[tor-talk] tor-talk Digest, Vol 54, Issue 8
QaTaR Attack
mraboqht at gmail.com
Sun Jul 5 00:24:14 UTC 2015
Send tor-talk mailing list submissions to
tor-talk at lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
or, via email, send a message with subject or body 'help' to
tor-talk-request at lists.torproject.org
You can reach the person managing the list at
tor-talk-owner at lists.torproject.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-talk digest..."
Today's Topics:
1. Re: pdf with tor (Mirimir)
2. Re: pdf with tor (Lars Luthman)
3. Fwd: Re: Fwd: CALL FOR TESTING: new port scanning subsystem
(allows scanning behind proxies, including Tor!) (Jacek Wielemborek)
4. Re: pdf with tor (Mirimir)
5. Re: Fwd: Re: Fwd: CALL FOR TESTING: new port scanning
subsystem (allows scanning behind proxies, including Tor!) (spriver)
------------------------------
----------------------------------------
Message: 1
Date: Fri, 03 Jul 2015 14:30:29 -0600
From: Mirimir <mirimir at riseup.net>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] pdf with tor
Message-ID: <5596F0E5.8050101 at riseup.net>
Content-Type: text/plain; charset=windows-1252
On 07/03/2015 02:16 PM, mtsio wrote:
> Hello everyone,
>
> Is it safe to open pdf documents inside Tor Browser?
As other have said, it is NOT safe to do that, because PDFs can bypass
Tor. However, it IS safe to open PDFs in Whonix, because all
Internet-bound traffic either uses Tor, or is black-holed.
------------------------------
Message: 2
Date: Fri, 03 Jul 2015 22:36:24 +0200
From: Lars Luthman <mail at larsluthman.net>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] pdf with tor
Message-ID: <1435955784.11081.31.camel at larsluthman.net>
Content-Type: text/plain; charset="utf-8"
On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote:
> On 07/03/2015 02:16 PM, mtsio wrote:
> > Hello everyone,
> >
> > Is it safe to open pdf documents inside Tor Browser?
>
> As other have said, it is NOT safe to do that, because PDFs can bypass
> Tor. However, it IS safe to open PDFs in Whonix, because all
> Internet-bound traffic either uses Tor, or is black-holed.
Can PDF.js bypass Tor? How? I thought it used the same networking code
and proxy settings as the rest of Firefox.
--ll
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <
http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/86d0a5b5/attachment-0001.sig
>
------------------------------
Message: 3
Date: Fri, 03 Jul 2015 23:27:59 +0200
From: Jacek Wielemborek <d33tah at gmail.com>
To: tor-talk at lists.torproject.org, grarpamp at gmail.com
Subject: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port scanning
subsystem (allows scanning behind proxies, including Tor!)
Message-ID: <5596FE5F.60401 at gmail.com>
Content-Type: text/plain; charset="windows-1252"
(reposting again because I still wasn't subscribed to tor-talk)
W dniu 03.07.2015 o 22:01, grarpamp pisze:
>> One of the features that my modifications enable is performing port
>> scanning behind proxies. I only scanned it using SOCKS4 server built
>> into Tor
>>
>> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
>>
>> Please do note that even though port scanning within Tor is possible,
>> you cannot scan .onion names due to lack of SOCKS4A support.
>
> SOCKS4 and SOCKS4A are old and deprecated and should not
> be implemented (unless you're also implementing the current SOCKS5
> and adding in 4/4A as a bonus).
>
> Tor supports SOCKS5 (and the deprecated 4/4A but it will complain).
> So scanning onions and anything else by name should be possible.
>
> SOCKS5 also supports IPv6 which is becoming the way of things.
> Therefore, implement SOCKS5 :)
I think that SOCKS5 support within Nsock library (on which my
modification depends) is planned. SOCKS5 also supports UDP, so it could
bring even more benefits. For now, SOCKS4 has to do though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <
http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/25871d04/attachment-0001.sig
>
------------------------------
Message: 4
Date: Fri, 03 Jul 2015 17:45:17 -0600
From: Mirimir <mirimir at riseup.net>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] pdf with tor
Message-ID: <55971E8D.7090507 at riseup.net>
Content-Type: text/plain; charset=windows-1252
On 07/03/2015 02:36 PM, Lars Luthman wrote:
> On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote:
>> On 07/03/2015 02:16 PM, mtsio wrote:
>>> Hello everyone,
>>>
>>> Is it safe to open pdf documents inside Tor Browser?
>>
>> As other have said, it is NOT safe to do that, because PDFs can bypass
>> Tor. However, it IS safe to open PDFs in Whonix, because all
>> Internet-bound traffic either uses Tor, or is black-holed.
>
> Can PDF.js bypass Tor? How? I thought it used the same networking code
> and proxy settings as the rest of Firefox.
Maybe so. But without firewall rules, there's risk. There's also risk of
downloading the PDF, and opening it with another app.
------------------------------
Message: 5
Date: Sat, 04 Jul 2015 09:12:30 +0200
From: spriver <spriver at autistici.org>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port
scanning subsystem (allows scanning behind proxies, including Tor!)
Message-ID: <5597875E.1090704 at autistici.org>
Content-Type: text/plain; charset=windows-1252
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
thanks for the info! I will try it out these days.
Cheers,
spriver
On 07/03/2015 23:27, Jacek Wielemborek wrote:
> (reposting again because I still wasn't subscribed to tor-talk)
>
> W dniu 03.07.2015 o 22:01, grarpamp pisze:
>>> One of the features that my modifications enable is performing
>>> port scanning behind proxies. I only scanned it using SOCKS4
>>> server built into Tor
>>>
>>> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
>>>
>>> Please do note that even though port scanning within Tor is
>>> possible, you cannot scan .onion names due to lack of SOCKS4A
>>> support.
>>
>> SOCKS4 and SOCKS4A are old and deprecated and should not be
>> implemented (unless you're also implementing the current SOCKS5
>> and adding in 4/4A as a bonus).
>>
>> Tor supports SOCKS5 (and the deprecated 4/4A but it will
>> complain). So scanning onions and anything else by name should be
>> possible.
>>
>> SOCKS5 also supports IPv6 which is becoming the way of things.
>> Therefore, implement SOCKS5 :)
>
> I think that SOCKS5 support within Nsock library (on which my
> modification depends) is planned. SOCKS5 also supports UDP, so it
> could bring even more benefits. For now, SOCKS4 has to do though.
>
>
>
>
>
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJVl4deAAoJEMkUf8VoejgP77MP/1PaxsQiyb1dEp+rW0ioBN5R
pu1x19j6wDSHgBToS/WRIGULhiFXmDomAqfqIou6B6FGrCNVNH3gtFL6mcEBPCBU
p6BOONMKczbT6ogV6yUirQpQubJTBKgCr/S2ZZMK7IQ1tfKUUoDED2DkLfd7F2vK
LJt9Xg5kCWnPdggLQlpFYaEzHmzQHvE+T8N/rcl9HJM4QdwK31CVKST0Ic4kTUW0
pmd53ozLsSmcDqaQp9nRKDnW0chjAVq4vlmGJLEqAMzw9siklXgBx1dSZuRG/c1P
ue/ICHfnY7m3StzyUUT6u83zv1OjTj9m5KMl7Fkwo3TFIs7BNKTHPI3TwCm3AUCQ
q9Xn6ENgUONC+BRToKPgTfa+RnW1kwIObQ5hvx5XVmLuj+o4xbxMLUnNMXiyeVsd
6FvJd8MLydBqfiGhc3qQBEQh0d1duz3WzQykbdgSywhERjx4NCOEhDUCQ9sbMMQc
LBSN+WL2eKQ2YsYvYgEenFP2bUPI6ikyDiyd2ED/ne/f8ub8owFGrTbwpCITucp5
LGHj0lmoSm0pjE64WbLbaDlGA/94g7zv4ThdOgTt0WefYnDCqONBjY9M9MrdADRp
yrhJj5jYuDp8GG7bEUBjEVxr+O3sKKkR+FYg3n3yZemCU8gZ5O49txNoZwtmfSx2
q/LwxfFX9Qv8LvqNydh4
=e7gh
-----END PGP SIGNATURE-----
------------------------------
Subject: Digest Footer
2015-07-04 15:00 GMT+03:00 <tor-talk-request at lists.torproject.org>:
> Send tor-talk mailing list submissions to
> tor-talk at lists.torproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> or, via email, send a message with subject or body 'help' to
> tor-talk-request at lists.torproject.org
>
> You can reach the person managing the list at
> tor-talk-owner at lists.torproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-talk digest..."
>
>
> Today's Topics:
>
> 1. Re: pdf with tor (Mirimir)
> 2. Re: pdf with tor (Lars Luthman)
> 3. Fwd: Re: Fwd: CALL FOR TESTING: new port scanning subsystem
> (allows scanning behind proxies, including Tor!) (Jacek Wielemborek)
> 4. Re: pdf with tor (Mirimir)
> 5. Re: Fwd: Re: Fwd: CALL FOR TESTING: new port scanning
> subsystem (allows scanning behind proxies, including Tor!) (spriver)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 03 Jul 2015 14:30:29 -0600
> From: Mirimir <mirimir at riseup.net>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] pdf with tor
> Message-ID: <5596F0E5.8050101 at riseup.net>
> Content-Type: text/plain; charset=windows-1252
>
> On 07/03/2015 02:16 PM, mtsio wrote:
> > Hello everyone,
> >
> > Is it safe to open pdf documents inside Tor Browser?
>
> As other have said, it is NOT safe to do that, because PDFs can bypass
> Tor. However, it IS safe to open PDFs in Whonix, because all
> Internet-bound traffic either uses Tor, or is black-holed.
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 03 Jul 2015 22:36:24 +0200
> From: Lars Luthman <mail at larsluthman.net>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] pdf with tor
> Message-ID: <1435955784.11081.31.camel at larsluthman.net>
> Content-Type: text/plain; charset="utf-8"
>
> On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote:
> > On 07/03/2015 02:16 PM, mtsio wrote:
> > > Hello everyone,
> > >
> > > Is it safe to open pdf documents inside Tor Browser?
> >
> > As other have said, it is NOT safe to do that, because PDFs can bypass
> > Tor. However, it IS safe to open PDFs in Whonix, because all
> > Internet-bound traffic either uses Tor, or is black-holed.
>
> Can PDF.js bypass Tor? How? I thought it used the same networking code
> and proxy settings as the rest of Firefox.
>
>
> --ll
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 801 bytes
> Desc: This is a digitally signed message part
> URL: <
> http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/86d0a5b5/attachment-0001.sig
> >
>
> ------------------------------
>
> Message: 3
> Date: Fri, 03 Jul 2015 23:27:59 +0200
> From: Jacek Wielemborek <d33tah at gmail.com>
> To: tor-talk at lists.torproject.org, grarpamp at gmail.com
> Subject: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port scanning
> subsystem (allows scanning behind proxies, including Tor!)
> Message-ID: <5596FE5F.60401 at gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> (reposting again because I still wasn't subscribed to tor-talk)
>
> W dniu 03.07.2015 o 22:01, grarpamp pisze:
> >> One of the features that my modifications enable is performing port
> >> scanning behind proxies. I only scanned it using SOCKS4 server built
> >> into Tor
> >>
> >> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
> >>
> >> Please do note that even though port scanning within Tor is possible,
> >> you cannot scan .onion names due to lack of SOCKS4A support.
> >
> > SOCKS4 and SOCKS4A are old and deprecated and should not
> > be implemented (unless you're also implementing the current SOCKS5
> > and adding in 4/4A as a bonus).
> >
> > Tor supports SOCKS5 (and the deprecated 4/4A but it will complain).
> > So scanning onions and anything else by name should be possible.
> >
> > SOCKS5 also supports IPv6 which is becoming the way of things.
> > Therefore, implement SOCKS5 :)
>
> I think that SOCKS5 support within Nsock library (on which my
> modification depends) is planned. SOCKS5 also supports UDP, so it could
> bring even more benefits. For now, SOCKS4 has to do though.
>
>
>
>
>
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 819 bytes
> Desc: OpenPGP digital signature
> URL: <
> http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/25871d04/attachment-0001.sig
> >
>
> ------------------------------
>
> Message: 4
> Date: Fri, 03 Jul 2015 17:45:17 -0600
> From: Mirimir <mirimir at riseup.net>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] pdf with tor
> Message-ID: <55971E8D.7090507 at riseup.net>
> Content-Type: text/plain; charset=windows-1252
>
> On 07/03/2015 02:36 PM, Lars Luthman wrote:
> > On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote:
> >> On 07/03/2015 02:16 PM, mtsio wrote:
> >>> Hello everyone,
> >>>
> >>> Is it safe to open pdf documents inside Tor Browser?
> >>
> >> As other have said, it is NOT safe to do that, because PDFs can bypass
> >> Tor. However, it IS safe to open PDFs in Whonix, because all
> >> Internet-bound traffic either uses Tor, or is black-holed.
> >
> > Can PDF.js bypass Tor? How? I thought it used the same networking code
> > and proxy settings as the rest of Firefox.
>
> Maybe so. But without firewall rules, there's risk. There's also risk of
> downloading the PDF, and opening it with another app.
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 04 Jul 2015 09:12:30 +0200
> From: spriver <spriver at autistici.org>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port
> scanning subsystem (allows scanning behind proxies, including Tor!)
> Message-ID: <5597875E.1090704 at autistici.org>
> Content-Type: text/plain; charset=windows-1252
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> thanks for the info! I will try it out these days.
>
> Cheers,
> spriver
>
> On 07/03/2015 23:27, Jacek Wielemborek wrote:
> > (reposting again because I still wasn't subscribed to tor-talk)
> >
> > W dniu 03.07.2015 o 22:01, grarpamp pisze:
> >>> One of the features that my modifications enable is performing
> >>> port scanning behind proxies. I only scanned it using SOCKS4
> >>> server built into Tor
> >>>
> >>> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
> >>>
> >>> Please do note that even though port scanning within Tor is
> >>> possible, you cannot scan .onion names due to lack of SOCKS4A
> >>> support.
> >>
> >> SOCKS4 and SOCKS4A are old and deprecated and should not be
> >> implemented (unless you're also implementing the current SOCKS5
> >> and adding in 4/4A as a bonus).
> >>
> >> Tor supports SOCKS5 (and the deprecated 4/4A but it will
> >> complain). So scanning onions and anything else by name should be
> >> possible.
> >>
> >> SOCKS5 also supports IPv6 which is becoming the way of things.
> >> Therefore, implement SOCKS5 :)
> >
> > I think that SOCKS5 support within Nsock library (on which my
> > modification depends) is planned. SOCKS5 also supports UDP, so it
> > could bring even more benefits. For now, SOCKS4 has to do though.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQIcBAEBAgAGBQJVl4deAAoJEMkUf8VoejgP77MP/1PaxsQiyb1dEp+rW0ioBN5R
> pu1x19j6wDSHgBToS/WRIGULhiFXmDomAqfqIou6B6FGrCNVNH3gtFL6mcEBPCBU
> p6BOONMKczbT6ogV6yUirQpQubJTBKgCr/S2ZZMK7IQ1tfKUUoDED2DkLfd7F2vK
> LJt9Xg5kCWnPdggLQlpFYaEzHmzQHvE+T8N/rcl9HJM4QdwK31CVKST0Ic4kTUW0
> pmd53ozLsSmcDqaQp9nRKDnW0chjAVq4vlmGJLEqAMzw9siklXgBx1dSZuRG/c1P
> ue/ICHfnY7m3StzyUUT6u83zv1OjTj9m5KMl7Fkwo3TFIs7BNKTHPI3TwCm3AUCQ
> q9Xn6ENgUONC+BRToKPgTfa+RnW1kwIObQ5hvx5XVmLuj+o4xbxMLUnNMXiyeVsd
> 6FvJd8MLydBqfiGhc3qQBEQh0d1duz3WzQykbdgSywhERjx4NCOEhDUCQ9sbMMQc
> LBSN+WL2eKQ2YsYvYgEenFP2bUPI6ikyDiyd2ED/ne/f8ub8owFGrTbwpCITucp5
> LGHj0lmoSm0pjE64WbLbaDlGA/94g7zv4ThdOgTt0WefYnDCqONBjY9M9MrdADRp
> yrhJj5jYuDp8GG7bEUBjEVxr+O3sKKkR+FYg3n3yZemCU8gZ5O49txNoZwtmfSx2
> q/LwxfFX9Qv8LvqNydh4
> =e7gh
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
> ------------------------------
>
> End of tor-talk Digest, Vol 54, Issue 8
> ***************************************
>
More information about the tor-talk
mailing list