[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?



On Wed, Jun 11, 2008 at 5:35 PM, scar <scar@xxxxxxxxxx> wrote:
> ...
>> If someone were to develop a browser-based exploit that managed to get
>> the 'authenticate', with no preceding bytes, to the controlport...
>
> like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html

that is a standard HTTP post and thus sends HTTP request headers
before the textarea form payload.

what Robert indicated is that he thinks it is highly unlikely that you
could use a browser to connect and send AUTHENTICATE before anything
else, like the request headers.

the challenge / response handshake he suggested is an interesting
option for authenticating to the control port; it would indeed
eliminate any blind injection attacks, while still making it trivial
to use the control port legitimately.

best regards,