Re: [tor-talk] Self-deleting scripts in http connections

2016-12-21 Thread Allen
http://www.digitaltrends.com/computing/firefox-tor-vulnerability/ On Wed, Dec 21, 2016 at 3:09 PM, Joe Btfsplk wrote: > > > On 12/8/2016 7:10 AM, Jonathan Marquardt wrote: >> >> >> Such an attacker could insert some JS or cookies etc. to track a user >> around >> the web or more dangerous attacks

Re: [tor-talk] Self-deleting scripts in http connections

2016-12-21 Thread Joe Btfsplk
On 12/8/2016 7:10 AM, Jonathan Marquardt wrote: Such an attacker could insert some JS or cookies etc. to track a user around the web or more dangerous attacks like stealing user data. The possibilities of JS are far-reaching. In the worst case scenario, JS can be used to exploit a user's devic

Re: [tor-talk] Self-deleting scripts in http connections

2016-12-08 Thread Jonathan Marquardt
> This sequence of events got me thinking; the exit node queries servers on > the behalf of the Tor Browser. Some sites simply cannot be connected to via > HTTPS. Thus, the exit node must query the site requested in HTTP, which can > be modified in transit. If done, what form of protections could a

Re: [tor-talk] Self-deleting scripts in http connections

2016-12-06 Thread Rythyrix
My apologies for lateness, had to life and determine the source of this script. A) I don't know the exit node I used in Tor, nor does it appear to be relevant, in this case, because B) I apologize for being unclear before, I was using Firefox, not Tor Browser, and C) Found the source of th

Re: [tor-talk] Self-deleting scripts in http connections

2016-12-02 Thread Jonathan Marquardt
On Fri, Dec 02, 2016 at 08:47:11PM -0800, Rythyrix wrote: > Greetings, all. > > Recently, as I was browsing over to coppersurfer dot tk , I on a whim opened > up Firefox's Element Inspector (right click -> Inspect Element (Q)) . > Imagine my surprise when I find a script before the title tag. (see

[tor-talk] Self-deleting scripts in http connections

2016-12-02 Thread Rythyrix
Greetings, all. Recently, as I was browsing over to coppersurfer dot tk , I on a whim opened up Firefox's Element Inspector (right click -> Inspect Element (Q)) . Imagine my surprise when I find a script before the title tag. (see pastebin HNqsDsq2 for sourcedump). Given that I have NoScript