[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor Double HiddenService w/ Server Level Intercepting Request and Content Anonymization
I've just finished successfully a Proof-of-Concept to implement
anonymization at server level. I would be please if you guys can review
this approach and extend it and/or show me the caveats ;-)
The rough picture is assuming someone somehow injected bad code into a
seized site to get hands on visitor infos collected out of HTTP
Request/Response (visitor not capable of setting up privoxy the right way
or even socksing directly into tor).
To protect I've:
- setup one HiddenService (aaaVisible.onion) that connects to intercepting
privoxy (IPr)
- setup 2nd HiddenService (bbbDblHidden.onion) only accepting from (IPr)
- setup IPr to rewrite aaaVisible.onion to bbbDblHidden.onion removing bad
stuff from Req./Resp.
This makes the Service double Hidden, more difficult to hack into it,
redirect-able and protects dump visitors against revealing information
(fingerprints).
Client <-> Tor <-> Tor:HS <-> Privoxy <-> Tor <-> Tor:HS <-> (STunnel <->)
Service
The STunnel is used to move the IPv4 Service away from the HiddenService
declaration and optional but recommended. Also Service is only allowed to
"speak" to STunnel and has no Internet access.
To check-out this on a single server w/o STunnel do this (named onion-links
ARE AN EXAMPLE ONLY):
Get Tor and Privoxy up'n'running like a normal Tor-Entry-Point.
Modify /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/onion_relay/
HiddenServicePort 80 127.0.0.1:8118
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80 <http://127.0.0.1/>
Do on the shell
/etc/init.d/tor restart
or in arm do x x to sighup tor.
As AN EXAMPLE this gives
mr2t4bnopbqy2ql7.onion => "Onion-Relay"
cmt6wblsm36iuoqn.onion => "HiddenService"
Prepare the Service (here Apache2):
Create /etc/apache/sites-available/tor
<VirtualHost *:80>
ServerAdmin root@xxxxxxxxxxxxxxxxxxxxxx
ServerName cmt6wblsm36iuoqn.onion
DocumentRoot /var/www/tor
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/tor>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
SetEnvIf X-Onion-Relay-Passphrase
JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs ONION_RELAY_AUTH
Order Deny,Allow
Deny from All
Allow from env=ONION_RELAY_AUTH
</Directory>
ErrorLog ${APACHE_LOG_DIR}/tor-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/tor-access.log combined
</VirtualHost>
Do on the shell
mkdir /var/www/tor
echo '<html><body><h1>cmt6wblsm36iuoqn.onion</h1> \
<img src="http://cmt6wblsm36iuoqn.onion/x.jpg"></body></html>' \
> /var/www/tor/index.html
cp some-nice-jpg-file.jpg /var/www/tor/x.jpg
cd /etc/apache/sites-enabled
ln -s ../sites-available/tor 001-tor
/etc/init.d/apache2 restart
Prepare Privoxy
In /etc/privoxy/config:
accept-intercepted-requests 1
In /etc/privoxy/user.action:
{ \
+hide-user-agent{Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0 (Tor Browser Bundle)} \
+hide-accept-language{en-us,en;q=0,5} \
}
/
{ \
+server-header-filter{server-ident-rewrite} \
+client-header-filter{onion-request-rewrite} \
+filter{onion-response-rewrite} \
+add-header{X-Onion-Relay-Passphrase: JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs} \
}
mr2t4bnopbqy2ql7.onion
In /etc/privoxy/user.filter:
SERVER-HEADER-FILTER: server-ident-rewrite Replace Server Ident String
s@^(Server:)\s*.*$@$1 Http/1.1@i
CLIENT-HEADER-FILTER: onion-request-rewrite Replace x.onion with y.onion
s@^(Host:)\s*mr2t4bnopbqy2ql7.onion$@$1 cmt6wblsm36iuoqn.onion@i
FILTER: onion-response-rewrite Replace y.onion with x.onion
s/cmt6wblsm36iuoqn\.onion/mr2t4bnopbqy2ql7.onion/ig
Do on the shell
/etc/init.d/privoxy restart
Try in the browser:
HiddenService direct: cmt6wblsm36iuoqn.onion => 403 Forbidden
HiddenService indirect by privory onion-rewrite: mr2t4bnopbqy2ql7.onion =>
the Result from cmt6wblsm36iuoqn.onion
Have a look on the Response Headers (e.g. Firefox Plugin WebDeveloper =>
Information => Response Header) and you see Server: Apache/2.2.22
(Ubuntu) is replaced by Server: Http/1.1. Also do modify index-file in
web-root to show Request-Vars like user-agent and accept-language ... here
for example response content can be removed to prevent 3rd party JavaScript
or Flash injection to the visitor.
---
Regards,
Manfred Ackermann
PGP 0xED5E5F28
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk