Hello! After spending quite some hours reading about, installing it and experimenting with Tor I still have one basic question, that after all the "exit node sniffing danger" still not clear to me. I understand basically that: Tor protects my anonymity by "hiding" my ip address, thus my location, but at the exit node someone could see all the data that flows by. This is the question: No one would know where it comes from but they can read a message that I send to somebody telling them that we'll meet a 4 pm at Bennigans that day? And also they may know that someone is surfing or visiting "datingcentral.com" but is not possible to know who or where?
Forum Thread: About Tor, anonymity and exit node "sniffer"
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
1 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
1 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
5 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
6 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
6 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
9 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
9 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
9 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
How To: Spy on Traffic from a Smartphone with Wireshark
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Detect Script-Kiddie Wi-Fi Jamming with Wireshark
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
-
How To: Use MDK3 for Advanced Wi-Fi Jamming
-
How To: Brute-Force Nearly Any Website Login with Hatch
-
The Hacks of Mr. Robot: How to Send a Spoofed SMS Text Message
-
How To: Map Wardriving Data with Jupyter Notebook
-
How To: Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
-
Video: How to Crack Weak Wi-Fi Passwords in Seconds with Airgeddon on Parrot OS
-
How To: Use an ESP8266 Beacon Spammer to Track Smartphone Users
-
How To: Create Packets from Scratch with Scapy for Scanning & DoSing
-
News: 8 Wireshark Filters Every Wiretapper Uses to Spy on Web Conversations and Surfing Habits
-
How To: Create & Obfuscate a Virus Inside of a Microsoft Word Document
-
How To: Enable Offline Chat Communications Over Wi-Fi with an ESP32
-
Hack Like a Pro: Digital Forensics for the Aspiring Hacker, Part 10 (Identifying Signatures of a Port Scan & DoS Attack)
-
Advice from a Real Hacker: How to Know if You've Been Hacked
-
Hack Like a Pro: How to Create Your Own PRISM-Like Spy Tool
5 Responses
In a nutshell, no. It's not as simple as that.
Tor encapsulates your data in layers of encryption. Each node (other Tor routers on the network) can only decrypt its own layer to find the next nodes address to send the data to it. The 'peeling' away of the layers is what gives the name "Onion Routing"
Traffic travels through the network encrypted like this, but once it crosses an exit node, and goes into the clear (non-encrypted internet, like google or facebook) that encryption is gone, and anything you did not encrypt yourself ( SSH, PGP...etc) will be open. The data might be able to be read, but unless it contains personal information is is not as easy to trace it back, though with certain methods it can be done.
Thanks Allen!
All clear, bottom line to me is: This is only safe to SURF anonymously, to visit websites, etc., not to "comunicate" with people, not to fill forms, not for emails, specially if you want to send an anonymous email to somebody with sensitive information, like a whistleblower reaching an outside reporter, and, let's say, that using Tor you sign up for new yahoo email account, hoping that is not possible to trace back, but all of that effort is vane since anyone could read it at the exit node.
Excellent site, congratulations, admire your work! Keep on posting! :-)
Don't get me wrong, Tor is great as a web proxy. I use it for several email accounts i wish to keep as anonymous as I can. I just want to point out it is not 100% and some websites block traffic coming from a specific exit node from past abuse. Just don't use any personal details when using it and you will be good to go.
You could even just grab the Tor browser bundle and stick it on a thumb drive, use it where ever you travel.
Thanks for the kind words!
Just one more thing, again, to be clear and to clear up some others like me that want to make sure understands Tor limitations. Im going back to the email in the following scenario: Im using Tor bundle, with the included Firefox and "https anywhere" enable, I direct my browser to https:mail.yahoo.com (note the https), create an email account and log in.
1- Is my communication secured on that scenario? or
2- Privacy and communication is secured BUT the session cookie can be intercepted and stolen by someone sniffing the exit node and then grab my session and gain access to my email account?
Thanks again Allen!
The HTTPS is Transport Layer Security (TLS) and is used to encrypt traffic at and above the transport layer in the OSI model. Encryption for Tor works at lower layers then that even, so you have BOTH working for you in that situation.
1. Yep, you are good to go there, in fact, better even.
2. I would not worry about something like that. Your only concern would be information like names, addresses, birthdays, SS numbers...etc being sniffed. This is why, no matter what you should never send private details like that without encrypting it first yourself if needed.
Share Your Thoughts