[tor-bugs] #16347 [Tor Browser]: TOR Browser Favicon.ico IP leak

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 10 18:56:29 UTC 2015


#16347: TOR Browser Favicon.ico IP leak
---------------------------------+----------------------------------
 Reporter:  torleak              |          Owner:  tbb-team
     Type:  defect               |         Status:  new
 Priority:  critical             |      Milestone:
Component:  Tor Browser          |        Version:  Tor: unspecified
 Keywords:  Favicon.ico IP leak  |  Actual Points:
Parent ID:                       |         Points:
---------------------------------+----------------------------------
 Attached are logs for TOR Browser sessions during the logging into Buffalo
 Terastation TS-XEL with firmware version 1.55. The logs are from
 Terastation lighttpd.webui.access.log.

 Version of TOR Browser was likely 4.5, it was the version which updated
 itself automatically from TOR Browser. It was certainly below 4.5.1,
 because an access occured before May 13.

 TOR client IP address is XXX.XXX.XXX.XXX.

 Target IP address is YYY.YYY.YYY.YYY.

 Real IP address is ZZZ.ZZZ.ZZZ.ZZZ, it was checked and confirmed with ISP.
 Based on access circumstances, it is unthinkable that a target was
 "accidentally" accessed via a standard browser at that time, which was
 IE11.

 What is strange for real User-Agent is that it is listed as Windows NT
 6.2. But real version of Windows was NT 6.3.

 Below is a small fragment of the logs:
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:15:53 +0900] "POST /dynamic.pl
 HTTP/1.1" 200 192 "http://YYY.YYY.YYY.YYY/static/root.html" "Mozilla/5.0
 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:15:53 +0900] "GET
 /static/ext/resources/images/default/grid/grid3-hrow.gif HTTP/1.1" 200 836
 "http://YYY.YYY.YYY.YYY/static/ext/resources/css/ext-all.css" "Mozilla/5.0
 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:15:53 +0900] "GET
 /static/ext/resources/images/default/s.gif HTTP/1.1" 200 43
 "http://YYY.YYY.YYY.YYY/static/root.html" "Mozilla/5.0 (Windows NT 6.1;
 rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:16:08 +0900] "GET
 /static/ext/resources/images/default/grid/row-over.gif HTTP/1.1" 200 823
 "http://YYY.YYY.YYY.YYY/static/ext/resources/css/ext-all.css" "Mozilla/5.0
 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:16:08 +0900] "GET
 /static/ext/resources/images/default/grid/grid3-hrow-over.gif HTTP/1.1"
 200 823 "http://YYY.YYY.YYY.YYY/static/ext/resources/css/ext-all.css"
 "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"
 ZZZ.ZZZ.ZZZ.ZZZ YYY.YYY.YYY.YYY - [Date:19:17:20 +0900] "GET /favicon.ico
 HTTP/1.1" 200 97 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2;
 WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR
 2.0.50727; .NET CLR 3.0.30729)"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:17:51 +0900] "POST /dynamic.pl
 HTTP/1.1" 200 289 "http://YYY.YYY.YYY.YYY/static/root.html" "Mozilla/5.0
 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:17:53 +0900] "GET
 /dynamic.pl?_dc=1431339247835&bufaction=getRootSettings2 HTTP/1.1" 200 551
 "http://YYY.YYY.YYY.YYY/static/root.html" "Mozilla/5.0 (Windows NT 6.1;
 rv:31.0) Gecko/20100101 Firefox/31.0"
 XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY - [Date:19:17:54 +0900] "GET
 /dynamic.pl?_dc=1431339247838&bufaction=validateSession HTTP/1.1" 200 77
 "http://YYY.YYY.YYY.YYY/static/root.html" "Mozilla/5.0 (Windows NT 6.1;
 rv:31.0) Gecko/20100101 Firefox/31.0"

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16347>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list