[tor-talk] One way to protect onions against cloning attack
Nurmi, Juha
juha.nurmi at ahmia.fi
Wed Mar 9 08:20:50 UTC 2016
And the attacker immediately started to override CSS rules. I made a
counter attack again. See
REAL: http://msydqstlz2kzerdg.onion/
FAKE: http://msydqjihosw2fsu3.onion/
Let's see what is the next move from the attacker. He is probably reading
this mailing list.
-Juha
On Tue, Mar 8, 2016 at 2:50 PM, Nurmi, Juha <juha.nurmi at ahmia.fi> wrote:
> Hi,
>
> As you may have heard someone runs fake sites on a similar address to the
> original ones and tries to fool people with that. Fake sites are transparent
> proxies with MITM.
>
> I added this detection to ahmia.fi's onion site:
>
> REAL: http://msydqstlz2kzerdg.onion/
> FAKE: http://msydqjihosw2fsu3.onion/
>
> This is a CSS trick and works without JavaScript. CSS checks the address
> using regexp and if it is not correct it will activate warning text.
>
> @-moz-document
> regexp('(?!https?://ahmia\\.fi|https?://localhost|https?://127\\.0\\.0\\.1|
> http://msydqst.*2kzerdg\\.onion).*') {
>
> /* Alternative CSS content rules for fake site. */
>
> }
>
> It's not perfect solution but again we can make the attacker's life hard.
>
> Peace,
> Juha
>
More information about the tor-talk
mailing list