Nothing special, they try to infect the machine using browser exploits
while the victim surfs without Tor. The malware then manually installs
an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
evilguys.com:9050, which does ssl interception with that installed ssl
cert. At the time o
Hello,
how would this method work if an infected client tries to visit a hidden
service?
Regards,
Chloe
aka skrev den 7/7/2015 16:52:
Nothing special, they try to infect the machine using browser exploits
while the victim surfs without Tor. The malware then manually installs
an ssl cert and
The browser would send a socks5 connect request to the hacking team
proxy server, which would connect to the real hidden service and
transparently proxy the content to the browser. If the hidden service
had an SSL connection (like facebook hs), it would try to MITM with the
installed cert.
The infe
On 7/7/15, chloe wrote:
> ...
> how would this method work if an infected client tries to visit a hidden
> service?
there are at least three common ways:
1. using an evil proxy, as directed above. they install a rogue CA so
they can sign for any SSL/TLS required. this works for hidden
services
