16

I am behind an HTTP proxy, and I frequently tunnel out via an ssh -D SOCKS proxy (I have access to a couple of outside servers which I can tunnel to) when the HTTP proxy causes problems1.

Now, this works for me, but I have some friends who need a SOCKS proxy for similar purposes. I can't give them my SSH access, for reasons beyond my control. The only alternative I can think of (besides those china tunneling sites) is Tor, because it sets up a SOCKS5 proxy on port 9150.

However, I'm not sure how safe Tor is from snooping and other MITM attacks. I don't care about the anonymity provided by tor — we're using it for the purpose of having a tunnel, not for the anonymity.

However, I wonder how secure it is to use Tor for normal traffic. Cookies/login information probably could be stolen by a snooper, and there could be other types of MITM attacks as well. I don't understand Tor well enough to figure this out myself.

How safe is Tor from these attacks? Is there any way (connecting to a trusted node/etc) to create a relatively safe Tor proxy?

1. For example the HTTP proxy eats websocket connections, while the SOCKS proxy lets them through unmolested.

Manishearth
  • 8,237
  • 5
  • 34
  • 56

2 Answers2

17

Tor isn't safe from man-in-the-middle attacks.

The unsafe component are the Tor exit nodes. These make the actual, unencrypted request and therefore can read and modify your traffic. Tor provides anonymity by not letting them know where the request came from, but the actual traffic between the exit node and the Internet is not different from normal traffic, as you can see in this picture (via):

enter image description here

Regarding the second question: Yes, it is technically possible to choose exit nodes. I haven't done this before, but you should be able to read up on this topic by yourself. This should allow you to (if possible) run your own exit node, or choose one that you trust.

copy
  • 1,939
  • 1
  • 16
  • 13
  • "run your own exit node" won't work as these guys don't have shell access outside. But yeah, I'll look up on the rest. – Manishearth Apr 25 '13 at 07:45
  • Probably best to assume your tor exit node is run by a TLA. There was a well publicised attack on diplomatic emails of some governments who used TOR without understanding that the exit nodes presented a vulnerability. They used POP or IMAP without SSL, relying on TOR to protect them. But the exit nodes were run by a TLA... Also see this: http://security.stackexchange.com/questions/31589/is-a-tor-router-really-safer-than-a-proxy?rq=1 – Ben Apr 25 '13 at 14:53
  • 2
    Comparing HTTP and HTTPS -- are both protocols affected by the same weak point (exit node), or HTTPS is safe? – greenoldman Feb 22 '16 at 20:43
  • 1
    @greenoldman - If the client and server are both using at least TLS 1.2 your HTTPS connection is still considered to be safe in practice. However the bulk of the SSL/TLS vulnerabilities discovered in the last couple years have required 1 common factor: Man in the Middle style access to a target's connection. Generally this requirement has meant in most cases the SSL weaknesses discovered could not be used on the greater public, but in the case of Tor you are forcing an intentional man in the middle, making HTTPS untrustable in many situations. – ShaneB Oct 16 '16 at 00:30
13

Actually, Moxie Marlinspike created a tool called SSLStrip. He actually tested it on his TOR-node, and found that a lot of people didn't notice that the encryption was gone. His talk is worth a watch: Tricks on defeating SSL

//M00kaw

M00kaw
  • 131
  • 4