Wrong digital certificate configuration will expose the real server address of the dark web site
The original intention of onion routing is to remain anonymised and isolated from the standard Internet, and these are not easily discovered and accessed.
Of course, even if there are many websites on the dark network that focus on security, they will use encrypted transmission. After the encryption transmission is deployed, it can prevent hijacking by the man-in-the-middle attack.
However, it is straightforward to make mistakes when configuring encrypted transmissions. This fatal error will cause websites based on onion routing to expose real server addresses.
Privacy is not available after the address is leaked:
Many websites use the onion network to be reluctant to expose the real server address, but some researchers have found that many dark sites have configuration errors.
If you follow my article you can set up automated ingestion of non v3 Tor hidden service addresses. This will allow you to get new onion addresses as they are setup and announced to thr hsdira (the equivalent of dns servers within Tor):https://t.co/wr1uUanHQ1 https://t.co/6yiQJUh5GW
— Yonathan Klijnsma (@ydklijnsma) September 4, 2018
According to the onion routing and onion browser, after the connection is successful, the local port will be monitored to accept the confusing data traffic from all over the world.
However, many dark websites use the default configuration on the reverse proxy server to listen to all addresses instead of local addresses only when configuring encrypted transport.
This configuration is fine for the surface network and can be used for onion routing, but this configuration error allows everyone to view the certificate information.
Next, you only need to follow the hash information of the digital certificate to find the corresponding server address, and the real server of the dark web site is exposed.
Unknown so eat melons think this is the route of attacking onions:
Proponents of the dark network believe that this analysis report is attacking onion routing because too many dark websites have this fatal configuration error.
But the researchers believe that this situation is only for the better development of onion routing, the problem is to allow the Dark Web site to fix configuration errors as early as possible.
Even if the researchers did not publish the investigation report, I believe that others will find this problem, so there is no problem in opening the vulnerability as soon as possible.
