Skip to content

Instantly share code, notes, and snippets.

Created Oct 18, 2019
What would you like to do?

De-anonymising Tor users

An incomplete history of attacks

Operation Pacifier (2015)

  • Watering hole attack against "Playpen" onion site
  • Believed to exploit a vulnerability in Firefox
  • FBI chose to drop case rather than reveal details of technique

CMU SEI (2014)

  • Traffic confirmation attack
  • Operated relays which injected and observed RELAY_EARLY cells
  • Subject of a canceled Black Hat talk

Freedom Hosting (2013)

  • Watering hole attack against commandeered onion site hosting service
  • Used CVE-2013-1690 which was already patched in Tor Browser (based on Firefox 17 ESR) at the time

Operation Torpedo (2012)

  • Watering hole attack against "PedoBoard", "PedoBook" and "TB2" onion sites
  • Took advantage of browsers automatically running Flash embeds (not the default setting in Tor Browser)
  • Based on the Metasploit Decloaking Engine
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment