Silk Road forums

Discussion => Security => Topic started by: skills on July 27, 2012, 11:15 pm

Title: Sniffing the exit nodes packages
Post by: skills on July 27, 2012, 11:15 pm
If you really do care about safety, always use PGP/GPG .

I don't know if this has been asked before, but i really would love to know if there is SSL encryption on the login submission.

Mount a tshark or run tcpflow (This will keep all the data and it's difficult to filter the information, use a tshark. Search for the terms and learn how to). target facebook cookies and voilá, you can fuck someone's account pretty easily if they access facebook without https (You can activate or deactivate the encryption. If encryption is enabled you're safe) and using TOR;

I feel sorry for those who don't use GPG, it's never enough to remember users to do it. There is A LOT of data flowing on tor network providing from SR
Title: Re: Sniffing the exit nodes packages
Post by: random0 on July 27, 2012, 11:46 pm
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.
Title: Re: Sniffing the exit nodes packages
Post by: oscarzululondon on July 28, 2012, 03:12 am
I remember reading recently that SSL can compromise Tor and make it less secure. I think kmfkewm knows about this?

OZ
Title: Re: Sniffing the exit nodes packages
Post by: skills on July 28, 2012, 04:51 am
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.

What the hell you're talking about??

Of course there are exit nodes, i've allowed my TOR connection to be an exit node lol, and actually the information that leaves the node it's not encrypted in any way if there's no encryption made in the entry node man...
What you're talking about is the hidden service that provides anonymity to the server holding the website's information. I'm talking about the information that is exchanged between regular nodes for clients accessing the website. You can read more here (Hidden services) :
http://en.wikipedia.org/wiki/Tor_(anonymity_network)

You can test it yourselves, you'll see what i'm talking about...

TOR relies not on SSL but TLS , an ulterior version.

It seems that compromises your anonymity. You can read about :   
http://security.blogoverflow.com/2012/04/tor-exploiting-the-weakest-link/

Would love to hear from kmfkewm.
Title: Re: Sniffing the exit nodes packages
Post by: BlarghRawr on July 28, 2012, 11:14 am
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.

What the hell you're talking about??

Of course there are exit nodes, i've allowed my TOR connection to be an exit node lol, and actually the information that leaves the node it's not encrypted in any way if there's no encryption made in the entry node man...
What you're talking about is the hidden service that provides anonymity to the server holding the website's information. I'm talking about the information that is exchanged between regular nodes for clients accessing the website. You can read more here (Hidden services) :
http://en.wikipedia.org/wiki/Tor_(anonymity_network)

You can test it yourselves, you'll see what i'm talking about...

TOR relies not on SSL but TLS , an ulterior version.

It seems that compromises your anonymity. You can read about :   
http://security.blogoverflow.com/2012/04/tor-exploiting-the-weakest-link/

Would love to hear from kmfkewm.
All traffic on the interior tor network does not use the exit nodes. Exit nodes are just that, an exit from the tor network. They are the nodes via which one might access the "clear net". Relay-nodes are QUITE a bit different.
Title: Re: Sniffing the exit nodes packages
Post by: kmfkewm on July 28, 2012, 11:17 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Title: Re: Sniffing the exit nodes packages
Post by: BlarghRawr on July 28, 2012, 11:36 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
Title: Re: Sniffing the exit nodes packages
Post by: tootiefruitie on July 28, 2012, 12:23 pm
just wanted to say +1 to kmfkewm and BlarghRawr.  i've never announced karma before!  how exciting!
Title: Re: Sniffing the exit nodes packages
Post by: kmfkewm on July 29, 2012, 02:13 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.

The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.

edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
Title: Re: Sniffing the exit nodes packages
Post by: kmfkewm on July 29, 2012, 02:16 am
In fact Tor is not even considered to be an onion router by its developers, so the name The Onion Router makes no sense. They consider it to be leek routing, although the people from the Navy who originally came up with the concept of onion routing still consider Tor to be a type of onion router (I wonder if they would consider I2Ps garlic routing to be onion routing also). It probably has somewhat to do with patent trolling and Tor trying to avoid that.
Title: Re: Sniffing the exit nodes packages
Post by: BlarghRawr on July 29, 2012, 02:44 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.

The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.

edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.
Title: Re: Sniffing the exit nodes packages
Post by: kmfkewm on July 29, 2012, 05:48 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.

The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.

edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.

I am pretty sure at one point Tor used to be 'the onion router' and hence TOR would be appropriate, however it is now Tor which is not an onion router (some say)
Title: Re: Sniffing the exit nodes packages
Post by: BlarghRawr on July 29, 2012, 05:50 am
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.

The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.

edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.

I am pretty sure at one point Tor used to be 'the onion router' and hence TOR would be appropriate, however it is now Tor which is not an onion router (some say)
Yeah. I first heard about it when it was 'the onion router'... then I noticed that it served no apparent purpose except for getting CP to pedos, so I ignored it for a few years. Then I stumbled across it again one night, hit up the hiddenwiki, and found SR right before the gawker-explosion... ah, good times.
Title: Re: Sniffing the exit nodes packages
Post by: kmfkewm on July 29, 2012, 09:15 am
to add to the confusion, the tor devs would never have considered Tor to be an onion router at any point in its existence :D