[tor-talk] Hidden server path

Lasse Øverlier tor at zone.no
Thu Jan 10 15:17:42 UTC 2013


Hi,

Your "weak" points are the client and (hidden) server - or most likely poor
server configuration. The rendezvous point only shuffles encrypted data and
will not see anything in plain text.

BUT. If your .onion server links to an outside page, includes an image,
script-file, whatever, externally - the HTTP Referer will give away the URL
to the other server if not properly sanitized by the client...

There is always room for misconfiguration ;-)

 - Lasse



On Mon, Jan 7, 2013 at 4:10 AM, Outlaw <outlaw at omail.pro> wrote:

> Hi! I wonder, is there a way for some malicious node (or someone except
> client and hidden server) to spy upon path part or GET request of .onion
> service? I mean "path/to/somewhere.html" part in
> http://somelonghashstring.onion/path/to/somewhere.html url, not
> physical location.
>
> Thanks!
>
> --
> Outlaw
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list