How are hackers breaking Tor and trojan users?
coderman at gmail.com
Thu Jun 12 02:22:49 UTC 2008
On Wed, Jun 11, 2008 at 5:35 PM, scar <scar at drigon.com> wrote:
>> If someone were to develop a browser-based exploit that managed to get
>> the 'authenticate', with no preceding bytes, to the controlport...
> like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html
that is a standard HTTP post and thus sends HTTP request headers
before the textarea form payload.
what Robert indicated is that he thinks it is highly unlikely that you
could use a browser to connect and send AUTHENTICATE before anything
else, like the request headers.
the challenge / response handshake he suggested is an interesting
option for authenticating to the control port; it would indeed
eliminate any blind injection attacks, while still making it trivial
to use the control port legitimately.
More information about the tor-talk