Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

Download 2,32 Mb.

Pdf ko'rish

bet	20/57
Sana	01.01.2022
Hajmi	2,32 Mb.
	#289651

1 ... 16 17 18 19 20 21 22 23 ... 57

Bog'liq
Hacklog Volume 1 Anonymity IT Security Ethical Hacking Handbook

Your Geolocation: here you can see the geographical location obtained
from the IP address. It’s approximate and refers to the ISP switch, not to the real
address of the connection user.
•

TorDNSEL: here you can check if the “exiting” IP address is part of the
Exit Node list. This is an important item, since it allows you to know whether
the outbound connection has been manipulated or the exit node is identified as
coming from TOR.
•
Local Tor Consensus: no related documentation.
•

Your HTTP-Referer: here you can verify if you are leaving Referer-type
traces. The Referer value allows another website to see where the client comes
from (ex., from a search, a site, a mail, etc.).
•

Your HTTP-Via: shows the value informing the server about the type of
request made via Tor proxy (ex., Via: 1.0 fred, 1.1 inforge.net (Apache/1.2)).
•

Your HTTP-User-Agent: this is the lookup of your browser and operating
system. HTTP-User-Agent can be manipulated, and we will see how to do it in
the next chapter, related to Local Resources.
•

Your HTTP-ACCEPT: here you can see the values accepted by your
browser, in example information about language, cookies, cache, etc.
•

Your HTTP-CONNECTION: reports the browser Connection value.
Usually, you will find the keep-alive value here.
4.1.9 TOR and Deep Web

The TOR network is the most popular tool to access the Deep Web, or, better,
the TOR Deep Web. Without it, your browser cannot resolve domains with
.onion extension, e.g. websites hosted by servers and computers connected to
TOR.
4.1.9.1 Where to find .onion sites?
Good question. Where do you go when you look for something? Google, of
course! As I mentioned before, however, Google (as well as Bing, Yahoo and
whatnot) is the black death for anyone wishing to stay anonymous. What to do,
then?
The first step an aspiring deepnaut should take is getting the The Hidden
Wiki, a Wikipedia-like page gathering some of the top .onion sites available. In
order to find the Hidden Wiki, just googl... ehm... look up the keyword “The
Hidden Wiki” on a search engine and get to some site – with a certain authority,
if possible – so you can obtain a .onion address like the following:
http://zqktlwi4fecvo6ri.onion (currently, it is the active one, but it may go down)
or even websites in the clearnet.
About the Hidden Wiki: you can find many versions around. The most
popular are the “ion” ones, although they are quite outdated. Alternatively to the
official one, you can also find the “Mirror Version”, which is the most complete
wiki. As a third choice, instead, you can get the HackBlock’s Hidden Wiki that
can be updated by the community (careful what you look for, anyway). Dozens
of wikis are created (and closed) everyday, therefore you have to be patient and
use a good search engine.

4.1.10 Is the TOR network really safe??
In years, the TOR Project gained a certain popularity in the Internet world,
and now is acknowledged as the premium anonymous network. Some
newspapers acclaimed it as the “perfect tool for anonymous navigation”, slightly
distorting the truth applicable to all software: “perfection doesn’t exist”
TOR is all but perfect: it’s still a piece of software, a program made by
humans that can make mistakes. Furthermore, it has been violated: helped by
external researches funded by the Department of Defense, FBI compromised the
circuit between 01/30/20014 and 07/04/2014, monitoring hundreds of thousands
of connections (and shutting off Silk Road too). One year earlier, FBI also
arrested an Irish child-abuser by leveraging a bug in Firefox 17, the same version
used by Tor Browser.
The latest attack was in 2015, when a university received 1 million dollars to
sabotage TOR network
[44]
. We will cover it shortly

Download 2,32 Mb.

Do'stlaringiz bilan baham:

1 ... 16 17 18 19 20 21 22 23 ... 57