> This sequence of events got me thinking; the exit node queries servers on > the behalf of the Tor Browser. Some sites simply cannot be connected to via > HTTPS. Thus, the exit node must query the site requested in HTTP, which can > be modified in transit. If done, what form of protections could a MitM do > between the site and the exit node bypass by, say, inserting a CSS document > that references an external JS script to force a query from the browser?
Such an attacker could insert some JS or cookies etc. to track a user around the web or more dangerous attacks like stealing user data. The possibilities of JS are far-reaching. In the worst case scenario, JS can be used to exploit a user's device and gain priviliges within the OS. Such an attack has just been discovered last month on this mailing list right here. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk