Hello! After spending quite some hours reading about, installing it and experimenting with Tor I still have one basic question, that after all the "exit node sniffing danger" still not clear to me. I understand basically that: Tor protects my anonymity by "hiding" my ip address, thus my location, but at the exit node someone could see all the data that flows by. This is the question: No one would know where it comes from but they can read a message that I send to somebody telling them that we'll meet a 4 pm at Bennigans that day? And also they may know that someone is surfing or visiting "datingcentral.com" but is not possible to know who or where?
Forum Thread: About Tor, anonymity and exit node "sniffer"
- Hot
- Active
-
Forum Thread: How to Hack Wireless Password Through MAC Address and IP Address 25 Replies
3 days ago -
Forum Thread: Complete Guide to Creating and Hosting a Phishing Page for Beginners 50 Replies
1 wk ago -
Forum Thread: HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone 18 Replies
2 wks ago -
Forum Thread: Mitm attack problem 2 Replies
3 wks ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 32 Replies
1 mo ago -
Metasploit Error: Handler Failed to Bind 40 Replies
1 mo ago -
Forum Thread: How to Know if You Are a Script Kiddie? 9 Replies
1 mo ago -
Forum Thread: How to Identify and Crack Hashes 8 Replies
1 mo ago -
Forum Thread: How to Hack School Website 8 Replies
1 mo ago -
Forum Thread: Whenever I Try "Airmon-Ng Start wlan0" There's an Error? 16 Replies
1 mo ago -
Forum Thread: How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux 14 Replies
1 mo ago -
Forum Thread: Awesome Keylogging Script - BeeLogger 30 Replies
2 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 27 Replies
2 mo ago -
Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom? 121 Replies
2 mo ago -
How to: Minecraft DoS'Ing with Python. 1 Replies
3 mo ago -
Forum Thread: Tools for Beginner Hacker 3 Replies
3 mo ago -
Forum Thread: How to Embed an Android Payload in an Image? 9 Replies
4 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 46 Replies
4 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 11 Replies
4 mo ago -
Forum Thread: Fix Initramfs Problem 5 Replies
4 mo ago
-
How To: Dox Anyone
-
Hack Like a Pro: How to Hack Facebook (Facebook Password Extractor)
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
BT Recon: How to Snoop on Bluetooth Devices Using Kali Linux
-
How To: Fuzz Parameters, Directories & More with Ffuf
-
How To: Brute-Force Nearly Any Website Login with Hatch
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Create a Persistent Back Door in Android Using Kali Linux:
-
How To: Use SQL Injection to Run OS Commands & Get a Shell
-
How To: Brute-Force FTP Credentials & Get Server Access
-
Hacking Windows 10: How to Dump NTLM Hashes & Crack Windows Passwords
-
Tutorial: Create Wordlists with Crunch
-
How To: Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
How To: Make Your Own Bad USB
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Embed a Metasploit Payload in an Original .Apk File | Part 2 – Do It Manually
-
How To: Hack Networks & Devices Right from Your Wrist with the Wi-Fi Deauther Watch
5 Responses
In a nutshell, no. It's not as simple as that.
Tor encapsulates your data in layers of encryption. Each node (other Tor routers on the network) can only decrypt its own layer to find the next nodes address to send the data to it. The 'peeling' away of the layers is what gives the name "Onion Routing"
Traffic travels through the network encrypted like this, but once it crosses an exit node, and goes into the clear (non-encrypted internet, like google or facebook) that encryption is gone, and anything you did not encrypt yourself ( SSH, PGP...etc) will be open. The data might be able to be read, but unless it contains personal information is is not as easy to trace it back, though with certain methods it can be done.
Thanks Allen!
All clear, bottom line to me is: This is only safe to SURF anonymously, to visit websites, etc., not to "comunicate" with people, not to fill forms, not for emails, specially if you want to send an anonymous email to somebody with sensitive information, like a whistleblower reaching an outside reporter, and, let's say, that using Tor you sign up for new yahoo email account, hoping that is not possible to trace back, but all of that effort is vane since anyone could read it at the exit node.
Excellent site, congratulations, admire your work! Keep on posting! :-)
Don't get me wrong, Tor is great as a web proxy. I use it for several email accounts i wish to keep as anonymous as I can. I just want to point out it is not 100% and some websites block traffic coming from a specific exit node from past abuse. Just don't use any personal details when using it and you will be good to go.
You could even just grab the Tor browser bundle and stick it on a thumb drive, use it where ever you travel.
Thanks for the kind words!
Just one more thing, again, to be clear and to clear up some others like me that want to make sure understands Tor limitations. Im going back to the email in the following scenario: Im using Tor bundle, with the included Firefox and "https anywhere" enable, I direct my browser to https:mail.yahoo.com (note the https), create an email account and log in.
1- Is my communication secured on that scenario? or
2- Privacy and communication is secured BUT the session cookie can be intercepted and stolen by someone sniffing the exit node and then grab my session and gain access to my email account?
Thanks again Allen!
The HTTPS is Transport Layer Security (TLS) and is used to encrypt traffic at and above the transport layer in the OSI model. Encryption for Tor works at lower layers then that even, so you have BOTH working for you in that situation.
1. Yep, you are good to go there, in fact, better even.
2. I would not worry about something like that. Your only concern would be information like names, addresses, birthdays, SS numbers...etc being sniffed. This is why, no matter what you should never send private details like that without encrypting it first yourself if needed.
Share Your Thoughts