Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Active Web->Tor CGI proxies.
From: "T Biehn" <tbiehn () gmail com>
Date: Tue, 22 Apr 2008 09:12:02 -0400

Not my doing, but good news never the less.
Now with 100% more hidden service url support!
Time to lighthttpd+tor your servers for hosting delicious contents for
wgetting fun. Kids: don't forget to encrypt those sweet unreleased,
unreported, unknown, private, exploits.
Time to put up black markets and spam the links about.
Backends for your phishing pages, botnet control, 'js zombie' control.
I bet you could even whip up a sweet google maps GIS (oh I know I
have). Simple SQL botnet control anyone?

Diffie Hellman in Javascript that delivers encapsulated HTTP to
browsers please, could make an interesting BBS interface with real
member to member encrypted and private chat (high latency granted.)
You could even do some simple digital signature support to protect
against rogue TOR nodes. I had envisioned a system that would enforce
you after signup to connect through 3 distinct endpoints to collect
the key and make sure it was consistent, and providing simple loader
source that can be easily verified that loads the prompt to verify the
signature. Login would be hash the source from 3 locations to make
sure it's all the same, include all grabbed javascript. Then verify
that the presented signature is valid. It's not perfect but better
than nothing and obviously more anonymous than SSL.
Too bad math in JS is massively slow.

In the words of Andrew Weeblsoi: There's no point in hiding any more.



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Active Web->Tor CGI proxies. T Biehn (Apr 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]