Hidden Services in TOR

Hi guys!

Are you a Tor user?

Tor  is a service that enables users to browse the web without being tracked or identified and this project is run by a network of volunteers. But one of the less known features is the hidden services.

These are basically servers that provide services through the Tor network. Browsing the web anonymously is one thing but hacktivists find it very useful to be able to provide web pages for people in a way that such webpages cannot be tracked or shutdown easily.

For Tor network users, there are plenty of ‘hidden services’ accessible providing access to forbidden information about very different topics. Those sites have a hidden DNS address with the .onion tld, like the example.onion. Sites ending in .onion cannot be easily tracked or shutdown, and the owner cannot be easily identified.

One of the most complex things about setting up a hidden service, is configuring the web server in a way that doesn’t leak information about the real IP address of the server, or the country location etc. The more complex the site, the more difficult it becomes to setup a real hidden service that doesn’t leak service information in any way.

Certain hidden servers were tracked and shut down by the FBI during last couple of years, using social engineering, information leaks and browser vulnerabilities. The The Silk Road is well known example of a server taken down. This was hidden inside tor and was used for selling drugs and similar stuff.

Check out the full post with the proof of concept script which leaks hidden timezones: http://jcarlosnorte.com/security/2016/02/21/date-leak-gzip-tor.html


Source: Akati

Comments are closed.