var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Attacking the Tor network - Part 0
#1
Hello all, this will be series on how to attack the Tor network and Tor relays
In this series we will talk about general concepts and terms the Tor project, how they work and what ways to attack them

Part 0 - Introduction to the consensus

Code:
Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays. Using Tor makes it more difficult to trace a user's Internet activity.

The Tor network works by routing traffic through 3 relays if you are connected to a clearnet site or 6 relays if you are connected to a .onion site

You should not confuse between the Tor network, the Tor binary and the Tor browser as they are all different things that interact with each other
The Tor binary is a binary written in C that confines to the specification created by the Tor project
The Tor network is are Tor binaries working in Relay mode
The Tor browser is a modified Firefox-ESR browser that is made to connect to Tor's binary exposed local SOCKS5 interface/proxy thus changing the browser IP and allowing it to access .onion sites (called hidden services)

The Tor network consists of exactly 41313 routers as of 2023-2-24, these routers are sometime called relay, guard node, middle node, exit node and some other "middle nodes" such as introduction points, consensus servers, rendezvous points, etc,..


Now that you know the basic idea of the Tor network, I recommend you to read the Tor Spec to understand how it works in detail.

After you have finished reading the Tor Spec, let's talk about consensus servers, or as they call it, directory-authority
directory-authority are special-purpose relays that maintains a list of currently-running relays and periodically publishes a consensus together with the other directory authorities.

Directory-authorities are the relays you first connect to in order to download the Tor network relays, without them you would not be able to know relay information and thus would not be able to connect to Tor.

To prevent overload on Directory-authorities the official Tor binary caches the relays data when it is first started.

Now with all that in mind, you should be able to understand why attacking Directory-authorities is the easiest way to take down the Tor network.

You can get a list of Directory-authorities here https://consensus-health.torproject.org/

After you have gotten the list, you can attack it in different ways, here is a list of ways you can take it down/hack it:
1. Outdated server
Directory-authorities are relays, and they run a web server. Check for common server vulnerabilities and try them.

2. DDoS - slow loris
DDoSing them via slow loris attack is also effective in blocking others downloading relay information

3. DDoS - spam download information
If you own a decent sized botnet you can simply make them all spam download the relay information through a simple GET request, this would knock the server off

4. WiFi - fake Tor network
Directory-authorities information are not downloaded via HTTPS instead they are downloaded using the insecure HTTP protocol
If you are on the same LAN network as your target, you could spoof the relay information with a "fake" Tor network that consists of your own relays

That's it for this tutorial, more to come with some interesting things such as hijacking Tor relays etc,.. I will link it here once posted
If you have any questions, please PM dkota


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
How to start hacking - part 1 dkota 4 115 06-18-2023, 12:41 AM
Last Post: zonefour



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }