[tor-talk] Torifying Java and Flash

adrelanos adrelanos at riseup.net
Tue Aug 28 14:13:37 UTC 2012


Random Tor User:
> On 27. august 2012 at 1:21 PM, adrelanos  wrote:Random Tor User: 
> [...]
>> The guest VM is locked down and may only access the internet
>> through the host system's Tor socks proxy on port 9050.
> 
> The lockdown part is too shortly described. How? Iptables?
> 
> No, until now I have just set up an alternative Windows as a
> VMware guest.
> 
> The VMware network is configured as hostonly which means that the 
> guest can only connect to the host's IP address.
> 
>> Is there any weakness in this setup?
> 
> Yes. Just a few things coming to my mind...
> 
> You should not use Firefox. Use Tor Browser. [1]
> 
> Fixed. I have the Tor browser in the guest system pointing to the 
> socks proxy running on the host system.
> 
> How to you use Tor Browser without running Tor over Tor?
> 
> What you basically need, is to use a similar concept like aos. [2]
> 
> Even if you can prevent IP and DNS leaks, Java and Flash can leak
> more information than that, such as your time zone and system time.
> [3]
> 
> Nothing requires that the timezone and localization iof the guest 
> corresponds to that of the host system. Am I correct that the Tor
> browser wont care about which timezone time, date or localization
> is present in the running system so long as it can establish a
> socks connection. A socks connection is so far I know agnostic to
> this information. The only think which could happen in the worst
> case would be the guest system's information leaking through the
> Tor browser.

Tor Browser does indeed not care, but flash does. Tor Browser does not
modify flash in any way. You are right, worst thing that may happen is
that flash can obtain timezone and system time, so be sure to obscure it.

> Windows Update and other Microsoft services should not be able to 
> "break out" of the guest system because the only network to which
> the guest has access is the host system.

How do you get all the operating system updates?

> Who checked if Java or Flash do not use your MAC address to
> correlate with your previous activities? Flash is a black box and
> Adobe is not known for putting much value into users privacy. The
> VM can see MAC address of your host. It's possible to prevent this.
> [4] My host system is not directly connected to the internet. The
> host system (computer) connects to a router. My ISP only "sees" the
> MAC address of my router.

It's not about the ISP. There are applications, which do read the MAC
address of your computer. Some copyright protection tools and anti
cheat tools do so.

> QAnd even so, I often swap/randomize the host system's MAC and 
> computer name when I use the computer to connect away from home.

Ok. Recommend reading aos standpoint about (random) macs in public
networks. [5] Just read and consider if it applies to your threat model.

> Apart from MAC address there are other caveat. Even the name of
> the user account could be used for correlation. What if I write a
> VBS script to randomize tall this information? Everytime the guest
> starts up, all sensitive information is randomized. And the host is
> a bear metal machine only used for hosting my Tor socks proxy.

Sounds good.

> Also forcing the whole system through a single Tor port opens up
> for Identity correlation through circuit sharing. [5] Your
> operating system update mechanism inside the VM might go through
> the same Tor circuit including all the stuff flash already
> reveals. Even in Windows, it's possible to disable all update
> services. If the guest  only participates in a hostonly network, it
> can't access external internet resources except through the socks
> proxy.

So far so good. How do you install the updates then?

> Of course the host system is different, but what I am interested in
> is hiding what I am doing inside the guest. I don't care about
> people knowing I runs Tor as socks proxy.

Ok.

> I don't intend to host hidden services, so the time window for
> attacks should be very shortlived.

Ok.

> My only goal is being able to torify Flash and Java for browsing.

Ok.

> So mwhat I don't know is whether the JonDoNym guide to proxifying 
> Flash and Java is secure enought for browsing.

Like I wrote in TorifyHOWTO [1], a wrapper (torsocks etc.) is just a
redirector, not a jail. You can't simply use a warpper to torify Java
/ Flash. They are too complex.

Inside a VM, well, the operating system does not know the real
external IP address. What one does not know, can one not tell anyone.

Interesting idea. Good luck with it. We created leak tests [2] for
aos, it can be useful for other projects as well. Some tools need
alternative windows applications or just skip those tests.

Since you are not using a transparent proxy, but host-only + wrapper,
most things transparent proxy leaks [3] probable do not apply. Reading
that page anyway can't hurt.

I'd also ask coderman [4] for feedback on that setup.

One more concern: you an only be anonymous within a big group of
people. The amount of users who use Windows + Flash or Windows + Java
anonymously must be pretty low, since there are few discussions about
it and the setup is quite complicated. Also due to the browser
fingerprinting stuff it's safe to assume you are only pseudonymous,
rather than anonymous.

[1]
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#OverviewaboutdifferentmethodsforTorification
[2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/LeakTests
]3]
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks
[4] https://svn.torproject.org/svn/torvm/trunk/doc/design.html
[5]
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#aosinpublicnetworksMACAddress


More information about the tor-talk mailing list