Silk Road forums

Discussion => Newbie discussion => Topic started by: 57 on March 05, 2013, 08:21 pm

Title: TOR packet capture contains plain-text hostnames
Post by: 57 on March 05, 2013, 08:21 pm
Question-

I decided to capture packets going to and from TOR using Little Snitch in OSX.  When I opened the packet capture document, all of the data was encrypted EXCEPT the name of the host receiving the data......... for example:

http://dkn255hz262ypmii.onion  and http://silkroadvb5piz3r.onion  were shown in plain text.  So, how does this protect your ISP from seeing which sites you are visiting?
Title: Re: TOR packet capture contains plain-text hostnames
Post by: acider on March 05, 2013, 08:30 pm
What's the destination/source of those particular packets?
Tor browser uses a socks proxy at 127.0.0.1:9150 (9050 for the older versions IIRC) so if it's that address I guess it's not a problem.
Title: Re: TOR packet capture contains plain-text hostnames
Post by: 57 on March 05, 2013, 08:36 pm
Good point, I'll have to check, I didn't even think about that
Title: Re: TOR packet capture contains plain-text hostnames
Post by: kusurichoudai on March 05, 2013, 08:51 pm
Was the hostname in the actual packet header / payload, or were you just seeing the dns resolution that is shown in one of the columns of the capture? If you're using SSL all the time, there will be zero cleartext contained in the actual packets / frames...
Title: Re: TOR packet capture contains plain-text hostnames
Post by: Qthello on March 05, 2013, 08:52 pm
were you using the torbrowser?
Title: Re: TOR packet capture contains plain-text hostnames
Post by: modziw on March 05, 2013, 09:05 pm
were you using the torbrowser?

LOL Okay now THERE is a good question!

Modzi
Title: Re: TOR packet capture contains plain-text hostnames
Post by: Qthello on March 05, 2013, 09:09 pm
how the heck did I get a bad karma?  :-[