Author

Topic: TOR users be aware, Flash and Javascript reveals IP address. (Read 16151 times)

hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
But it really sucks when anonymity is sometimes needed. Talking about some politics where I live can get you 15 years in jail.

WAY too many laws to break now aday... Tell someone is a jerk from with Arizona Internet connection and you go to jail. WTF. There is no such thing as a "law abiding citizen" any longer.
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
I don't like disclosing TTPs, but if you put more than a few brain cells on this problem, it's pretty easy to mitigate it.
newbie
Activity: 27
Merit: 0
Every poster above or below this post should be considered a terrorist

Is this a bad or a good thing? Cheesy
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Every poster above or below this post should be considered a terrorist
I didn't know this, thanks for the post OP.

hero member
Activity: 742
Merit: 500
Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing.
Tor and illegal actions do not at all have to be connected.  There are plenty of legitimate reasons for usage of Tor.

I don't like when people automatically assume anonymity is only needed for illegal purposes.  I don't want to live in that world.
legendary
Activity: 1120
Merit: 1003
Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing.
hero member
Activity: 742
Merit: 500
Hello,

just setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network).
eth1 routes then all traffic through tor.
Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy.
ALL traffic is now routed through tor and immune to those attacks.

I think there is a tutorial on the torwiki too.

kind regards,
a nice guy
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
administrator
Activity: 5222
Merit: 13032
You can't do it with just JavaScript, which is why torbutton allows JavaScript. You need a plugin like Flash.
newbie
Activity: 27
Merit: 0
Hello,

just setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network).
eth1 routes then all traffic through tor.
Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy.
ALL traffic is now routed through tor and immune to those attacks.

I think there is a tutorial on the torwiki too.

kind regards,
a nice guy
hero member
Activity: 742
Merit: 500
no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.

Any link on this forum that I missed?
Well there are warnings on the actual tor download page.

https://www.torproject.org/download/download-easy.html.en#warning
sr. member
Activity: 269
Merit: 250
no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.

Any link on this forum that I missed?
hero member
Activity: 742
Merit: 500
Also, http://panopticlick.eff.org/ is a much more informative page than your link.
sr. member
Activity: 462
Merit: 250
no kidding, Sherlock?

I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default.
hero member
Activity: 742
Merit: 500
Good information, but not new news at all.  This is why the Tor Browser Bundle and Tails have javascript and flash disabled by default.
sr. member
Activity: 269
Merit: 250
The following sequence of events occurs when somebody is unmasked:

  • VictimHost connects through MyTorNode, to SomeWebSite
  • MyTorNode changes outbound traffic to SomeWebSite so that HTTP1.0 and gzip compression are not used (HTTO headers are stripped / changed)
  • MyTorNode replaces inbound traffic from SomeWebSite, inserting and