
>> { \
>> +server-header-filter{server-ident-rewrite} \
>> +client-header-filter{onion-request-rewrite} \
>> +filter{onion-response-rewrite} \
>> +add-header{X-Onion-Relay-Passphrase: JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs} \
>> }
>> mr2t4bnopbqy2ql7.onion
>>
>> In /etc/privoxy/user.filter:
>> SERVER-HEADER-FILTER: server-ident-rewrite Replace Server Ident String
>> s@^(Server:)\s*.*$@$1 Http/1.1@i
>> CLIENT-HEADER-FILTER: onion-request-rewrite Replace x.onion with y.onion
>> s@^(Host:)\s*mr2t4bnopbqy2ql7.onion$@$1 cmt6wblsm36iuoqn.onion@i
>> FILTER: onion-response-rewrite Replace y.onion with x.onion
>> s/cmt6wblsm36iuoqn\.onion/mr2t4bnopbqy2ql7.onion/ig
>>
>> Do on the shell
>>
>> /etc/init.d/privoxy restart
>>
>> Try in the browser:
>>
>> HiddenService direct: cmt6wblsm36iuoqn.onion => 403 Forbidden
>> HiddenService indirect by privory onion-rewrite: mr2t4bnopbqy2ql7.onion =>
>> the Result from cmt6wblsm36iuoqn.onion
>>
>> Have a look on the Response Headers (e.g. Firefox Plugin WebDeveloper =>
>> Information => Response Header) and you see Server: Apache/2.2.22
>> (Ubuntu) is replaced by Server: Http/1.1. Also do modify index-file in
>> web-root to show Request-Vars like user-agent and accept-language ... here
>> for example response content can be removed to prevent 3rd party JavaScript
>> or Flash injection to the visitor.
>> ---
>> Regards,
>> Manfred Ackermann
>> PGP 0xED5E5F28
>>
>>

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk