[tor-talk] Question regarding some strange behavior on some exitnodes
akademiker1 at googlemail.com
Sun Jun 28 15:44:51 UTC 2015
You should also check out cloud hosters: upload pdf, doc or txt with
unique hidden service urls and log pageviews with php. Create a dump.php
which dumps "getallheaders()" to a file and then create URL redirections
at your webserver so all url requests get internally executed with
dump.php without the visitor knowing. That way you get cookies, referers
and useragents. Referers are especially interesting, sometimes you get
intranet URLs of antivirus vendors wikis and bugtrackers.
> This is just part of my research and I was informed to bounce my results
> over to you so you can look deeper in why the exits are doing what they do.
> All URLs are unique, so the chance for a crawler/spider/robot to find
> that URL is extremely unlikely.
> /db/backups/997391913-2015 is a unique URL. The numbers "997391913" are
> generated, saved to a list and checked if there's any duplicates, if so,
> remove them. Then, all these URLs are visited through all (public)
> exitnodes. A web server is used and saves all(HTTP) the requests to a
> file(log). Later I check that log if an URL has been visited more than
> one time, if so I know that something fishy[sic] is going on with that
> nusenu skrev den 6/27/2015 19:19:
>> I read your email in the context of your recent blog post  on bad
>> exits (without it, the email does not make much sense to me).
>> Since I'm just assuming and other readers probably don't have that
>> context you might want to specify it.
>> If my assumption is wrong you might want to clarify why you think the
>> exits itself (their operators) are involved in generating HTTP
>> requests (as opposed to some random person/program) using tor.
>>  https://chloe.re/2015/06/20/a-month-with-badonions/
More information about the tor-talk