[Cryptography] MITM attacks on Tor exit nodes
Philipp Winter
phw at nymity.ch
Tue Jun 9 07:48:14 EDT 2015
On Mon, Jun 08, 2015 at 10:28:14AM -0700, Henry Baker wrote:
> I noticed my first MITM attack on a Tor circuit today, thanks to the
> recent upgrades of Tor & Firefox.
>
> Basically, https://www.wired.com complained that the TLS had been
> "downgraded" to an obsolete cipher. After asking Tor to establish a
> new Tor circuit for this site, the "problem" went away -- because the
> intermediate & exit nodes were different (and presumably un-MITM'd).
Please report such findings to <bad-relays at lists.torproject.org>. Newer
versions of Tor Browser also allow you to see the circuit that was used
for a given web site by clicking on the green onion in the browser bar.
I wrote an exitmap [0] module to find the relay that could have done
this but there were no results. Note that it could also have been a
configuration issue -- exit relays sometimes run broken proxies or AV
scanners that interfere with TLS connections.
[0] <https://github.com/NullHypothesis/exitmap>
Cheers,
Philipp
More information about the cryptography
mailing list