7

Let's say I am browsing the Internet using Tor - visiting https://example.com/login.php - and the NSA is operating the Tor exit node which I am currently routed to use.

Can that NSA exit relay swap the HTTPS certificate with their own (and then assume that I accept it, either manually or automatically), capturing or modifying all traffic I receive and give to example.com - just like a proxy, your employer, or your ISP can?

Or is directly browsing a HTTPS site on Tor immune to such an 'exit node MITM' attack - and only unencrypted packets can ever be seen or modified by them?

(N.b. I use HTTP Nowhere to mitigate against vulnerabilities like sslstrip - so I am only talking about the specific scenario of exit node replacing certificates on-the-fly to decrypt the traffic themselves, assuming again that I accept their certificate by whatever means that occurs.)

1 Answers1

7

Somebody owning a Tor exit node can sniff and modify any traffic. This includes of course also man-in-the-middle attacks against HTTPS connections. This is not only theoretical attack but used in practice, see https://trac.torproject.org/projects/tor/ticket/8657. See also How safe is Tor from MITM/snooping attacks? for a more detailed answer.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • 1
    Thanks. Well, on top of making sure you know when a certificate is not verified in the normal way, one can take precautions like using a [VPN inside Tor](https://www.whonix.org/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor) for the odd HTTPS clearnet activity that you simply can't afford trusting your current exit node not to MITM to decrypt or modify, change browsing behavior (or accounts) to be more disposable in nature on Tor and just remember that if you're not careful it could be read so to keep things as disposable as possible, and then I guess, refreshing circuits as much as you need too. –  Jan 18 '15 at 12:46
  • 1
    If you really have secrets worth of stealing it is not enough to maintain only cyber security, see http://xkcd.com/538/ – Steffen Ullrich Jan 18 '15 at 13:23
  • @SteffenUllrich - Pretty much the grain of truth at the heart of it, as long as humans have to interact with encryption, there's always an end run around it. – Fiasco Labs Jan 18 '15 at 19:07
  • Death by $5 wrench: the threat model that indeed looms over us all... –  Jan 19 '15 at 02:11