[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] One way to protect onions against cloning attack



And the attacker immediately started to override CSS rules. I made a
counter attack again. See

REAL: http://msydqstlz2kzerdg.onion/
FAKE: http://msydqjihosw2fsu3.onion/

Let's see what is the next move from the attacker. He is probably reading
this mailing list.

-Juha


On Tue, Mar 8, 2016 at 2:50 PM, Nurmi, Juha <juha.nurmi@xxxxxxxx> wrote:

> Hi,
>
> As you may have heard someone runs fake sites on a similar address to the
> original ones and tries to fool people with that. Fake sites are transparent
> proxies with MITM.
>
> I added this detection to ahmia.fi's onion site:
>
> REAL: http://msydqstlz2kzerdg.onion/
> FAKE: http://msydqjihosw2fsu3.onion/
>
> This is a CSS trick and works without JavaScript. CSS checks the address
> using regexp and if it is not correct it will activate warning text.
>
> @-moz-document
> regexp('(?!https?://ahmia\\.fi|https?://localhost|https?://127\\.0\\.0\\.1|
> http://msydqst.*2kzerdg\\.onion).*') {
>
> /* Alternative CSS content rules for fake site. */
>
> }
>
> It's not perfect solution but again we can make the attacker's life hard.
>
> Peace,
> Juha
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk