How to prevent MITM attack on TOR

I’ve read a few articles online about how TOR can be targeted for a man-in-the-middle attack (MITM). Now here are my questions:

  • Did MITM happened to the TOR network in the past? Where and when?
  • If I use TOR, how to prevent MITM? How to secure my connection?
    Thanks.

Even if there was an attack we won’t be able to know most of them

Use .onion or https on every connection but since most of the websites already uses https you don’t have to worry about getting mitm when using tor

1 Like

hmmm if you believe you might be or could be targeted ; don’t forget encryption :slight_smile:

encrypted messengers and stuffs. i dont really know of a way to prevent it at all ; someone else might. but ya i like encryption YAay.

um theres that thing with the exit nodes reading your data. ya so - encryption for that too ^_^. if someone might setup an exit node just to spy on you - yes, ecryption lulululuz. oh and using p2p stuff at least takes a centralized server out of the equation, but its good to make sure they dont rely only on SSL/TLS/https.

As far as I know, my connection is no longer encrypted once it reaches the exit node. How can I encrypt that? Or do you mean that I should only visited sites with https and avoid http?

oh ya always https only. it provides a bit of encryption - but its not something to rely on.

so if you use apps, then like the apps themselves then should their own additional built in encryption.

examples are:
email with GPG/PGP
messaging clients with encryption built in like…Tox, etc…

if you just mean like…for web browsing then yeah I guess with only https (there are browser plugins for that) and I guess using onion sites like this:
privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion

If I was like…living in a dystopian world and I wanted to send an email through my browser then I would encrypt my email with GPG (4096-bit strength) and use it through Tor :slight_smile: oh wait…i do that sometimes actually xD tada dystopia is already here lulz… anyway…

Some people use VPN->Tor or Tor->VPN, i don’t remember actually doing that recently hehe. you would have to trust the VPN provider :frowning: Actually there might be a way to VPN/SSH to your own localhost and tunnel it through Tor ? I might try that :smiley: but if you wanna b4 me i think u just need ssh running as a service ; openssh or whatev.

I’m not entirely sure, I think its possible certain governments can get past SSH encryption (the stuff VPNs use). I would def prefer using something like RSA,GPG,NaCl, whatev Signal uses, with or without anything else layered with it (Tor, https, SSH)

1 Like

If you are visiting .onion sites, everything is encrypted end-to-end and does not use exit nodes. There is no need for additional encryption on .onion sites (for security purposes anyways).

If you are connecting via Tor to services on the clearnet, your traffic does pass through an exit node and it is best to assume those nodes are malicious. Because of that, it is best to limit yourself to sites and services that are encrypted (https) so that even if the malicious exit node is watching your traffic, they can’t see or tamper with it.

1 Like

If I use TOR, how to prevent MITM? How to secure my connection?

For every connection point there will always be an opportunity for a malicious entity/actor to slip in the middle and pretend to be the the next connection point.

Unfortunately, you only have control on your side of the internet, that is from the edge of your network from your PC to a router via whatever modem you use (Fiber, ADSL, dialup, 3G, LTE, etc). After that, you are on the mercy of the internet. Fortunately TOR was designed to make it extremely hard for people to do a MITM on the onion route itself. If you are not on a specific surveillance agency’s watch list, you should be fine.

However, the only points you can reasonably control will be only on your end. It might be a good idea to only use up to date open source software. Meaning you should probably flash your WiFi access points with something like an OpenWRT, use pfSense/OPNsense for your routers. Modems are particularly tricky because of the proprietary blobs it uses so maybe consider the modem on your network outside of your control as well.

TLDR: Use open source software and dont use EOLed products that doesnt receive security updates.

1 Like

The reason I asked this question is because I read on another forum stated that there was a MITM attack on the TOR network in the past. Unfortunately, whoever posted that statement doesn’t tell when, where, or at least include a link to support his statement. And I cannot find the truth on search engines. Is this information even true?

Could you give us the link to that forum?

I have heard of timing attacks on Tor and end node compromises, but never MITM within the routing system itself because that is the exact thing that Tor is strong against.

1 Like

I’ll give you link to the exact post.

This was possible because in the past most of the websites were http but now most of the websites uses https so you don’t have to worry about getting mitm even if you do the attacker won’t get much information

1 Like

If I was staying in Dracula’s castle, and he offered free WiFi.

He might have a good computer geek to use the server to do --Exactly what?

I once had a pay for VPN, and the tech assured me that it was not possible for anyone to interrupt, or perform a “Man in the MIddle” attack.

On one forum a fellow said he was speaking with the guy who ran ISP Servers about the technique of saving IP Addresses, and putting that into the browser rather than using a name, and a DNS. ISP guy said. Whatever you enter for an IP address, I can program my servers to catch it, and send you where ever I choose. Implying of course, a site that looks exactly like the one I want to go to. Of course, you are going to say the Browser, or Tor Browser certificates would flag the webpage as bogus. Which a fellow here just pointed out when he said only depend on https sites, never http sites. Or was that an alternative attack?

IP addresses can change for legitimate reasons, and there are subnets. or is that the wrong term?

I have never really looked closely at the Certificate System. I had the impression if I took in one bad certificate, that it might be used to allow other bad certificates. In some cases, just one bad website.

I had thought one of the things Tor had started doing was to limit the First Hop onto Tor to a limited number of Nodes. Which Tor feels gives several advantages.

If one is concerned that one is being behind a government run Firewall, Obviously the government might not recognize that a particular person is using Tor, but not intervene as a Man in the MIddle, unless they could do some other trick. Tor 'Bridges’to allow people a first hop onto Tor, that hopefully the government would not know the user was getting onto Tor. Bridge being a unique IP which Draculas Firewall would not recognize.

I would guess that the one trick a government computer spy agency might try. Is to trick us into the version of Tor the agency has changed the Certificates on, then redirect us onto some look alike site they have created and run. Of course the government agency would have to intercept requests for updates to Browser and Tor, and provide their own versions.

I would think most of you have thought through all these things as well.

Back to Dracula’s Castle. If I was going to use a VPN, if I had already downloaded it, installed it, registered myself to it. That might be very difficult for the Igor, (borrowed from Frankenstein) to interrupt. Intercept, or play “Man in the MIddle” against one user.

When and where did one download Tor, and while I would verify it from the website. Well. Obviously that is not perfect. I am sure someone jumps in at this point and points out using PGP to verify my download. Good idea. PGP key verification can come from the PGP Key Servers. I recall reading someone has tricked some of those Key Servers once or twice. The one instance I believed was a fellow who was prominent in demonstrations in his country. Government agency realized he did not have a PGP Key, and created one for him. And directed others to send emails, if they had any, to a new email address, as the government had compromised the one some thought he had. Mostly he used on phone encryption (must be someone who used this site).

Anyone who sent email to his website, was advised to send an email to his site, with their own PGP key, and encourage others. If anything happened to his phone, he could still send messages.
Agency got a long list of demonstrators to round up in the middle of the night.

That is not really an encryption hack though. It is an example of the most likely way we could get hacked. Not through the well thought out protections provided by Tor, but something else we might allow. Like Java Script issues.

And if you are staying in Draculas Castle. In the middle of the night, no one will hear you scream. Or intervene.

When using a VPN the VPN itself may mitm you

Isnt that the business model of VPNs? To be between you and the sites you want to visit you pay them with the promise of keeping your identity a secret?

This is why there is a need to audit VPNs and why bad VPN providers are pretty much the worst kind of malicious actor out there because they see it all. I think this is also why the VPN business is such a cutthroat industry.

Based on my quick search on Google, there’s a difference between deep web and dark web. Are .onion sites both deep web and dark web?

Not all .onion sites are dark web even privacytools have an .onion address

1 Like

But, all the dark web sites ended with .onion. Am I correct? So, are these websites safe?
http://forum.privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion > This is deep web.
Anything-illegal-goXWofuzyR6b.onion > Dark web.
Correct me if I’m wrong.

Not all dark web ends with .onion for example their are i2p so deep web>dark net>dark web you should go to wikipedia for more info

1 Like