Banners injected in web pages at exit nodes TRHCourtney*

Freemor freemor at
Tue Jun 2 11:52:10 UTC 2009

On Tue, 02 Jun 2009 14:52:18 +0400
"Alexander Cherepanov" <cherepan at> wrote:

> Hello!
> Just stumbled upon a banner injected in html at tor exit node.
> Nodes in question:
Thanks for the heads up.. I wasn't getting the injected banners on the
link you provided but when I tried:

I got an invalid certificate error.. Definitely man-in-the-middle stuff
going on here.. Certificate I received for the above belonged to:

Issued to
Common Name (CN) 		*
Organization (O)		Manuel Kraus
Organizational Unit (OU)	StartCom Verified Certificate Member
Serial Number			00:de

Issued By
Common Name (CN)		StartCom Class 2 Primary Intermediate
Server CA
Organization (O)		StartCom Ltd.
Organizational Unit (OU)	Secure Digital Certificate Signing

Issued On 			08-06-25
Expires On			09-06-25

SHA1 Fingerprint
MD5 Fingerprint

Needless to say this is not the correct certificate.
This is a very unfriendly exit node.

freemor at
freemor at

This e-mail has been digitally signed with GnuPG - ( )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list