Abstract. Tor exit relays are operated by volunteers and together push
more than 1 GiB/s of network traffic. By design, these volunteers are able
to inspect and modify the anonymized network traffic. In this paper, we
seek to expose such malicious exit relays and document their actions
First, we monitored the Tor network after developing two fast and modular
exit relay scanners—one for credential sniffing and one for active
MitM attacks. We implemented several scanning modules for detecting
common attacks and used them to probe all exit relays over a period of
several months. We discovered numerous malicious exit relays engaging
in a multitude of different attacks. To reduce the attack surface users are
exposed to, we patched Torbutton, an existing browser extension and
part of the Tor Browser Bundle, to fetch and compare suspicious X.509
certificates over independent Tor circuits. Our work makes it possible to
continuously and systematically monitor Tor exit relays. We are able to
detect and thwart many man-in-the-middle attacks, thereby making the
network safer for its users. All our source code is available under a free
license.
more here............https://petsymposium.org/2014/papers/paper_6.pdf
more than 1 GiB/s of network traffic. By design, these volunteers are able
to inspect and modify the anonymized network traffic. In this paper, we
seek to expose such malicious exit relays and document their actions
First, we monitored the Tor network after developing two fast and modular
exit relay scanners—one for credential sniffing and one for active
MitM attacks. We implemented several scanning modules for detecting
common attacks and used them to probe all exit relays over a period of
several months. We discovered numerous malicious exit relays engaging
in a multitude of different attacks. To reduce the attack surface users are
exposed to, we patched Torbutton, an existing browser extension and
part of the Tor Browser Bundle, to fetch and compare suspicious X.509
certificates over independent Tor circuits. Our work makes it possible to
continuously and systematically monitor Tor exit relays. We are able to
detect and thwart many man-in-the-middle attacks, thereby making the
network safer for its users. All our source code is available under a free
license.
more here............https://petsymposium.org/2014/papers/paper_6.pdf