[tor-talk] One way to protect onions against cloning attack
Nurmi, Juha
juha.nurmi at ahmia.fi
Tue Mar 8 12:50:32 UTC 2016
Hi,
As you may have heard someone runs fake sites on a similar address to the
original ones and tries to fool people with that. Fake sites are transparent
proxies with MITM.
I added this detection to ahmia.fi's onion site:
REAL: http://msydqstlz2kzerdg.onion/
FAKE: http://msydqjihosw2fsu3.onion/
This is a CSS trick and works without JavaScript. CSS checks the address
using regexp and if it is not correct it will activate warning text.
@-moz-document
regexp('(?!https?://ahmia\\.fi|https?://localhost|https?://127\\.0\\.0\\.1|
http://msydqst.*2kzerdg\\.onion).*') {
/* Alternative CSS content rules for fake site. */
}
It's not perfect solution but again we can make the attacker's life hard.
Peace,
Juha
More information about the tor-talk
mailing list