Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Different google interface when using some Tor exit nodes
From: Dean Pierce <piercede () pdx edu>
Date: Thu, 01 Jun 2006 11:27:51 -0700
Yes, that is strange.  I don't think that it means tor is caching
cookies in exit points, but it is likely that there is a way to bind
that preference to your IP as opposed to the cookie like in the article.

I tried this

1. started tor
2. checked the IP of my exit point
3. did a google search, saw no side bar
4. activated the cookie using the arstechnica method
5. did a google search, saw the side bar
6. deleted the cookie from the browser
7. did a google search, saw no side bar
8. verified that I was still coming out of the same exit point

I personally would like to see some of the results you came up with.
Also, I have never seen that interface when browsing with tor normally,
what would you estimate as the ratio is of exit points with that behavior?

   - DEAN

Naxxtor Security wrote:

Whilst using the Tor network to search google, once in a while the
google search results interface changes to the "new look", as described
here:
http://arstechnica.com/news.ars/post/20060326-6460.html

But the method used there uses cookies.  This means one of two things:

 o    The decision to serve the "new" interface can be made using             
cookies or a your source IP.

 o    Tor exit nodes cache cookies.

With the later being a huge hole in security.

On investigation, none of the exit nodes used when the new interface was
shown had valid reverse DNS.  If people are interested I'll post the
results to the list.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]