[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Hidden server path
Hi,
Your "weak" points are the client and (hidden) server - or most likely poor
server configuration. The rendezvous point only shuffles encrypted data and
will not see anything in plain text.
BUT. If your .onion server links to an outside page, includes an image,
script-file, whatever, externally - the HTTP Referer will give away the URL
to the other server if not properly sanitized by the client...
There is always room for misconfiguration ;-)
- Lasse
On Mon, Jan 7, 2013 at 4:10 AM, Outlaw <outlaw@xxxxxxxxx> wrote:
> Hi! I wonder, is there a way for some malicious node (or someone except
> client and hidden server) to spy upon path part or GET request of .onion
> service? I mean "path/to/somewhere.html" part in
> http://somelonghashstring.onion/path/to/somewhere.html url, not
> physical location.
>
> Thanks!
>
> --
> Outlaw
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk