Tor Resources
Some resources related to Tor (The Onion Router).
Tor describes used to describe itself as:
Tor is a toolset for a wide range of organizations and people that
want to improve their safety and security on the
Internet.
Now, Tor describes itself in more technically accurate, but less
marketable terms:
Tor is a software project that helps you defend against traffic
analysis, a form of network surveillance that threatens personal
freedom and privacy, confidential business activities and
relationships, and state security.
Tor Related Vulnerabilities
Some of my research into Tor vulnerabilities:
-
Torbutton Testing:
A collection of tests that attempt to circumvent Torbutton
protections. These are useful for developers wanting to test
changes to Torbutton and investigate new attack techniques.
-
Vidalia Bundle - Insecure Privoxy Configuration:
versions of the Vidalia Bundle prior to 0.1.2.18 install
Privoxy with an insecure default configuration file. By
utilizing common web-browser vulernabilities, the insecure
configuration could be exploited to attack Privoxy and block, redirect or
disable filtering of requests.
-
Attacking the Tor Control Port with Java: an
examination of how Java (via LiveConnect) can be used to
attack the Tor control port if no authentication is used.
-
Tor control
port vulnerability: the original control port
vulnerability that was the toast of BlackHat/Defcon 2007.
-
I got hacked by Tor: a discussion of how I got "hacked"
when using Tor. Nothing bad happened to me, but it did to
some other people.
Tor Hacking Utilities
Some crude Tor hacking utilities that I've put together. These are
for hacking via Tor, not hacking Tor itself.
Latest Version
Archived Versions (may contain vulnerabilities, bugs, etc.)