This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

Last update: Nov 09, 2022

Related tags

Security related resources trustor-poc

Overview

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

NOTE: This PoC is NOT fit for general use and not meant to be used by end-users!

This limited version only selects exit relays and leaves other positions unchanged. It supports a max_depth of 0 only (no recusion to find trusted operators).

this PoC performs the following steps

reads the trust configuration and validation cache
connects to a local tor client via it's ControlPort to find relays claiming to be from a trusted operator
validates claims via HTTPS (routed via tor) or DNS including DNSSEC check (can also be routed via tor but requires dnscrypt-proxy)
writes a validation cache to disk
configures the local tor client (non-persistently) to only use exits from trusted operators that passed the validation steps

requirements

a local tor client must be running (see sample torrc file)
dnssec-root-trust must contain the DNSSEC Root Trust Anchor (IANA)
local dnscrypt-proxy daemon, configured to route (encrypted) DNS via tor's SOCKSPort

force_tcp = true

proxy = 'socks5://127.0.0.1:9050'

...

configuration

this PoC comes with an empty trust_config file, users need to add entries (example)
dnscrypt-proxy is expected to listen on 127.0.2.1:53 otherwise configure the IP address in the resolv.conf file
generate a password hash via tor --hash-password randomstringgoeshere and paste it into the torrc config (or use ControlSocket instead)
add the plaintext password to the controller_password= line in the script
torcontactinfoparser needs to be installed manually
on debian pyunbound is in the python3-unbound package

used libraries

stem
torcontactinfoparser
pyunbound for DNSSEC validation
requests (with pysocks support)
urllib

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

Related tags

Overview

this PoC performs the following steps

requirements

configuration

used libraries

Owner

Gefilte Fish GMail filter creator

Mass Check Vulnerable Log4j CVE-2021-44228

Scan publicly accessible assets on your AWS cloud environment

Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

CVE-2021-43798Exp多线程批量验证脚本

Bandit is a tool designed to find common security issues in Python code.

Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

Installation of hacking tools

Northwave Log4j CVE-2021-44228 checker

Security audit Python project dependencies against security advisory databases.

Python program that generates secure passwords.

Attack SQL Server through gopher protocol

cve-2021-21985 exploit

#whois it? Let's find out!

ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

A simple automatic tool for finding vulnerable log4j hosts

A simple way to store your passwords without requiring third party applications

Argument Injection in Dragonfly Ruby Gem

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE