[tor-talk] TLS/SSL SMTP MitM

Joe Btfsplk joebtfsplk at gmx.com
Mon Mar 10 19:59:15 UTC 2014


On 3/10/2014 1:43 PM, Gordon Morehouse wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi there,
>
> I have been doing some testing of sending email over Tor and today ran
> into a definite BadExit (but not flagged, clearly) because there was a
> blatant MitM attempt on three separate occasions when I initiated a
> TLS/SSL SMTP connection to my mail provider.  Thunderbird popped up
> the usual warnings, etc.  The trouble is, I don't know how to quickly
> find out what exit was being used so I can tattle on it; in this case,
> I'm using an old laptop with limited resources, so I just run tor at
> boot and don't have the fancy Vidalia map thingy or any of that, and
> I'm unfamiliar with the CLI invocations which could help me figure out
> who's playing dirty tricks with their exit node.
>
I can't help much w/ determining if it was a "bad exit," but I can offer 
one way to see the exits in use.

That's one complaint about TBB 3.5 series - took away the ability to see 
a map of relays.
Though I personally had what seemed like "bugginess" w/ Vidalia, you can 
still get the stand alone version to use w/ TBB 3.5.
Vidalia-standalone-bundles_Index of /~erinn/ 
<https://people.torproject.org/%7Eerinn/vidalia-standalone-bundles/>

Best I can tell from sparse instructions, you just extract Vidalia files 
to a separate folder - created as sub-folder of TorBrowser folder.
You must Start Vidalia AFTER TBB (Tor) is already connected.  I didn't 
need to modify anything, anywhere to make Vidalia detect Tor & display 
the network map.

But, it also tends to crash (mess up), after a few TBB restarts (exiting 
Vidalia each time, before exiting TBB).
So it may not work flawlessly, long term.

Another option is copy the IPA shown on the Tor connection screen in 
TBB, then enter it into any IPA checking site - get the location, 
perhaps server name?
Also check if that IPA is on blacklists What Is My IP Address Blacklist 
Check <http://whatismyipaddress.com/blacklist-check>


More information about the tor-talk mailing list