
Smart detection for passive sniffing in the Tor-network - dotchloe
https://chloe.re/2016/06/16/badonions/
======
click170
If someone just has tcpdump running this won't catch them unless they actually
try to use the links or credentials they retrieved.

I like this, but from the title I expected to be able to detect that tcpdump
is running, akin to what you can do with malformed ARP packets to detect a NIC
in promiscuous mode.

Edit: in case anyone is wondering what I'm talking about -
[http://security.stackexchange.com/questions/3630/how-to-
find...](http://security.stackexchange.com/questions/3630/how-to-find-out-
that-a-nic-is-in-promiscuous-mode-on-a-lan)

------
tlrobinson
Tor should really just detect and block (or warn + prompt the user to allow)
unencrypted connections. If you're using Tor you probably also want end-to-end
encryption.

~~~
hueving
That's the responsibility of a browser plugin. tor itself is a low-level
packet relay so it's not really up to it to determine whether or not traffic
is encrypted already.

~~~
flashman
I don't think so. Tor could make the address bar red when you're on a non-
HTTPS connection, for instance, warning you that any information transmitted
can be sniffed by the exit node.

~~~
sp332
That's the "Tor browser" which is just a modified Firefox. That's not the Tor
network.

~~~
peteretep
Respectfully, that's not how most users view it, and that's the important
thing.

~~~
Cakez0r
[Citation Needed]

~~~
unionpivo
Why ?

You goolge tor, and end up on
[https://www.torproject.org/](https://www.torproject.org/) You click download
and it offers you Tor browser.

Seems self explanatory.

