[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Hiden service and session integrity

To: <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Hiden service and session integrity
From: NTPT <NTPT@xxxxxxxxx>
Date: Mon, 17 Nov 2014 18:22:00 +0100 (CET)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Nov 2014 12:38:42 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seznam.cz; s=beta; t=1416245909; bh=sw/Bjdh+qXMbt2wwZcVJCsxTFw60aQvig8XkqBt/fKQ=; h=Received:From:To:Subject:Date:Message-Id:Mime-Version:X-Mailer: Content-Type; b=giXfZAiXhX0PoXtSZo3bhJgooXETezrscx11drT0PRaOCP/VOmTxlooCeTGmzyvow GYlqs8bddPlKGfaMcm2HtHT7ZDkSyskydlNAfJf2Km4xztJj7PqukU0ZHASXKGKqWc 0mL5Dp+hMCgE+maZagFamh3GR3SoJCx+Aa1J3Mw0=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi all

I am new to TORÂ and I investigate the possibility of gidden services and i 
can not find an answer in the docs.

web application "foo" use a classical session to maitain state of the user. 
Classically user BAR haveÂ IP address and cookie is assigned in the login 
process. If the right cookie from the right ip address comes for user BAR, 
server accepts future request

But how it can work thru TOR ? what about scenario that an attacker 
determine my exit point and somehow stole my authentication cookie and then 
he can use .exit pseudodomain to route his traffic thru the same exit pointÂ
 (ie gain same ip address as a legitimate client ) ? 


And is it possible (and how ? ) to run end to end encrypted (ssl) web 
traffic via tor network ?


Thanx for explanation.
ÂÂ 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Hiden service and session integrity
  - From: Andreas Krey
- Re: [tor-talk] Hiden service and session integrity
  - From: grarpamp
- Re: [tor-talk] Hiden service and session integrity
  - From: Seth David Schoen

Prev by Author: Re: [tor-talk] Tor and Anonymous browsing etc.
Next by Author: [tor-talk] List of seized HSes
Previous by thread: Re: [tor-talk] (no subject)
Next by thread: Re: [tor-talk] Hiden service and session integrity
Index(es):
- Author
- Thread