In the first part of this series, we learned about darknets, as well as how they came about. But these patches of forgotten Internet are not the oasis of free information you might think. Despite being hidden—or just harder to come across—these networks are no more safe then anywhere else on the 'clear' Internet. The nature of networking and routing means your location is always known in server logs. It only takes one phone call to your ISP with your IP address to obtain both your physical address and a search warrant along with it. Therefore, a method must be used to cloak your action from those ever-growing prying eyes.
Simple traffic analysis and deep packet inspection can give up what you are sending, where you are sending it, where it is coming from and who it is going to. This is performed by your ISP to enforce data limits or anti-spam and piracy measures, and it can be performed by anyone with access to your network. This could be the FBI outside in a parked van or even your neighbor after he cracked your wireless password.
Tor works on the idea of onion routing. Let's take a more in-depth look at the idea behind this, as it's critical to how the Tor (and i2p) network operates. Each machine that's running the Tor service is running a Tor router on their network. Each of those routers (which we'll refer to as "nodes" from now on) work by forwarding traffic from other random nodes.
When you wish to send some data on the network, your node calculates a path though all the running nodes, and wraps your data in that many layers of encryption. When each of these random nodes receives your packet, they can only decrypt the layer assigned to them (only they have the key). As such, each node can only see the previous node a packet came from and the next node the packet should be sent to. At no point can the nodes dig deeper into the packet. They can only peel away the layer assigned to them. In this way, each layer is peeled away, one at a time, giving us the term onion routing.
The figure below illustrates how each layer of the "test" packet is peeled away one at a time on its way to the web server.
Inside the Tor network, there is a wide range of hidden content, a lot of which is not for the weak of heart. This is because Tor allows you to create your own internal website, known as a Tor Hidden Service. We'll dive deeper into those services in the next part of this series. For now, let's go over how Tor allows you to browse the web anonymously.
Normally you send your request to a web server using the normal HTTP port of 80. The server then reads what you need, and sends it over to you. By the very nature of this system, the server needs to know your router's IP address to communicate back to you, and this is contained in the header of the each packet sent. Essentially, it's connecting what you are doing on the Internet to where you live.
The problem occurs when a company or ISP peeks into those packets and blocks access based on their contents. You have seen examples of this at your high school computer lab and maybe even in your office at work. Websites and content that are not wanted can be filtered out before it even reaches you. Sometimes this is undertaken on a national level, like in China and Iran, by filtering directly at the ISP.
To reach regular websites on the 'clear' Internet, some Tor nodes are configured as exit nodes, which route traffic in and out of the Tor network. This hides who you are from the police, the web server, your ISP and anyone else listening in. As far as any of them know, you are the exit node! Also, as Tor uses its own port and encrypts the traffic, your content restrictions can be bypassed with ease.
Even as these exit nodes are often in other countries, there are still methods of tracking you down. None the less, putting a few layers between yourself and the world can never hurt. At the end of this article, I will explain the most efficient way to obtain the software you need and provide you a few links to start your adventure with.
Tor has a few serious issues with it that do need to be addressed. The most critical is a lack of end-to-end encryption. This means anyone who can sniff the traffic from an exit node can see EVERYTHING. They still have to trace packets back and forth to determine a location, but all the encryption is gone. Any personal info you transmitted will be wide open for the stealing. You can negate this by wrapping your data in a presentation-layer protocol like SSH, but that's not always an option.
Tor also does not provide protection against end-to-end timing attacks. If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit and locate you. This problem is tied into the one above in a way, as well.
Tor is still very effective at outsmarting firewalls and port scanning, and though more advanced, tunneling SQL injections. Tor is secure enough to communicate with and even better if you wrap that data in application-layer encryption beforehand. It is not 100 percent, but it's better than just rolling dice and hoping no one is watching.
Over the years, the model has been improved upon and added to. If you are looking for the next step up from Tor, you need to enter the world of i2p. In my next article, I will explain how they're similar and how they differ, sometimes drastically.
Tor is great at browsing the web anonymously and accessing the network's hidden services. The best way is to download the browser bundle directly from the website. There is no installation required, and you can even put it on a USB drive for mobile use as en emergency proxy!
Simply download and extract the archive, navigate to its directory and:
Below is a list of links for a few Tor hidden services to start you off.
- dppmfxaacucguzpc.onion - The TorDIR, a listing of various hidden services, some on and offline.
- kpvz7k12v5agwt35.onion - The Hidden Wiki, a listing of more links and services. Be careful here.
- eqt5g4fuenphqinx.onion - Core.Onion, a great intro for new users.
Questions? Concerns? Leave me a comment or drop by our IRC channel and say hello.
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: