Search This Blog

Showing posts with label SSL Stripping. Show all posts

Tor Browser 11.5 Adds Censorship Detection & Circumvention


Tor Project's flagship anonymizing browser has been upgraded to make it simpler for users to avoid government attempts to prohibit its usage in various locations. According to the non-profit organisation that controls the open source software, Tor Browser 11.5 would change the user experience of connecting to Tor from strongly censored locations. 

It replaces a "manual and confusing procedure" in which users have to maintain their own Tor Network settings to figure out how to utilise a bridge to unblock Tor in their location. Because various bridge settings may be required in different countries, the Tor Project stated that the manual effort placed an undue hardship on restricted users. 

Connection Assist is its answer, and it will automatically apply the bridge configuration that should perform best in a user's exact location. China, Russia, Belarus, and Turkmenistan are among the countries that have blocked the Tor Network. Volunteers from these and other impacted nations are encouraged to apply to be alpha testers so that their feedback may be shared with the community. 

The Tor Project has revised its Tor Network settings to improve the user experience for people who still want to manually configure their software. There is also a new HTTPS-only default option for users, which protects consumers by encrypting communication between their system and the web servers it communicates with. 

“This change will help protect our users from SSL stripping attacks by malicious exit relays, and strongly reduces the incentive to spin up exit relays for man-in-the-middle attacks in the first place,” it stated. 

Although the Tor Browser is often linked with illicit black web browsing, it is also a useful tool for activists, journalists, dissidents, and NGO workers working under harsh government regimes.

Thousands of Cryptocurrency Users Targeted by Tor Network Exit Nodes


Cybersecurity researchers have said a threat actor has been adding malicious servers into the Tor network to intercept traffic heading to cryptocurrency websites and carry out SSL stripping attacks on users while accessing mixing websites.

The threat actor, through its exit relays, performed an SSL stripping attack on traffic headed towards cryptocurrency websites, downgrading the encrypted HTTPS connection to plaintext HTTP. In the case of the attacks against the Tor network, threat actors aimed at replacing the addresses of legitimate wallets with the ones under the control of the attackers to hijack transactions.

In August 2020, the security researcher and Tor node operator Nusenu first highlighted this malicious behavior and has now shared more details about the ongoing malicious behavior in a follow-up post. Nusenu has revealed a new part of its research that says threat actors are still active. 

“You can see the repeating pattern of new malicious relays getting added to the tor network and gaining significant traction before dropping sharply, when they got removed.” reads the study

“In terms of scale of the attacker’s exit fraction, they managed to break their own record from May 2020 (>23% malicious exit fraction) twice:

• on 2020–10–30 the malicious entity operated more than 26% of the tor network’s exit relay capacity

• on 2021–02–02 they managed more than 27% of tor’s exit relay capacity. This is the largest malicious tor exit fraction I’ve ever observed by a single actor.”

According to the researcher, the threat actor managed to fly under the radar for more than a year because the malicious exit relays were added to the Tor network in small increments until they made up more than 23% of all exit nodes. Threat actors operated more than 26% of the tor network’s exit relay capacity two times in the last year, reaching 27% in February 2021. 

Once the scheme was discovered, the exit relays were removed from the Tor network, anyway, the experts pointed out that threat actors were able to intercept the traffic for months. Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor.