I've just finished successfully a Proof-of-Concept to implement anonymization at server level. I would be please if you guys can review this approach and extend it and/or show me the caveats ;-)
The rough picture is assuming someone somehow injected bad code into a seized site to get hands on visitor infos collected out of HTTP Request/Response (visitor not capable of setting up privoxy the right way or even socksing directly into tor). To protect I've: - setup one HiddenService (aaaVisible.onion) that connects to intercepting privoxy (IPr) - setup 2nd HiddenService (bbbDblHidden.onion) only accepting from (IPr) - setup IPr to rewrite aaaVisible.onion to bbbDblHidden.onion removing bad stuff from Req./Resp. This makes the Service double Hidden, more difficult to hack into it, redirect-able and protects dump visitors against revealing information (fingerprints). Client <-> Tor <-> Tor:HS <-> Privoxy <-> Tor <-> Tor:HS <-> (STunnel <->) Service The STunnel is used to move the IPv4 Service away from the HiddenService declaration and optional but recommended. Also Service is only allowed to "speak" to STunnel and has no Internet access. To check-out this on a single server w/o STunnel do this (named onion-links ARE AN EXAMPLE ONLY): Get Tor and Privoxy up'n'running like a normal Tor-Entry-Point. Modify /etc/tor/torrc: HiddenServiceDir /var/lib/tor/onion_relay/ HiddenServicePort 80 127.0.0.1:8118 HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 <http://127.0.0.1/> Do on the shell /etc/init.d/tor restart or in arm do x x to sighup tor. As AN EXAMPLE this gives mr2t4bnopbqy2ql7.onion => "Onion-Relay" cmt6wblsm36iuoqn.onion => "HiddenService" Prepare the Service (here Apache2): Create /etc/apache/sites-available/tor <VirtualHost *:80> ServerAdmin root@cmt6wblsm36iuoqn.onion ServerName cmt6wblsm36iuoqn.onion DocumentRoot /var/www/tor <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/tor> Options Indexes FollowSymLinks MultiViews AllowOverride None SetEnvIf X-Onion-Relay-Passphrase JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs ONION_RELAY_AUTH Order Deny,Allow Deny from All Allow from env=ONION_RELAY_AUTH </Directory> ErrorLog ${APACHE_LOG_DIR}/tor-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/tor-access.log combined </VirtualHost> Do on the shell mkdir /var/www/tor echo '<html><body><h1>cmt6wblsm36iuoqn.onion</h1> \ <img src="http://cmt6wblsm36iuoqn.onion/x.jpg";></body></html>' \ > /var/www/tor/index.html cp some-nice-jpg-file.jpg /var/www/tor/x.jpg cd /etc/apache/sites-enabled ln -s ../sites-available/tor 001-tor /etc/init.d/apache2 restart Prepare Privoxy In /etc/privoxy/config: accept-intercepted-requests 1 In /etc/privoxy/user.action: { \ +hide-user-agent{Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 (Tor Browser Bundle)} \ +hide-accept-language{en-us,en;q=0,5} \ } / { \ +server-header-filter{server-ident-rewrite} \ +client-header-filter{onion-request-rewrite} \ +filter{onion-response-rewrite} \ +add-header{X-Onion-Relay-Passphrase: JeoyuXm0xyRgjcAylh6bSfckZRlhWIJs} \ } mr2t4bnopbqy2ql7.onion In /etc/privoxy/user.filter: SERVER-HEADER-FILTER: server-ident-rewrite Replace Server Ident String s@^(Server:)\s*.*$@$1 Http/1.1@i CLIENT-HEADER-FILTER: onion-request-rewrite Replace x.onion with y.onion s@^(Host:)\s*mr2t4bnopbqy2ql7.onion$@$1 cmt6wblsm36iuoqn.onion@i FILTER: onion-response-rewrite Replace y.onion with x.onion s/cmt6wblsm36iuoqn\.onion/mr2t4bnopbqy2ql7.onion/ig Do on the shell /etc/init.d/privoxy restart Try in the browser: HiddenService direct: cmt6wblsm36iuoqn.onion => 403 Forbidden HiddenService indirect by privory onion-rewrite: mr2t4bnopbqy2ql7.onion => the Result from cmt6wblsm36iuoqn.onion Have a look on the Response Headers (e.g. Firefox Plugin WebDeveloper => Information => Response Header) and you see Server: Apache/2.2.22 (Ubuntu) is replaced by Server: Http/1.1. Also do modify index-file in web-root to show Request-Vars like user-agent and accept-language ... here for example response content can be removed to prevent 3rd party JavaScript or Flash injection to the visitor. --- Regards, Manfred Ackermann PGP 0xED5E5F28 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
![http://cmt6wblsm36iuoqn.onion/x.jpg"](http://cmt6wblsm36iuoqn.onion/x.jpg"){kind=link}