[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: To sniff the real data

To: or-talk@xxxxxxxxxxxxx
Subject: Re: To sniff the real data
From: Fabian Keil <freebsd-listen@xxxxxxxxxxxxx>
Date: Sat, 7 Oct 2006 15:16:00 +0200
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 07 Oct 2006 09:16:25 -0400
In-reply-to: <1160221389.16432.272775115@webmail.messagingengine.com>
References: <1160221389.16432.272775115@webmail.messagingengine.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

"Total Privacy" <nosnoops@xxxxxxxxxxx> wrote:

> I´d like to know where and how to put in wich packetlogger 
> to get as close as possible to the border of encryption at 
> my user computer side of Tor, to watch exactly what´s going 
> in and out (not only what´s visible in the browser). 

> My firewall packetlogger only takes the already encrypted 
> stuff that looks like random garbage, thus it are a little 
> to late to see the actual content of it. 

Don't put the sniffer between the Tor client and the world outside,
but between your Tor client and the Tor using program on the inside. 

If you are mainly interested in HTTP, you can use Privoxy
and enable header debugging (3.0.5 beta has some improvements
there), or Firefox' LiveHTTPHeader extension.

Note that if you use a HTTP proxy, a browser can't reliable
tell you which HTTP headers reach or leave your system.

Also note that Firefox tends to invent its own data
for some HTTP failures without displaying an error
message. For example if you open a new tab, and access
an URL where the chunk decoding fails, Firefox shows you
its about:blank page while still displaying the URL you asked
for. If connections time out, LiveHTTPHeaders sometimes show
you status code 200, even though the proxy didn't send it.

Konqueror (and probably some other browser) can also show you
HTTP headers, but I don't know how (un)reliable it works or if
it's possible to log them.

> In my theory, the possibility may be that if someone running 
> running an exit node (or even a middle or entry node?) and 
> tamper with it, this may be an firewall free entry into the 
> user computer to hack it or do what ever whitout be stopped 
> by the user´s firewall. 

Tor does some kind of Network Address Translation, it's
easy to open a connection to get out, but you can't simply
reach the inside without invitation. 

Of course a bug inside your Tor client could open an entry,
but the same is true for every other program you run with
Internet access.

It's always a good idea to restrict Tor (and Privoxy and every
other program where it's possible) with Jails, systrace or something
like that, but I think usually the browser is the weakest link. 

Fabian
-- 
http://www.fabiankeil.de/

Attachment: signature.asc
Description: PGP signature

References:
- To sniff the real data
  - From: Total Privacy

Prev by Author: Re: Setting up hidden services on Tor server.
Next by Author: Re: tor bandwith ratio
Previous by thread: To sniff the real data
Next by thread: question to the german tor users
Index(es):
- Author
- Thread