undefined | Better HN

0 pointscyphar6y ago0 comments

That is a pretty neat attack, but I disagree it would be useful against Tor.

DNS traffic is funneled through a different Tor circuit than the web traffic. You'd need to apply the bad DNS to all users, which would almost certainly in your exit node being dropped from the network.

I'm also not sure how this would be handled with HSTS preload lists -- HSTS preload applies to all subdomains so you'd need to come up with a completely different domain (and protections against homograph attacks mean that avenue is restricted). It'd probably be simpler to just set up an actual website with LetsEncrypt than to bother with stripping the TLS in this manner.

0 comments

throwaway66hack6y ago

You are right. With different Tor circuits, the attacker needs to control a lot of exit nodes to correlate the initial HTTP request to ssl-stripped page and the DNS query (to be a global adversary).

j / k navigate · click thread line to collapse

0 pointscyphar6y ago0 comments

That is a pretty neat attack, but I disagree it would be useful against Tor.

0 comments

throwaway66hack6y ago

You are right. With different Tor circuits, the attacker needs to control a lot of exit nodes to correlate the initial HTTP request to ssl-stripped page and the DNS query (to be a global adversary).

j / k navigate · click thread line to collapse